Home / Tech News / Featured Tech News / Facebook says third-party apps remain unaffected in recent hack

Facebook says third-party apps remain unaffected in recent hack

Damien Mason October 3, 2018 Featured Tech News

Although it was confirmed that 50 million Facebook users were affected by the recent hack, officials were worried that this number could be significantly higher due to third-party apps linked with the site. Fortunately, the social network has concluded that the attacker didn’t use the same tokens to “log in with Facebook,” stating that third-party data remains uncompromised.

Facebook Login is a handy tool designed to make the user’s life significantly easier. At the click of a button, the social media site allows users to skip over the monotonous details by linking Facebook to supported third-party sites. Unfortunately, these sites also became a potential target the moment Facebook’s “View As” vulnerability was exploited to expose at least 50 million accounts.

Instead of utilising passwords, the attack exploited “access tokens,” allowing them to unlock a profile using what is essentially a “digital key.” These same keys could have been used to easily “log in with Facebook” across 40,000 third-party sites, according to Usenix, however Facebook VP of Product Management Guy Rosen has stated that this doesn’t seem to be the case.

“We’ve had questions about what exactly this attack means for the apps using Facebook Login. We have now analyzed our logs for all third-party apps installed or logged in during the attack we discovered last week. That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login,” explains the post.

“Any developer using our official Facebook SDKs — and all those that have regularly checked the validity of their users’ access tokens – were automatically protected when we reset people’s access tokens.” For sites that don’t follow these requirements, Facebook is currently working on a tool to allow developers to identify apps that have been affected, forcing a log out and reset on their end.

“We’re sorry that this attack happened — and we’ll continue to update people as we find out more,” concludes Rosen.

KitGuru Says: GDPR’s 72-hour disclosure deadline has split people down the middle. On one hand, such vague information in the middle of an investigation causes widespread panic, while on the other, it is likely to hurry investigations in an incredibly transparent manner. Personally, I’m all for being in the know.   

Become a Patron!

Tags

Check Also

AMD might be preparing a Radeon RX 9070 GRE

New rumours suggest AMD might be preparing to expand its RDNA 4 graphics card lineup …

© Copyright 2025, Kitguru.net All Rights Reserved Standard Terms

We've noticed that you are using an ad blocker.

Thank you for visiting KitGuru. Our news and reviews teams work hard to bring you the latest stories and finest, in-depth analysis.

We want to be as informative as possible – and to help our readers make the best buying decisions. The mechanism we use to run our business and pay some of the best journalists in the world, is advertising.

If you want to support KitGuru, then please add www.kitguru.net to your ad blocking whitelist or disable your adblocking software. It really makes a difference and allows us to continue creating the kind of content you really want to read.

It is important you know that we don’t run pop ups, pop unders, audio ads, code tracking ads or anything else that would interfere with the KitGuru experience. Adblockers can actually block some of our free content, such as galleries!