hack2

It’s always stunning when one of the world’s most prominent tech companies gets inflitrated. When several get breached one after another, it’s positively jaw-dropping. But that’s precisely the scenario we’re looking at, with Apple, Facebook and Twitter all falling victim in quick succession to security cracks.

What’s going on here? Well, despite what you might think, these may not be individually targeted attacks. In fact, according to The Wall Street Journal, it looks like the culprit may be one compromised website that the staffers at all these companies visited. It makes sense, considering the site is geared around mobile development. And that’s also what’s scary about this: It’s a forum about mobile development, i.e., the hottest corner of the tech industry right now. In other words, it’s very likely that more companies — not to mention individual professionals and fans — could be affected before the threat is neutralized.

And that’s what makes the revelation dicey. Is it better to keep the URL under wraps, to protect and prevent curious types from hitting it up and possibly running into trouble? Or should the website be publicized, to warn people away from it?

Well, like WSJ, we’re going somewhere in the middle by posting the name: iPhoneDevSdk. If you want the actual URL, it’s not hard to figure out, but we’re not going to link to it, or recommend that anyone go there. So consider yourself warned: It is unclear if the site is now secure, so do yourself a favor and stay away from it. And if you know anyone with a deep interest in mobile development in general, or iPhone development in particular, be sure to spread the word.

Facebook confirmed that its employees had visited the site. Malicious code (injected into the HTML) used an exploit in Oracle’s Java plugin to infect their laptops. This was a recurrent theme, as Apple also noted an exploit in the Java plugin for browsers and issued a security patch for Mac users. For its part, Twitter also warned users to disable Java inside of their browsers.

UPDATE: iPhoneDevSDK believes it has a handle on the situation:

What we’ve learned is that it appears a single administrator account was compromised. The hackers used this account to modify our theme and inject JavaScript into our site. That JavaScript appears to have used a sophisticated, previously unknown exploit to hack into certain user’s computers.

We’re still trying to determine the exploit’s exact timeline and details, but it appears as though it was ended (by the hacker) on January 30, 2013.

As with Facebook, it’s important to stress that we have no reason to believe user data was compromised.

For more, hit up this link.