Just as last quarter was ending, Facebook suffered a massive security breach. Considering Facebook’s reach, its hold on our lives, and recent scandals rocking the company, 50 million compromised accounts is no small number. But it an almost ironic turn of events, the social networking giant has just revealed that third-party apps, which have been one of Facebook’s recent source of headaches, have mostly been safe and that hackers have not accessed at least those apps and sites using Facebook Login.
Just like Google accounts, Facebook accounts are now also being used to sign up for and log into some apps and services. This feature is called Facebook Login and is supposed to make account management not just easier but also safer. But when the Facebook account itself has been compromised, it’s only natural that both users and developers will be worried if those third-party apps have been compromised as well.
Not so, says Facebook. After analyzing their logs, they found no evidence that hackers used the stolen user access tokens to compromise apps and sites. That, it says, is thanks its resetting of access tokens for 90 million Facebook users (50 million were directly affected by the hack). That forced those accounts to be logged out of Facebook and connected apps.
That said, only third-party apps that used Facebook’s Login API were deemed safe. Other third-parties will have to do the checking on their own. Fortunately for them, Facebook is developing a tool that will identify users who may have been affected so that developers can log them out, and hopefully just log them out.
While security breaches have become a trend these past years, it couldn’t have come at a worst time for Facebook. The Cambridge Analytica scandal earlier this year already put into question the company’s ability to protect its users from wayward third-party apps. This incident now raises concerns on whether it can even protect its users directly although it did ironically protect third-party apps this time.