Facebook says it has found “so far” no evidence that its attackers accessed third-party sites through Facebook Login.
This is good news for Facebook, which just revealed a massive security breach last week. Hackers were able to access as many as 50 million accounts in this massive security breach.
“We analyzed our logs for all third-party applications installed or registered during the attack we discovered last week. This investigation has so far found no evidence that the attackers accessed any applications using Facebook Login,” Facebook’s Guy Rosen said in a statement.
Friday, Facebook (Facebook) Unknown attackers announced that they had exploited a vulnerability to gain access to accounts. They were able to view other people’s Facebook profiles as if they were the owners. For example, they could see their friends’ profiles and updates.
Facebook said it had fixed the flaw Thursday night, but 90 million users were forcibly logged out of their accounts as a precaution.
The hackers stole Facebook “access tokens,” which allow a person to remain logged in to their Facebook account for extended periods of time. Facebook has reset all 50 million tokens, along with the tokens of an additional 40 million people who had used the “view as” feature over the past year, as a precaution.
In a call about the hack last week, Rosen said the attackers could also have accessed third-party sites using Facebook login, but the company had found no evidence that they did so.
Hundreds of sites and apps, including Tinder, Spotify and Airbnb, use Facebook Login, which allows users to access services with their Facebook username and password. Earlier this week, developers were wondering whether their services had been exposed to the Facebook hack.
The company says partners who follow Facebook’s “best practices” are automatically protected. Some developers may not have followed those rules and could have put their users at risk.
“We are sorry that this attack occurred and we will continue to update people as we learn more,” Rosen said.
— CNN’s Donie O’Sullivan contributed reporting.
CNNMoney (San Francisco) First published October 2, 2018 at 7:13 p.m. ET
Cnn
