One of the concerns raised by the recent Facebook hack was whether access tokens might have provided access to third-party apps. The company now says there is ‘no evidence’ that this has happened …
The company’s product management VP made the statement.
The company says that it will be taking one further precautionary step.
Any developer using our official Facebook SDKs — and all those that have regularly checked the validity of their users’ access tokens – were automatically protected when we reset people’s access tokens.
Facebook has still said very little about what the attackers were able to do via the access tokens. It said at the time that its investigation into the Facebook hack was still underway.
The company initially feared that the mechanism used may have allowed access to third-party accounts, and while this remains a theoretical possibility, it appears that it hasn’t happened in practice.
Facebook’s investigation is still underway. While the flaw has been patched, it’s unclear to Facebook if the stolen tokens were used, and if so how many accounts were affected. In any case, Facebook has reset the access tokens for 90 million accounts, which means you may find yourself needing to log back in to the platform.
Photo: Shutterstock