But the social media giant said no user information was compromised by the infiltration.
Facebook said on its security blog yesterday that it discovered in January that its system had been targeted. The company did not say why it waited until the afternoon before an American holiday weekend to inform its users.
The company did not identify a suspected origin of its hacking incident, but provided a few details about how it apparently happened.
The security lapse was traced to a handful of employees who visited a mobile software developer's website that had been compromised, which led to malware being installed on the workers' laptops.
The PCs were infected even though they were supposed to be protected by the latest anti-virus software and were equipped with other up-to-date protection.
Facebook linked part of the problem to a security hole in the Java software that triggered a safety alert from the US Department of Homeland Security last month.
The government agency advised computer users to disable Java on their machines because of a weakness that could be exploited by hackers.
Facebook said it had found no evidence that user data was compromised.
The company said it had fixed the infected machines, informed law enforcement authorities and an investigation was under way.
Oracle, the owner of Java, has since issued a security patch that it says has fixed the problem. In its post, Facebook said it received the Java fix two weeks ago.
Facebook also said it was not the only company targeted in the attacks but was one of the first to discover it.
"We are working continuously and closely with our own internal engineering teams, with security teams at other companies, and with law enforcement authorities to learn everything we can about the attack, and how to prevent similar incidents in the future," Facebook said on its website.
Ironically, the attack is a demonstration of the shady side of the hacking culture that Facebook chief executive Mark Zuckerberg celebrates.
Facebook never mentioned the word "hack" in describing the breach. That, no doubt, was by design because hacking is a good thing in Mr Zuckerberg's vernacular.
To most people, hacking conjures images of malevolent behaviour by intruders listening to private voicemails and villains crippling websites or breaking into email accounts.
Mr Zuckerberg provided his interpretation of the word in a manifesto, The Hacker Way, that he included in the documents that the company filed for its initial public offering of stock last year.
"The word 'hacker' has an unfairly negative connotation from being portrayed in the media as people who break into computers," Mr Zuckerberg wrote.
"In reality, hacking just means building something quickly or testing the boundaries of what can be done."
The main building at Facebook's Menlo Park, California, headquarters lists its address as 1 Hacker Way. From there, Facebook serves as the gatekeeper for billions of potentially embarrassing photos and messages that get posted each month.
Yesterday's unsettling revelation is the latest breach to expose the digital cracks in a society and an economy that is storing an ever-growing volume of personal and business data online.
This time, at least, that material did not get swept up in the digital break-in that Facebook said it discovered last month.
It was a sophisticated attack that also hit other companies, according to Facebook, which did not identify the targets.
Twitter acknowledged being hacked earlier this month. In that security breakdown, Twitter warned that the attackers may have stolen user names, email addresses and encrypted passwords belonging to 250,000 of the more-than 200 million accounts set up on its service.
Late last month, both the New York Times and The Wall Street Journal - two of the three largest US newspapers - said they were hit by China-based hackers believed to be interested in monitoring media coverage of topics that the Chinese government deemed important.
Contextual targeting label:
