• iPhoneDevSDK and Hacking Incidents: The site apparently responsible for hacks at Facebook, Apple, and Twitter said it wasn't aware of being used to attack visitors until this week. Site admins said in a news post they had no knowledge of the breach and weren't contacted by affected companies. Now working with Facebook's security team.
• How the Breach Happened: A single administrator account was compromised. Hackers used it to modify the theme and inject JavaScript into the site. The JavaScript used a sophisticated, unknown exploit to hack into certain users' computers. It seems the exploit ended on January 30, 2013.
• Precautionary Measures: The site reset forum passwords for all users as a precaution, saying there's no evidence data was taken.
• Attack Techniques: A person with knowledge said all three companies were targeted using the same iPhoneDevSDK page, a "watering hole" attack. Hackers often infect sites frequented by employees of targeted companies.
• Apple's Involvement: Apple didn't explicitly point to iPhoneDevSDK as the site leading to its hack but said it was hacked in the same way as Facebook and hinted at an unnamed "website for software developers" being involved. Apple removed the Java plugin from Mac-compatible browsers in 2012 and blacklisted Java browser plugins this year to prevent exploits. Many users still use Java, putting them at risk. Facebook Chief Security Officer said the attack was injected into the site's HTML and affected engineers with Java enabled.
• Bloomberg Report: Apple, Facebook, and Twitter are three of 40 companies targeted by attackers located in Eastern Europe.