Facebook has recently made a statement regarding the recent data breach that affected up to 50 million accounts on their platform. The company mentioned that they have not found any evidence, so far, that the attackers accessed third-party sites through Facebook Login. This is a bit of good news amidst the chaos caused by the breach.
According to Facebook’s Guy Rosen, they conducted an investigation into all third-party apps installed or logged during the attack and found no evidence of the attackers accessing any apps using Facebook Login. This implies that the breach was contained within Facebook’s network and did not extend to third-party sites.
The attackers were able to exploit a vulnerability that allowed them to access user accounts and view profiles as if they were the actual owners. Facebook took immediate action to close the loophole and reset access tokens for all 50 million affected accounts. An additional 40 million users who had used the “view as” feature in the past year also had their tokens reset as a precautionary measure.
While discussing the hack, Rosen mentioned that the attackers could have potentially accessed third-party sites using Facebook Login, but Facebook has not found any evidence of this activity. Many popular sites and apps such as Tinder, Spotify, and Airbnb use Facebook Login as a way for users to access their services easily.
Facebook assured that partners who followed their best practices were automatically protected from the attack. However, developers who did not adhere to these guidelines may have put their users at risk. The company continues to investigate the breach and promises to keep users updated as they gather more information.
It is unfortunate that this attack occurred, but Facebook is taking steps to address the issue and prevent similar incidents in the future. As more details emerge, users can expect more transparency from the company regarding the breach and its implications.