Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Finds 'No Evidence' Hackers Accessed Connected Apps (techcrunch.com)

Posted by BeauHD on from the scot-free dept.

An anonymous reader quotes a report from TechCrunch: Facebook has said it's found "no evidence" that third-party apps were affected by the data breach it revealed last week. Hackers stole account access tokens on at least 50 million users by exploiting a chain of three vulnerabilities inadvertently introduced by Facebook last year. Another 40 million also may have been affected by the attack. Facebook revoked those tokens -- which keep users logged in when they enter their username and password -- forcing users to log back into the site again. But there was concern that third-party apps, sites and services that rely on Facebook to log in -- like Spotify, Tinder and Instagram -- also may have been affected, prompting companies that use Facebook Login to seek answers from the social networking giant. "We have now analyzed our logs for all third-party apps installed or logged during the attack we discovered last week,â said Guy Rosen, Facebook's vice president of product management, in a blog post. "That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login. Any developer using our official Facebook SDKs -- and all those that have regularly checked the validity of their users' access tokens -- were automatically protected when we reset people's access tokens."

Furthermore, Rosen said that not all developers use Facebook's developer tools, so the social network is "building a tool to enable developers to manually identify the users of their apps who may have been affected, so that they can log them out."

7 of 20 comments (clear)

  1. new batches of Facebook accounts are for sale by Anonymous Coward · · Score: 1

    And yet there are Facebook accounts allegedly from this breach available for sale on the dark web.
    Technically Facebook 'didn't find evidence' of 3rd part app access, but may I point to the front door being left open? No need to enter via a window.
    Facebook account takeover gives access to all the sites that (only) log in using a Facebook account.

  2. I look marvelous! by Anonymous Coward · · Score: 1

    We looked at ourselves and found nothing wrong!

  3. "No evidence" = "we do not even have logs..." by gweihir · · Score: 1

    Just increases the degree of incompetence displayed...

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:"No evidence" = "we do not even have logs..." by gweihir · · Score: 1

      That would be even worse. And hilarious!

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  4. Maybe they left off the word by bobstreo · · Score: 1

    Yet. How fast can they actually check ALL the logs?

    Someone should force them to pay a third party to read their logs, and publish their results.

  5. Why hack? by Vitriol+Angst · · Score: 1

    Is there something worse that hackers could do that isn't a data mining product that Facebook is selling their customers?

    --
    >>"ad space available -- low rates!!!"
  6. Meaning... by Zorro · · Score: 1

    They were quite good hackers probably funded by a Government.