In an update on its ongoing data breach investigation, Facebook on Tuesday assured the public that so far it has seen no evidence that the attackers leveraged hijacked Facebook accounts to access and compromise users’ third-party app accounts.
“We have now analyzed our logs for all third-party apps installed or logged in during the attack we discovered last week. That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login,” said Guy Rosen, Facebook’s VP of product management, in a new blog post.
In a conference call just this past Friday, Rosen disclosed said that the September 2018 breach that affected nearly 50 million accounts could have impacted the security of various third-party apps and services prior to Facebook resetting users’ stolen access tokens.
Rosen also announced that Facebook is creating a tool that will allow developers — particularly those who don’t use the social media company’s software development kits or regularly check the validity of Facebook access tokens — to “manually identify the users of their apps who may have been affected, so that they can log them out.”