Facebook doesn't think hackers accessed third-party sites
So far, the company hasn't found any evidence that third-party sites were impacted by the attack.
Facebook has said that it does not have any proof "so-far" that attackers accessed other sites via Facebook Login.
There's some good news to report about the massive data breach, which was first revealed by Facebook last week. In the largest breach in Facebook's history, hackers accessed up to 50 million accounts.
We have now analysed our logs to find all third-party applications installed or logged in the time of the attack that we found last week. This investigation has found so far no evidence that the attackers used Facebook Login to access any apps. Guy Rosen, Facebook's Guy Rosen, said in a press release.
Facebook (FB), announced on Friday that unknown attackers exploited a security vulnerability to gain access to accounts. They could view the Facebook profiles of other people as if they owned those accounts. They could, for example, see their friends' updates and profiles.
Facebook claims to have closed the loophole Thursday night. However, 90 million users had their accounts forcedly logged out as a precaution.
The attackers stole Facebook's "access tokens" which allow a user to stay logged in for long periods of time. Facebook reset tokens for all 50,000,000 tokens as well as 40 million additional tokens that were used by people who had used "view as" in the last year.
Rosen told a reporter about the hacking last week that the hackers would have been able access sites of third parties using Facebook Login. However, the company found no evidence to support this.
Facebook Login is used by hundreds of websites and apps, including Tinder and Spotify. It allows users to access services using their Facebook username and passcode. Developers were confused early this week about whether or not their services were exposed by the Facebook hack.
According to Facebook, partners who follow "best practices" on Facebook are automatically protected. Developers who did not follow the rules could have put users at risk.
Rosen said, "We are sorry this attack occurred -- and will continue to keep people updated as we learn more."