Facebook Says Hackers Did Not Use Stolen Logins on Third-Party Sites

Advertisement
By Agence France-Presse | Updated: 3 October 2018 11:10 IST
Facebook Says Hackers Did Not Use Stolen Logins on Third-Party Sites

Facebook on Tuesday said hackers who stole digital keys to tens of millions of accounts appear not to have tampered with third-party applications linked to the social network.

Facebook engineers analysed logs of outside applications and found no sign of trouble, according to product management vice president Guy Rosen.

"That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login," Rosen said in a blog post.

Facebook revealed on Friday that up to 50 million accounts were breached by hackers, dealing a blow to its effort to convince users to trust it with their data.

Advertisement

The social network is investigating the extent of harm done when hackers exploited a trio of software flaws to steal "access tokens," the equivalent of digital keys that enable people to automatically log back into the social network.

Facebook chief executive Mark Zuckerberg said engineers discovered the breach on September 25, and had a patch in place two days later.

Advertisement

"We don't know if any accounts were actually misused," Zuckerberg said last week. "This is a serious issue."

Attackers would have been able to meddle with Instagram or Messenger accounts linked to Facebook, but could not have tampered with the social network's WhatsApp messaging service, according to executives.

Advertisement

Facebook said that it noticed an unusual spike in activity on September 16 related to a "view as" feature and determined nine days later that it was malicious.

Hackers took advantage of a "complex interaction" between three software bugs, which required a degree of sophistication, according to Rosen. The vulnerability was created by a change to a video uploading feature in July of 2017.

As a precaution, Facebook took down the "view as" feature - described as a privacy tool to let users see how their profiles look to other people.

Facebook reset the 50 million breached accounts, meaning users needed to sign back in using passwords.

No passwords were taken in the breach, according to Rosen.

Information hackers appeared interested in included names, genders, and home towns, but it was not clear for what purposes, the executives said in a telephone briefing.

The stolen tokens gave hackers complete control of accounts. Facebook is trying to determine whether hackers tampered with posts or messages.

Hackers could have also accessed third-party applications linked to Facebook accounts.

Facebook said it took a precautionary step of resetting "access tokens" for another 40 million accounts where the "view as" was used.

"We're sorry that this attack happened and we'll continue to update people as we find out more," Rosen said.

The breach is the latest privacy embarrassment for Facebook, which earlier this year acknowledged that tens of millions of users had personal data hijacked by Cambridge Analytica, a political firm working for Donald Trump in 2016.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Facebook
Advertisement

Related Stories

Popular Mobile Brands
  1. OnePlus Pad 3 With 12,140mAh Battery Launched in India: Check Features
  2. Our Fault OTT Release Date: When and Where to Watch Final Chapter of Culpables Online?
  3. OnePlus 13s vs iQOO 13: Price in India, Specifications Compared
  4. OnePlus 13s Launched in India: Know Price, Specifications and More
  5. OnePlus 13s Review
  6. Realme GT 7 and GT 7T Review
  7. Redmi Pad 2 With 9,000mAh Battery Launched in Global Markets: See Price
  8. Best Smartphones Under Rs 25,000 in India: Check List
  9. OpenAI's ChatGPT Now Has a Record Mode and Can Connect to Gmail, Outlook
  1. Hugging Face Releases SmolVLA Open Source AI Model For Robotics Workflows
  2. Redmi Pad 2 With 9,000mAh Battery, MediaTek Helio G100 Ultra Chip Launched: Price, Specifications
  3. Alphabet CEO Expects to Keep Hiring Engineers as AI Advances
  4. Amazon Said to Be Preparing to Test Humanoid Robots for Deliveries
  5. Google Doubles Gemini 2.5 Pro Rate Limit for Google AI Pro Subscribers
  6. Apple Said to Have Given iPhone Repair Business to Tata India as Partnership Expands
  7. Huawei Pura 80 Pro, Pura 80 Pro+ Design Teased; Pre-Reservation Begin
  8. Mistral Code AI-Powered Coding Assistant Introduced for Enterprise Developers
  9. Nothing Headphone 1 Launch Date Set for July 1, to Arrive Alongside Nothing Phone 3
  10. Ethereum Foundation Announces Overhauled Treasury Strategy Amid Scaling Push
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.