Facebook does not think hackers have accessed third-party sites


Here's why it's so hard to leave Facebook

Facebook claims to have found no evidence "so far" that its attackers accessed third-party sites through Facebook Login.

This is a piece of good news about a massive data breach that the company first revealed last week. Hackers have accessed more than 50 million accounts in the biggest violation of this type of Facebook network.

"We have now analyzed our logs for all third-party applications installed or connected during the attack discovered last week.This investigation has for the moment revealed no evidence that attackers have accessed applications via Facebook Login. " said Guy Rosen of Facebook in a statement.

Friday, Facebook (FB) announced that unknown attackers had exploited a vulnerability to access the accounts. They could see Facebook profiles of other people as if they were the owners of the accounts. For example, they could see profiles and updates of their friends.

Facebook announced the closing of the loophole on Thursday night, but 90 million users were forced out of their accounts as a precaution.

The attackers stole "access tokens" on Facebook, which allow a person to stay connected to his Facebook account for long periods. Facebook has reset the 50 million chips, as well as tokens for 40 million additional people who had used the "view as" feature over the past year as a precautionary measure.

During a call about hacking last week, Rosen said the attackers would also have been able to access third-party sites using Facebook Login, but that the company had found no evidence of this.

Hundreds of sites and apps, including Tinder, Spotify and Airbnb, use Facebook Login, which allows users to access services with their Facebook username and password. Earlier this week, developers were perplexed as to whether their services had been exposed to Facebook hacking.

The company said partners following Facebook's "best practices" were automatically protected. Some developers may not have followed these rules and could have put their users at risk.

"We are sorry that this attack took place – and we will continue to inform people as we know more," Rosen said.

– Donie O 'Sullivan from CNN contributed to the report.

CNNMoney (San Francisco) First published October 2, 2018 at 19:13 ET