The site's security was breached after a handful of Facebook employees unknowingly visited a website that had been compromised with malicious code.
When a suspicious file was discovered on the company's computers, a forensic investigation was launched and the origin of the file was traced to an employee's laptop.
A further search uncovered other infected computers, but Facebook insists there was no data breach and no passwords or user data were compromised.
The company said in a statement: "Facebook, like every significant Internet service, is frequently targeted by those who want to disrupt or access our data and infrastructure.
"Last month we discovered that our systems had been targeted in a sophisticated attack which occurred when a handful of employees visited a mobile developer website that was compromised.
"After analysing the website we found it was using a 'zero-day' (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware.
"As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day."
There have a number of cyber-attacks on prominent websites recently. Some 250,000 Twitter accounts were potentially compromised after attackers obtained access to their names and email addresses.
The websites of The New York Times, The Washington Post and The Wall Street Journal were also infiltrated by unknown hackers apparently targeting those papers' media coverage of China.
Although Facebook claimed that no user data was compromised, the incident could raise privacy concerns about the vulnerability of personal data stored within the social network.
The company has experienced several privacy rows over the years for the way it handles user data, including a privacy investigation with regulators that was settled in 2011.