Attackers did not use stolen tokens to access other sites and apps



[ad_1]

Facebook account security

Since the revelation that a "security problem" was allowing hackers to steal access tokens to view people's Facebook accounts, the company provided a new update on the incident. Facebook has already provided an update on the attack, but the investigation has now progressed and the social network is trying to reassure those with understandable concerns about security.

The company claims that attackers have not accessed any application using Facebook Login, the system that connects to other accounts and services with Facebook login information.

See also:

Recalling the fact that he redefined the access token for 90 million accounts – which equates to "50 million people having had stolen access tokens and 40 million having made it". the subject of a View As consultation over the last year "- Facebook states that the vulnerability has now been corrected. But of course, the investigation continues and in his latest update on the incident, the Facebook address concerns concerns about Facebook Login.

In a blog, Guy Rosen, vice president of product management, said:

We have now scanned our logs for any third-party applications installed or connected during the attack discovered last week. This investigation has so far found no evidence that attackers have accessed applications using Facebook Login.

Rosen continues:

Any developer using our official Facebook software development kits – and anyone who regularly checks the validity of their users 'access tokens – is automatically protected when we reset users' access tokens. However, because some developers may not use our development kits (or regularly check the validity of Facebook access tokens), we are building a tool that allows developers to manually identify users of their applications likely to use them. been affected, so that they can disconnect them.

The investigation is continuing and Facebook says it will provide further updates in due course.

[ad_2]
Source link