Connect with us

Hi, what are you looking for?

HEADLINES

No evidence attackers accessed any apps using Facebook Login, says exec

Facebook’s investigation on the security attack it announced last week has so far found no evidence that the attackers accessed any apps using Facebook Login, according to the social media giant.

In a post on Facebook last week, Mark Zuckerberg shared that “an attacker exploited a technical vulnerability to steal access tokens that would allow them to log into about 50 million people’s accounts on Facebook. We do not yet know whether these accounts were misused but we are continuing to look into this and will update when we learn more.”

In its latest security update issued on Oct. 2, Guy Rosen, VP of Product Management said that the vulnerability has been fixed and that they have reset the access tokens for a total of 90 million accounts — 50 million that had access tokens stolen and 40 million that were subject to a “View As” look-up in the last year. 

“Resetting the access tokens protected the security of people’s accounts and meant they had to log back in to Facebook or any of their apps that use Facebook Login,” noted Rosen. “We’ve had questions about what exactly this attack means for the apps using Facebook Login. We have now analyzed our logs for all third-party apps installed or logged in during the attack we discovered last week. That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login.”

Advertisement. Scroll to continue reading.

Rosen further noted that any developer using the official Facebook SDKs — and all those that have regularly checked the validity of their users’ access tokens – were automatically protected when people’s access tokens were reset. 

“However, out of an abundance of caution, as some developers may not use our SDKs — or regularly check whether Facebook access tokens are valid — we’re building a tool to enable developers to manually identify the users of their apps who may have been affected, so that they can log them out,” said Rosen.

Facebook recommends developers stick to the Facebook Login security best practices:

  • Use our official Facebook SDKs for Android, iOS and JavaScript — these will automatically check the validity of access tokens on a daily basis and force a fresh login when they are reset by Facebook, protecting the security of users accounts.
  • Use the Graph API to keep information updated regularly and always log users out of apps where error codes show that any Facebook session is invalid.

“We’re sorry that this attack happened — and we’ll continue to update people as we find out more,” said Rosen.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

HEADLINES

On average, a single organization in the Philippines experiences 4,003 attacks per week, significantly higher than the APAC average of 2,870 attacks per week.

White Papers

Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into...

Advertisement