Facebook does not say specifically when the attack happened, but it does assure users in a blog post that it has found "no evidence that Facebook user data was compromised." That means that Facebook does not believe that usernames or passwords from the site were obtained by the hackers. Facebook does not reveal, however, what the attackers were able to see.
When reached by ABC News, Facebook declined to comment on who it believes was responsible for the attack.
Facebook's security team has traced the attack to a website that was visited by Facebook employees. The website installed malware on the employees' laptops, even though they were protected by anti-virus software.
"As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day," Facebook says in its blog post.
Given that the attack came through employee laptops, it is possible that the information compromised was simply what was on their personal computers.
Facebook says the compromise began with a vulnerability in Java, the software used to show much of the content on Web browsers. As a result, the Department of Homeland Security released a statement last month urging computer users to disable the software in browsers.
"We don't know much yet about what was compromised, but Java is used with so many applications the vulnerabilities are designed to take advantage of that," Robert Siciliano, a security expert at the anti-malware firm McAfee, told ABC News. "In this case it was a zero-day vulnerability -- it was a brand-new virus -- that they couldn't protect against."
Facebook's announcement comes after Twitter's announcement on Feb. 1 that 250,000 accounts were compromised in an attack. Twitter required affected users to reset their passwords. The New York Times and the Wall Street Journal's computer systems were infiltrated by Chinese hackers in late January.
Although Facebook user data seems to be safe at this point, this is a good time to make sure you are following basic online safety tips -- reset your passwords regularly, keep your anti-virus software up to date, and stay away from websites that seem questionable.