A Glimmer of Hope Emerges from Facebook’s Massive Data Breach
In a rare piece of positive news amidst a devastating cyberattack, Facebook has announced that its investigation has found no evidence of hackers accessing third-party apps using Facebook Login. This comes as a relief, considering the attackers had accessed as many as 50 million accounts, making it the largest breach of Facebook’s network to date.
The social media giant revealed that unknown attackers had exploited a vulnerability, allowing them to view other people’s profiles as if they were the account owners themselves. This meant they could see friends’ profiles, updates, and more. Facebook swiftly closed the loophole, but as a precaution, 90 million users were forcefully logged out of their accounts.
The hackers stole Facebook “access tokens,” which enable users to remain logged in over extended periods. Facebook reset all 50 million compromised tokens, as well as those of an additional 40 million users who had used the “view as” feature in the past year.
During a call about the hack, Facebook’s Guy Rosen stated that the attackers could have accessed third-party sites using Facebook Login, but so far, no evidence of this has been found. Hundreds of sites and apps, including popular services like Tinder, Spotify, and Airbnb, use Facebook Login, which allows users to access these services with their Facebook credentials.
Facebook reassured partners that following its “best practices” would have automatically protected them from the breach. However, some developers may not have adhered to these guidelines, potentially putting their users at risk.
“We apologize for this attack and will continue to update people as we learn more,” Rosen said, emphasizing the company’s commitment to transparency and security.
Leave a Reply