FACEBOOK RECKONS there's "no evidence" that the security breach which exposed the data of 50 million users has impacted third-party apps linked to users' accounts.
The social network noted that there's been no sign of swiped Facebook access tokens being used to automatically log into third-party apps.
"We fixed the vulnerability and we reset the access tokens for a total of 90 million accounts — 50 million that had access tokens stolen and 40 million that were subject to a 'View As" look-up in the last year. Resetting the access tokens protected the security of people's accounts and meant they had to log back into Facebook or any of their apps that use Facebook Login," explained Guy Rose, vice president of product management at Facebook.
"We've had questions about what exactly this attack means for the apps using Facebook Login. We have now analysed our logs for all third-party apps installed or logged in during the attack we discovered last week. That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login."
So it would appear that while Facebook access tokens were nicked, they haven't been put to use by cybercrims. And with the access tokens reset it looks like the swiped tokens will be rendered useless.
Rosen did note that embracing an "abundance of caution", Facebook is building a tool for developers to workout if their app users have been affected by the access token thievery and enable the devs to log affected users out of the third-party apps in order to keep them safe.
All in all the data breach was massive but doesn't seem to have wreaked that much chaos.
But in a year where Facebook accidentally published the private posts of some 14 million users and the aftermath of the Cambridge Analytica data scandal is still being felt, this data exposure is some seriously bad PR for the social network. µ
Slack, hack and crack
A flaw in the protocol affects iOS, macOS and Windows 10
Wig wearer has issue with non-wig-wearer