Facebook Says Hackers Did Not Use Stolen Logins on Third-Party Sites

Advertisement
By Agence France-Presse | Updated: 3 October 2018 11:10 IST
Facebook Says Hackers Did Not Use Stolen Logins on Third-Party Sites

Facebook on Tuesday said hackers who stole digital keys to tens of millions of accounts appear not to have tampered with third-party applications linked to the social network.

Facebook engineers analysed logs of outside applications and found no sign of trouble, according to product management vice president Guy Rosen.

"That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login," Rosen said in a blog post.

Facebook revealed on Friday that up to 50 million accounts were breached by hackers, dealing a blow to its effort to convince users to trust it with their data.

Advertisement

The social network is investigating the extent of harm done when hackers exploited a trio of software flaws to steal "access tokens," the equivalent of digital keys that enable people to automatically log back into the social network.

Facebook chief executive Mark Zuckerberg said engineers discovered the breach on September 25, and had a patch in place two days later.

Advertisement

"We don't know if any accounts were actually misused," Zuckerberg said last week. "This is a serious issue."

Attackers would have been able to meddle with Instagram or Messenger accounts linked to Facebook, but could not have tampered with the social network's WhatsApp messaging service, according to executives.

Advertisement

Facebook said that it noticed an unusual spike in activity on September 16 related to a "view as" feature and determined nine days later that it was malicious.

Hackers took advantage of a "complex interaction" between three software bugs, which required a degree of sophistication, according to Rosen. The vulnerability was created by a change to a video uploading feature in July of 2017.

As a precaution, Facebook took down the "view as" feature - described as a privacy tool to let users see how their profiles look to other people.

Facebook reset the 50 million breached accounts, meaning users needed to sign back in using passwords.

No passwords were taken in the breach, according to Rosen.

Information hackers appeared interested in included names, genders, and home towns, but it was not clear for what purposes, the executives said in a telephone briefing.

The stolen tokens gave hackers complete control of accounts. Facebook is trying to determine whether hackers tampered with posts or messages.

Hackers could have also accessed third-party applications linked to Facebook accounts.

Facebook said it took a precautionary step of resetting "access tokens" for another 40 million accounts where the "view as" was used.

"We're sorry that this attack happened and we'll continue to update people as we find out more," Rosen said.

The breach is the latest privacy embarrassment for Facebook, which earlier this year acknowledged that tens of millions of users had personal data hijacked by Cambridge Analytica, a political firm working for Donald Trump in 2016.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Facebook
Advertisement

Related Stories

Popular Mobile Brands
  1. Vivo Y400 Pro 5G: Everything We Know Ahead of India Launch on June 20
  2. Oppo Reno 14 5G, Reno 14 Pro 5G India Launch Timeline Leaked
  3. Poco F7 5G to Be Equipped With a Snapdragon 8s Gen 4 SoC
  4. Vodafone Idea to Bring Direct-to-Device Satellite Connectivity to India
  5. Vivo T4 Ultra Now Available for Purchase in India: See Price, Offers
  6. BSNL Announces Name of Its 5G Service in India
  7. Infinix Note 50s 5G+ Gets a New RAM and Storage Option in India: See Price
  1. OnePlus Bullets Wireless Z3 With 12.4mm Drivers, Up to 36 Hours of Battery Life Launched in India
  2. Microsoft Planning Thousands More Job Cuts Aimed at Salespeople
  3. Vivo T4 Lite 5G India Launch Date Announced; to Feature MediaTek Dimensity 6300 SoC
  4. Coinbase Launches Stablecoin Payments Service for E-Commerce
  5. Iran Crypto Exchange Nobitex Hit by Hackers, $90 Million Destroyed
  6. Vodafone Idea Partners With AST SpaceMobile to Bring Direct-to-Device Satellite Connectivity to India
  7. Microsoft Said to Be Prepared to Abandon High-Stakes Talks with OpenAI
  8. Stellar Blade's Nintendo Switch 2 Port Reportedly in Development After Successful PC Launch
  9. Vivo X Fold 5 Dimensions Confirmed Ahead of June 25 Launch; Charging Capacity Revealed
  10. Apple's Foldable iPhone to Enter Production Later This Year, Components Not Finalised: Ming-Chi Kuo
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.