Facebook Posted a notes on Saturday 16 Feb that they discovered that many engineers laptop was hacked using java-zero-day exploit . it happens when that engineers visited infected mobile developer website
Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day.
Facebook security team discovered attack when they spotted a suspicious domain in Facebook domain , and the request were tracked back to an engineer working on mobile app development projects. Forensic analysis of the files on the laptop led to the discovery of a number of other compromised systems.
Facebook further posted that no user data was compromised and they are investigating about the attack and sharing attack and malware details with other companies as well
Oracle Documentation on bug : http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
and for users :
– Foremost, we have found no evidence that Facebook user data was compromised.