One of the concerns raised by the recent Facebook hack was whether access tokens might have provided access to third-party apps. The company now says there is ‘no evidence’ that this has happened …

The company’s product management VP made the statement.

We’ve had questions about what exactly this attack means for the apps using Facebook Login. We have now analyzed our logs for all third-party apps installed or logged in during the attack we discovered last week. That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login.

Any developer using our official Facebook SDKs — and all those that have regularly checked the validity of their users’ access tokens – were automatically protected when we reset people’s access tokens.

The company says that it will be taking one further precautionary step.

However, out of an abundance of caution, as some developers may not use our SDKs — or regularly check whether Facebook access tokens are valid — we’re building a tool to enable developers to manually identify the users of their apps who may have been affected, so that they can log them out.

Facebook has still said very little about what the attackers were able to do via the access tokens. It said at the time that its investigation into the Facebook hack was still underway.

Here is the action we have already taken. First, we’ve fixed the vulnerability and informed law enforcement […]

Facebook’s investigation is still underway. While the flaw has been patched, it’s unclear to Facebook if the stolen tokens were used, and if so how many accounts were affected. In any case, Facebook has reset the access tokens for 90 million accounts, which means you may find yourself needing to log back in to the platform.

The company initially feared that the mechanism used may have allowed access to third-party accounts, and while this remains a theoretical possibility, it appears that it hasn’t happened in practice.

Photo: Shutterstock

Check out 9to5Mac on YouTube for more Apple news:

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear