Facebook finds no evidence that third-party applications have been affected by piracy | News and reviews

Until now, Facebook has revealed no evidence that third-party apps were also breached during the massive hacking of the social networking site last week.

On Tuesday, the company provided an update on the violation, which stole access to nearly 50 million Facebook accounts. A persistent question was whether third-party applications using Facebook as a connection service were also trapped in hacking.

"We have now analyzed our logs for all third-party applications installed or connected during the attack discovered last week.This investigation has for the moment revealed no evidence that attackers have accessed Apps via Facebook Login, "said Guy Rosen, vice president of Facebook at Facebook. product management, said Tuesday.

Many popular apps such as Tinder, Uber and Airbnb let you all log in via your Facebook account, so you do not have to remember another password. The only problem with this approach is that your Facebook account becomes the main key. In case of violation, you may be at risk of hacking all your connected accounts. According to security researchers, a hacker could use this access to track your car trips on an Uber account or display your private messages on Tinder.

Last Friday, Rosen himself told reporters that the flaw may have affected third-party applications. It is still unclear who launched the attack, but hackers have not looted passwords, but special access tokens for each user account concerned.

"These access tokens allowed someone to use the account as he was the account holder," he said. "This means that they could have access to other third-party applications using the Facebook connection."

In response to hacking, the company has reset access tokens for 90 million users. This would have required people to reconnect to their Facebook accounts and any third-party applications connected to these accounts. Unfortunately, not all apps can verify that an access token for a user has become invalid, Rosen said Tuesday.

To prevent hackers from exploiting access tokens on third-party applications, said Rosen,We are building a tool to allow developers to manually identify users of their applications that may have been affected in order to be able to disconnect them. " Meanwhile, Rosen advises developers to follow Facebook best practices for secure connections, which call for automatic controls on access tokens.