Facebook doesn’t think hackers accessed third-party sites

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

(CNN Money) — Facebook says it has not found any evidence “so far” that its attackers accessed third-party sites through Facebook Login.

It’s a sliver of good news about a massivedata breach that the company first disclosed last week. Attackers accessed as many as 50 million accounts in the largest such breach of Facebook’s network.

“We have now analyzed our logs for all third-party apps installed or logged during the attack we discovered last week. That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login.” said Facebook’s Guy We’re sorry that this attack happened — and we’ll continue to update people as we find out more. in a statement.

On Friday, Facebook announced unknown attackers had exploited a vulnerability to access the accounts. They were able to view other people’s Facebook profiles as if they were the accounts’ owners. For example, they could see friends’ profiles and updates.

Facebook says it closed the loophole on Thursday night, but 90 million users were forcefully logged out of their accounts as a precaution.

The attackers stole Facebook “access tokens,” which keep a person logged into their Facebook account over long periods. Facebook reset all 50 million tokens, as well as tokens for an additional 40 million people who had used the “view as” feature in the past year as a precautionary step.

During a call about the hack last week, Rosen said the attackers would have also been able to access third-party sites using Facebook Login, but the company had found no evidence of them doing so.

Hundreds of sites and apps including Tinder, Spotify and Airbnb use Facebook Login, which lets people access the services with their Facebook username and password. Early this week, developers were confused about whether their services had been exposed in the Facebook hack.

The company says partners following Facebook “best practices” were automatically protected. Some developers might not have followed those rules, and they could have put their users at risk.

“We’re sorry that this attack happened — and we’ll continue to update people as we find out more,” Rosen said.

Notice: you are using an outdated browser. Microsoft does not recommend using IE as your default browser. Some features on this website, like video and images, might not work properly. For the best experience, please upgrade your browser.