The owner of a website that was a conduit used by hackers to breach employee computers at both Facebook(s FB) and Apple(s AAPL) has come forward to explain the events that took place last month. Ian Sefferman, co-founder of the iPhoneDevSDK website, said Wednesday in a blog post that he’d found evidence that the targeted attack came from an administrator account on his website that was compromised.
Though Sefferman says he believes the site is no longer infected, it’s safer not to visit the site for now — hence no link. Here’s how MacRumors reported Sefferman’s statement:
We’re still trying to determine the exploit’s exact timeline and details, but it appears as though it was ended (by the hacker) on January 30, 2013.
He says he doesn’t believe any his site’s user data was actually compromised.
AllThingsD was the first to report iPhoneDevSDK’s involvement in the attack.
Both Apple and Facebook blamed Java: each reported recently that some of their employees’ computers were infected by malware from a vulnerability in a Java browser plug-in. Apple has since released a software patch for Java for OS X. Both companies say no user data was stolen.