Facebook has released an update on the progress of its investigation into the recent hack, stating that there is no evidence that the attackers have logged into third-party apps that use Facebook Login.
In the announcement, Guy Rosen, Facebook’s vice president of product marketing, wrote that this conclusion was reached after a review of the logs. Facebook Login makes it possible for developers to let users of their software log in with their Facebook account, eliminating the need, for example, to create a separate account. The developers can use an SDK that Facebook makes available for this.
Rosen states that developers using this SDK were safe from the recent attack after Facebook reset the stolen ‘access tokens’, totaling 50 million. Since not every developer uses the official SDK, Facebook wants to come up with a tool that will allow them to check if their users have been affected so that they can log out of this group. In total, Facebook had reset 90 million access tokens, with the additional 40 million being accounts that used the vulnerable View As feature.
The social network recently shared an estimate of the number of affected EU users with the Irish privacy watchdog. It stated that up to 5 million EU users were affected by the recent hack and that it plans to share more precise figures in the future.