If you woke up last Friday with no access to your Facebook account and logged out of every device, then this is for you. Facebook has released more information regarding the investigation surrounding last week’s incident.
According to the latest announcement, Facebook was quick to trace the vulnerability which left millions of accounts exposed. By resetting the tokens in all accounts affected, the platform claims that it has managed to keep all users’ info intact. In total, over 90 million accounts were reset — 50 million that had access tokens stolen and 40 million that were subject to a “View As” look-up in the last year.
However, questions still arise about third-party apps using Facebook’s login SDK to offer their services. Facebook has been conducting an investigation to see the extent of damage caused by the hacking incident. According to Guy Rosen, VP of Product Management, “investigation has so far found no evidence that the attackers accessed any apps using Facebook Login.”
Again, resetting the access tokens was paramount in protecting users against bad actors. However, out of an abundance of caution, as some developers may not use Facebook’s SDKs or regularly check whether Facebook access tokens are valid, Facebook is building a tool to enable developers to manually identify the users of their apps who may have been affected, so that they can log them out.