Facebook hack update: Firm says no external app or website was hit – but can't be sure

There is no evidence 'so far' that hackers breached other apps through Facebook Login

Anthony Cuthbertson
Wednesday 03 October 2018 09:37 EDT
Comments
(PA)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Facebook has claimed there is no evidence "so far" that hackers accessed any third-party apps or websites as a result of the huge data breach.

The tech giant revealed last week that hackers stole so-called access tokens to accounts of at least 50 million users. A further 40 million users may also be affected by the attack.

Facebook's vice president of product management Guy Rosen wrote in a blog post on Tuesday that the access tokens had been reset for 90 million affected users.

"We have now analysed our logs for all third-party apps installed or logged in during the attack we discovered last week," Mr Rosen wrote.

"That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login. Any developer using our official Facebook SDKs – and all those that have regularly checked the validity of their users' access tokens – were automatically protected when we reset people's access tokens."

In order to minimise the risks of the security vulnerability, Facebook logged all affected users out as a precaution.

Unfortunately, Mr Rosen admitted that not all Facebook developers use the firm's developer tools, so a tool is being built "to enable developers to manually identify the users of their apps who may have been affected, so that they can log them out."

Following the data breach, hacked Facebook accounts appeared for sale on the dark web, though it was not clear from the vendor's description whether they relate to the hack.

A listing for a hacked Facebook account, selling for around $3 on the Dream Market site on the dark web
A listing for a hacked Facebook account, selling for around $3 on the Dream Market site on the dark web (Screenshot)

The hacked accounts were selling for between $3 and $12 each, with security experts warning that cyber criminals could use the data to commit identity theft or blackmail users with compromising information.

In a post to Facebook last week, Facebook CEO Mark Zuckerberg said: "We face constant attacks from people who want to take over accounts or steal information around the world... The reality is we need to continue developing new tools to prevent this from happening in the first place."

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in