The recent Facebook hack affecting 50 million accounts directly, and 90 million accounts in all, has truly created a wave of fury among the masses. Apart from WhatsApp, Facebook did not firmly assure the security of any other app since the Facebook hack. In addition to the stolen data, the other risk threatening connected apps was that popular “Login with Facebook” option. However, the social media giant has now confirmed that they found “no evidence” of any Facebook login exploit by the hackers to access third-party apps.
No Evidence Of Facebook Login Exploit
Facebook has recently confirmed that the horrifying hack on millions of accounts didn’t affect any third-parties. The announcement comes amidst the growing noises regarding how this massive breach would affect connected apps.
In simple terms, people expressed their concerns regarding how hackers could exploit the hacked Facebook accounts to access third-party apps and sites. Answering this matter, Facebook confirmed they did not find any Facebook login exploit by hackers to access other sites.
The company explained in a recent news update from Guy Rosen, Vice President At Facebook for Product Management. Explaining why this update became necessary, Rosen stated,
“We’ve had questions about what exactly this attack means for the apps using Facebook Login.”
Initially, they could not answer such questions because investigations had just begun. Nonetheless, Guy Rosen now confirms that they have analyzed this aspect.
“We have now analyzed our logs for all third-party apps installed or logged in during the attack we discovered last week. That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login.”
Regarding The Developers…
Explaining further to clear the doubts in the minds of developers, the post read,
“Any developer using our official Facebook SDKs — and all those that have regularly checked the validity of their users’ access tokens – were automatically protected when we reset people’s access tokens. However, out of an abundance of caution, as some developers may not use our SDKs — or regularly check whether Facebook access tokens are valid — we’re building a tool to enable developers to manually identify the users of their apps who may have been affected, so that they can log them out.”
In addition, he also emphasized for the developers when using Facebook’s official SDK it auto-checks for valid access tokens. Moreover, he also encouraged developers to use Graph API for updated information and to conform to Facebook login best practices for security.
Third-Party Apps Still At Risk… How?
Although, Facebook has confirmed that they did not find any evidence of a Facebook Login exploit for accessing linked apps. One should understand that this statement does not express 100% security. Remember, they said, “investigation has so far found no evidence…”