NEWS FROM THE LAB - Tuesday, February 19, 2013

Facebook Confirmed: Several Other Companies Hacked Posted by Sean @ 14:38 GMT

Yesterday's post generated some feedback along the lines of "interesting theory". But here's the deal, that other companies were hacked is not a theory — it's a fact. Facebook's Chief Security Officer, Joe Sullivan, said so himself in an interview with Ars Technica.

Facebook Chief Security Officer offers details in exclusive interview.

According to Sullivan, Facebook's security team worked with a third-party to sinkhole the attacker's server — and they discovered traffic coming from several other companies.

These are the domains associated with the Mac malware we wrote about yesterday:

  •  corp-aapl.com
  •  cloudbox-storage.com
  •  digitalinsight-ltd.com

They're all currently pointing to shadowserver.org. And that would be the third-party sinkhole mentioned by Sullivan.

So we ask the question again, just how many other mobile application developers took a drink from the watering hole that nailed Twitter & Facebook? Does "several other companies" mean only a handful of unique connections were made to the sinkhole? Or does it mean Facebook has only been able to identify "several" out of many more connections?

We would like to know: in total, how many unique connections have been made to Shadowserver's sinkhole?

Just a ballpark figure, please.