Facebook: No evidence attackers accessed third-party apps

To be safe, Facebook is building a tool to enable developers to manually identify any of their users who may have been affected by the massive security breach.
Written by Stephanie Condon, Senior Writer

Facebook on Tuesday said it's found no evidence that the hackers responsible for last week's massive security breach accessed third-party apps via Facebook Login.

The hackers responsible for the breach, which impacted at least 50 million Facebook users, exploited a vulnerability in Facebook's code to steal access tokens -- digital keys that are used to keep users logged in when they enter their username and password.

Also: Facebook reveals new covert efforts to sway 2018 midterm elections

After the breach, Facebook reset the tokens for 90 million accounts, prompting those users to log back in to Facebook, as well as back into any apps that use Facebook Login.

Also: How political campaigns use big data to get out the vote TechRepublic

In a blog post, Facebook's VP of Product Management Guy Rosen said the company has now analyzed its logs for all third-party apps installed or logged during the attack. There's no evidence so far of breached third-party apps, he said.

Also: Apple News adds dedicated 2018 US midterm elections section CNET

Now that Facebook has reset the tokens, third-party developers should be in the clear -- as long as they were using Facebook's official SDKs and regularly checked the validity of their users' access tokens. But to be sure the issue is resolved for everyone, Facebook is building a tool to enable developers to manually identify any of their users who may have been affected, so they can log them out.

21 other CEOs we'd like to see run for president

Previous and related coverage:

West Virginia to pioneer mobile phone voting in midterm elections (CNET)

The Voatz app is designed for troops serving abroad and uses blockchain tech.

No more interference: Facebook is a building a war room ahead of US midterms

Facebook is planning to establish a physical "war room" designed to bring staff together to find and destroy attempts to meddle with upcoming elections.

Microsoft: We've just messed up Russian plans to attack US 2018 midterm elections

Claiming a win over Russian plans to hack US politicians, Microsoft unveils a new security service to detect attacks expected in the lead-up to the midterms.

These are the House members who voted to extend NSA spying and reject privacy reforms

And nearly all of them are up for re-election later this year.

Related stories:

Editorial standards