Facebook doesn’t think hackers accessed third-party sites

Facebook says it has not found any evidence “so far” that its attackers accessed third-party sites through Facebook Login.

It’s a sliver of good news about a massive data breach that the company first disclosed last week. Attackers accessed as many as 50 million accounts in the largest such breach of Facebook’s network.

“We have now analyzed our logs for all third-party apps installed or logged during the attack we discovered last week. That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login.” said Facebook’s Guy Rosen in a statement.

On Friday, Facebook (FB) announced unknown attackers had exploited a vulnerability to access the accounts. They were able to view other people’s Facebook profiles as if they were the accounts’ owners. For example, they could see friends’ profiles and updates.

Facebook says it closed the loophole on Thursday night, but 90 million users were forcefully logged out of their accounts as a precaution.

The attackers stole Facebook “access tokens,” which keep a person logged into their Facebook account over long periods. Facebook reset all 50 million tokens, as well as tokens for an additional 40 million people who had used the “view as” feature in the past year as a precautionary step.

During a call about the hack last week, Rosen said the attackers would have also been able to access third-party sites using Facebook Login, but the company had found no evidence of them doing so.

Hundreds of sites and apps including Tinder, Spotify and Airbnb use Facebook Login, which lets people access the services with their Facebook username and password. Early this week, developers were confused about whether their services had been exposed in the Facebook hack.

The company says partners following Facebook “best practices” were automatically protected. Some developers might not have followed those rules, and they could have put their users at risk.

“We’re sorry that this attack happened — and we’ll continue to update people as we find out more,” Rosen said.

— CNN’s Donie O’Sullivan contributed reporting.

CNNMoney (San Francisco ) First published October 2, 2018: 7:13 PM ET

For all the latest Business News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TheDailyCheck is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected] The content will be deleted within 24 hours.