Facebook Finds ‘No Evidence’ Hackers Accessed Connected Apps

An anonymous reader quotes a report from TechCrunch: Facebook has said it’s found “no evidence” that third-party apps were affected by the data breach it revealed last week. Hackers stole account access tokens on at least 50 million users by exploiting a chain of three vulnerabilities inadvertently introduced by Facebook last year. Another 40 million also may have been affected by the attack. Facebook revoked those tokens — which keep users logged in when they enter their username and password — forcing users to log back into the site again. But there was concern that third-party apps, sites and services that rely on Facebook to log in — like Spotify, Tinder and Instagram — also may have been affected, prompting companies that use Facebook Login to seek answers from the social networking giant. “We have now analyzed our logs for all third-party apps installed or logged during the attack we discovered last week,รข said Guy Rosen, Facebook’s vice president of product management, in a blog post. “That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login. Any developer using our official Facebook SDKs — and all those that have regularly checked the validity of their users’ access tokens — were automatically protected when we reset people’s access tokens.”

Furthermore, Rosen said that not all developers use Facebook’s developer tools, so the social network is “building a tool to enable developers to manually identify the users of their apps who may have been affected, so that they can log them out.”


Share on Google+

Read more of this story at Slashdot.

Go to Source