0
Facebook on Tuesday said it’s found no evidence that the hackers responsible for last week’s massive security breach accessed third-party apps via Facebook Login.
The hackers responsible for the breach, which impacted at least 50 million Facebook users, exploited a vulnerability in Facebook’s code to steal access tokens — digital keys that are used to keep users logged in when they enter their username and password.
After the breach, Facebook reset the tokens for 90 million accounts, prompting those users to log back in to Facebook, as well as back into any apps that use Facebook Login.
In a blog post, Facebook’s VP of Product Management Guy Rosen said the company has now analyzed its logs for all third-party apps installed or logged during the attack. There’s no evidence so far of breached third-party apps, he said.
Now that Facebook has reset the tokens, third-party developers should be in the clear — as long as they were using Facebook’s official SDKs and regularly checked the validity of their users’ access tokens. But to be sure the issue is resolved for everyone, Facebook is building a tool to enable developers to manually identify any of their users who may have been affected, so they can log them out.
Related Topics:
Social Enterprise
Security TV
Data Management
CXO
Data Centers
0