Facebook has been targeted by hackers in what it said was a sophisticated attack.
But the social media giant said no user information was compromised by the infiltration.
Facebook said on its security blog yesterday that it discovered in January that its system had been targeted. The company did not say why it waited until the afternoon before a holiday weekend to inform its users.
The company did not identify a suspected origin of its hacking incident, but provided a few details about how it apparently happened.
The security lapse was traced to a handful of employees who visited a mobile software developer's website that had been compromised, which led to malware being installed on the workers' laptops.
The PCs were infected even though they were supposed to be protected by the latest anti-virus software and were equipped with other up-to-date protection.
Facebook linked part of the problem to a security hole in the Java software that triggered a safety alert from the US Department of Homeland Security last month.
The government agency advised computer users to disable Java on their machines because of a weakness that could be exploited by hackers.
Facebook said it had found no evidence that user data was compromised.
The company said it had fixed the infected machines, informed law enforcement authorities and an investigation was under way.
Oracle, the owner of Java, has since issued a security patch that it says has fixed the problem. In its post, Facebook said it received the Java fix two weeks ago.
Facebook also said it was not the only company targeted in the attacks but was one of the first to discover it.
"We are working continuously and closely with our own internal engineering teams, with security teams at other companies, and with law enforcement authorities to learn everything we can about the attack, and how to prevent similar incidents in the future," Facebook said on its website.
AP