Facebook: no evidence of access to third-party apps after the attack


                    

Facebook said on Tuesday that there was no evidence that hackers responsible for last week's massive security breach accessed third-party applications via its Facebook Login service. Hackers responsible for the intrusion, which affected at least 50 million Facebook users have exploited a vulnerability in Facebook's code to steal session tokens – digital keys allowing users to stay connected after authentication on the site.Users identified and disconnected from appsAfter the attack, Facebook has reset the tokens of 90 million accounts, inviting these users to reconnect to Facebook, as well as all applications using its Facebook Login technology. In a blog post, Guy Rosen, vice president of management products, said that the company had now reviewed the logs of all installed third-party applications or registered during the attack. There is no evidence to date of violation of third-party applications, he said. Session tokens reset, third-party developers should be immune – as long as they use software development kits ( SDK) and regularly check the validity of the access tokens of their users. However, to be sure that the problem is solved for all, Facebook is developing a tool allowing third-party software publishers to manually identify users. may have been assigned to disconnect them from their session.

Leave a Reply

Your email address will not be published. Required fields are marked *