Facebook (FB) said late Friday is it is investigating what it called a “sophisticated” cyber attack. However, the world’s biggest social network said there is “no evidence” user data were compromised.

The Menlo Park, Calif.-based company said it discovered last month that its systems were targeted “when a handful of employees visited a mobile developer website that was compromised.” The websites installed so-called “mal-ware” on the computers, and Facebook later learned the same software was also installed on other corporate PCs. Facebook said they have all since been patched.

“Facebook, like every significant Internet service, is frequently targeted by those who want to disrupt or access our data and infrastructure,” Facebook said in a blog post. “The vast majority of the time, we are successful in preventing harm before it happens, and our security team works to quickly and effectively investigate and stop abuse.”

The attackers took advantage of an exploit in a program made by Oracle (ORCL) called Java. Java is an application that is widely used by websites, but security flaws have spawned a hailstorm of criticism and prompted several major companies to disable plugins by default.

Facebook is continuing to work with its internal engineers, security teams, other organizations and law enforcement on the issue. The company didn’t specify which agencies or companies it was collaborating with.

Follow Adam Samson on Twitter @adamsamson.