Facebook finds ‘no evidence’ hackers accessed outside apps | Cyber Security
Facebook says its investigation into a hack revealed last week has found “no evidence” that hackers accessed third-party apps.
The breach, which Facebook said Friday had affected 50 million people on the social network, stemmed from a vulnerability in Facebook’s “view as” feature, which lets people see what their profiles look like to other people. Attackers exploited code associated with the feature that allowed them to steal “access tokens” that could be used to take over people’s accounts.
Facebook revoked those tokens but also said the breach could affect third-party apps and services, such as Instagram, Tinder and Spotify.
“We have now analyzed our logs for all third-party apps installed or logged during the attack we discovered last week,” Guy Rosen, Facebook’s vice president of product management, said in a blog post Tuesday. “That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login.
“Any developer using our official Facebook SDKs — and all those that have regularly checked the validity of their users’ access tokens — were automatically protected when we reset people’s access tokens,” he said.
As a precautionary measure, Facebook logged about 90 million people out of their accounts, the company said.
The social network said Friday that it discovered the attack about a week ago and had already informed the FBI and the Irish Data Protection Commission. Facebook said the investigation is in the early stages and it doesn’t yet know who was behind the attacks.
The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.
Special Reports: CNET’s in-depth features in one place.