In the wake of its latest major privacy breach, Facebook says it has so far found no evidence that the attackers accessed any third-party apps using Facebook Login.
Upon detecting the breach, last week -- which exposed at least 50 million user accounts -- Facebook analyzed its logs for all third-party apps installed or logged in during the attack.
The tech titan also claims to have fixed the vulnerability, and reset the access tokens for a total of 90 million accounts -- 50 million that had access tokens stolen, and 40 million that were subject to a “View As” look-up in the last year.
“Resetting the access tokens protected the security of people’s accounts,” Guy Rosen, vice president, product management, Facebook, notes in a new blog post.
Developers using Facebook official SDKs -- and those who regularly check the validity of their users’ access tokens -- were automatically protected when the company reset users’ access tokens, according to Facebook.
To be cautious, however, the company is currently building a tool for developers to manually identify apps that may have been affected, so they can log them out.
Along with potentially upsetting users, Facebook’s latest security breakdown might directly impact its bottom line. European regulators are reportedly considering a fine in the neighborhood of $1.63 billion.
Facebook’s lead European privacy regulator, Ireland’s Data Protection Commission (DPC), made its concerns public over the weekend.
In response, Facebook tweeted: “We’re cooperating fully & will share more info with you as soon as we have it … We take this issue very seriously & are committed to understanding exactly what happened … We’ve also taken immediate action to protect people’s security.”
Moving forward, analysts say Facebook has an enormous responsibility to protect users’ information, due to its immense size.
“The fact that a breach at one company can impact tens of millions of users is troubling,” Jeff Pollard, vice president-principal analyst, Forrester, said last week. “Attackers go where the data is, and that has made Facebook an obvious target.”