Facebook Cyber Attack – evidence not found that attackers have accessed other online services

CTV Services is following the proceedings concerning a big cyber security attack on the World’s most popular social media platform. When Facebook revealed last weekend a massive data security violation that jeopardized access tokens for more than 50 million accounts, many were scared that stolen tokens could be used to access other online services, including Instagram and Tinder.

The good news is that Facebook has so far failed to find any evidence to justify such fears.

Product manager at Facebook, Gai Rouzen, said the investigators “did not find evidence” that hackers had accessed other applications using the “Log in with Facebook” feature. “We analyzed our logs for all third-party applications that were installed or reported during the attacks we detected last week. So far, this investigation has not found any evidence that attackers have accessed any application with Facebook Login,” said Rosen.

Stolen tokens for access that Facebook has already withdrawn still pose a threat to thousands of independent services that use Facebook Login. It solely depends on how websites check the access tokens of their users. To help with such websites, Facebook creates a tool that will allow developers to “manually identify users of their applications that may have been affected so that they can sign out”. Rouzen said that all those who correctly checked the validity of access tokens of their users were automatically protected when they reset the access tokens of users.

Damage Control and Precautionary Measures

By announcing last week’s news of the worst cyber incident that has hit the company so far, Facebook has explained that unknown attackers used a series of vulnerabilities in his code to steal 50 million tokens – digital keys that allow users to remain logged. The social media giant settled the issue on Thursday and canceled 90 million users from their accounts, which was a precautionary measure that involved the cancellation of access tokens.

Even after Facebook announced that it did not find any evidence that hackers are accessing independent services using Facebook’s sign-in service, some of these services are taking the necessary steps to protect their users. For example, Uber prevented all session users from using Facebook to log into Uber, and the company is still investigating the consequences of this attack.

Facebook has yet to disclose the attackers responsible for this attack, their origin and data that may have been stolen from 50 million social network users. The Irish Data Protection Commission said that less than 10% of 50 million users, or about five million users, are from European Union users, where Facebook could be fined with a maximum of $ 1.63 billion according to GDPR, the General Regulation on data protection, if it is found that it did not do enough to protect the safety of its users.