Facebook says no sign recent hack spread to other apps

October 3, 2018
A file illustration picture taken on April 28, 2018 shows the logo of social network Facebook displayed on a screen and reflected on a tablet in Paris. Facebook on October 2 said hackers who stole digital keys to millions of accounts appear not to have tampered with third-party apps

Facebook on Tuesday said hackers who stole digital keys to tens of millions of accounts appear not to have tampered with third-party applications linked to the social network.

Facebook engineers analyzed logs of outside applications and found no sign of trouble, according to product management vice president Guy Rosen.

"That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login," Rosen said in a blog post.

Facebook revealed on Friday that up to 50 million accounts were breached by hackers, dealing a blow to its effort to convince users to trust it with their data.

The social network is investigating the extent of harm done when hackers exploited a trio of software flaws to steal "access tokens," the equivalent of digital keys that enable people to automatically log back into the social network.

Facebook chief executive Mark Zuckerberg said engineers discovered the breach on September 25, and had a patch in place two days later.

"We don't know if any accounts were actually misused," Zuckerberg said last week. "This is a serious issue."

Attackers would have been able to meddle with Instagram or Messenger accounts linked to Facebook, but could not have tampered with the social network's WhatsApp messaging service, according to executives.

Facebook said that it noticed an unusual spike in activity on September 16 related to a "view as" feature and determined nine days later that it was malicious.

Hackers took advantage of a "complex interaction" between three software bugs, which required a degree of sophistication, according to Rosen. The vulnerability was created by a change to a video uploading feature in July of 2017.

As a precaution, Facebook took down the "view as" feature—described as a privacy tool to let users see how their profiles look to other people.

Facebook reset the 50 million breached accounts, meaning users needed to sign back in using passwords.

No passwords were taken in the breach, according to Rosen.

Information hackers appeared interested in included names, genders, and home towns, but it was not clear for what purposes, the executives said in a telephone briefing.

The stolen tokens gave hackers complete control of accounts. Facebook is trying to determine whether hackers tampered with posts or messages.

Hackers could have also accessed third-party applications linked to Facebook accounts.

Facebook said it took a precautionary step of resetting "access tokens" for another 40 million accounts where the "view as" was used.

"We're sorry that this attack happened and we'll continue to update people as we find out more," Rosen said.

The breach is the latest privacy embarrassment for Facebook, which earlier this year acknowledged that tens of millions of users had personal data hijacked by Cambridge Analytica, a political firm working for Donald Trump in 2016.

Explore further: What comes next in Facebook's major data breach

Related Stories

The scandals bedevilling Facebook

September 29, 2018

Facebook is at the centre of controversy yet again after admitting that up to 50 million accounts were breached by hackers.

Recommended for you

Archaeologists discover Incan tomb in Peru

February 16, 2019

Peruvian archaeologists discovered an Incan tomb in the north of the country where an elite member of the pre-Columbian empire was buried, one of the investigators announced Friday.

Where is the universe hiding its missing mass?

February 15, 2019

Astronomers have spent decades looking for something that sounds like it would be hard to miss: about a third of the "normal" matter in the Universe. New results from NASA's Chandra X-ray Observatory may have helped them ...

What rising seas mean for local economies

February 15, 2019

Impacts from climate change are not always easy to see. But for many local businesses in coastal communities across the United States, the evidence is right outside their doors—or in their parking lots.

The friendly extortioner takes it all

February 15, 2019

Cooperating with other people makes many things easier. However, competition is also a characteristic aspect of our society. In their struggle for contracts and positions, people have to be more successful than their competitors ...


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.