[ad_1]
An image of file illustration taken on April 28, 2018 shows the Facebook social network logo displayed on a screen and reflected on a tablet in Paris. On October 2, Facebook reported that hackers who stole digital keys from millions of accounts do not appear to have forged third-party applications
Facebook said on Tuesday that hackers who stole digital keys from tens of millions of accounts did not appear to have tampered with third-party applications related to the social network.
Facebook engineers analyzed the outdoor application logs and found no sign of a problem, according to vice president of product management Guy Rosen.
"This investigation has so far found no evidence that attackers have accessed applications using Facebook Login," Rosen said in a blog post.
Facebook revealed Friday that nearly 50 million accounts had been hacked by hackers, which dealt a blow to its efforts to convince users to trust it with their data.
The social network studies the extent of the damage caused when hackers exploited a set of three software flaws to steal "access tokens", the equivalent of digital keys allowing users to reconnect automatically to the social network.
Facebook chief executive Mark Zuckerberg said engineers discovered the breach on Sept. 25 and set up a fix two days later.
"We do not know if accounts were misused," Zuckerberg said last week. "It's a serious problem."
Attackers could have interfered with Facebook-related Instagram or Messenger accounts, but could not have tampered with the social network's WhatsApp messaging service, executives say.
Facebook said it noticed an unusual increase in its activity on September 16 linked to a "vision as" feature and determined nine days later that it was a malicious activity.
Hackers benefited from a "complex interplay" between three software bugs, which required a degree of sophistication, according to Rosen. The vulnerability was created by a change to a video upload feature in July 2017.
As a precaution, Facebook has defined the "View as" feature, described as a privacy tool that allows users to see what their profiles look like.
Facebook has reset the 50 million hacked accounts, which means that users had to reconnect with the help of passwords.
According to Rosen, no password has been entered into the breach.
Information hackers seemed interested in names, genders and cities of origin, but it was unclear why, say the leaders at a press briefing.
Stolen tokens gave hackers total control of the accounts. Facebook is trying to determine if hackers have tampered with posts or messages.
Hackers could also have access to third-party applications linked to Facebook accounts.
Facebook said it had taken a precautionary step of resetting "access tokens" for 40 million additional accounts on which the "view as" was being used.
"We are sorry that this attack has taken place and we will continue to inform people as we know more," Rosen said.
The breach is the latest privacy breach for Facebook, which acknowledged earlier this year that tens of millions of users had been hijacked by Cambridge Analytica, a political firm working for Donald Trump in 2016.
Explore more:
What comes next in the main data breach of Facebook?
Source link
