Facebook: 'No evidence' third-party apps were accessed after breach 'so far'

Facebook: 'No evidence' third-party apps were accessed after breach 'so far'
© Getty

Facebook said Tuesday that it has not yet found evidence that hackers in the company’s most recent security attack accessed third-party sites of the company’s platform that let users use their Facebook accounts to log in.

The update comes after concerns were raised when Facebook revealed on Friday that users' accounts on apps they had connected to Facebook might have been compromised as a result of its newly revealed breach in which access tokens for 50 million accounts were stolen by hackers.

Companies whose users have the option to create accounts and log in with their Facebook accounts, such as Tinder, Airbnb and Uber, have said that they’re investigating potential breaches as a result, but have yet to find evidence of users being compromised.

“We have now analyzed our logs for all third-party apps installed or logged in during the attack we discovered last week,” wrote Facebook’s vice president of project management Guy Rosen. “That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login.”

As a matter of precaution, Facebook says that it has reset potentially compromised access tokens and automatically logged many users out. Some third-party apps that may have been affected, including Uber, are asking users to log out and then back in on their own.

Rosen said that third-party developers using Facebook’s official software developer kit were automatically protected with the access token reset. He qualified, however, that not all developers use the company’s approved kit.

For these developers, Rosen said that Facebook is “building a tool to enable developers to manually identify the users of their apps who may have been affected so that they can log them out.”

Facebook is still continuing its investigation and the possibility that third-party sites were compromised as a result of the breach remains open.

“We’re sorry that this attack happened — and we’ll continue to update people as we find out more,” he wrote.

The company’s stock has fallen several percentage points since revealing the hack on Friday, however, the worst impacts for Facebook may have yet to come.

Privacy minded lawmakers including Sens. Mark WarnerMark Robert WarnerSenators press IRS chief on stimulus check pitfalls Hillicon Valley: Facebook takes down 'boogaloo' network after pressure | Election security measure pulled from Senate bill | FCC officially designating Huawei, ZTE as threats Overnight Defense: Democrats blast Trump handling of Russian bounty intel | Pentagon leaders set for House hearing July 9 | Trump moves forward with plan for Germany drawdown MORE (D-Va.) and Richard Blumenthal (D-Conn.) have already used the hack to renew their calls for legislation aimed at big technology companies.

Facebook could also face an over $1.6 billion fine from the European Union if it finds that the company violated its in new General Data Protection Regulation rules.