Last week, Facebook disclosed that a data breach affected up to 50 million users of its social network. The news set off alarms all over and concerns about how the stolen data may have been used, or is being used. One possibility is that hackers had used the "Facebook Login" feature to access third-party websites for which users signed in with their Facebook credentials.
Thankfully, there is not yet any evidence that this is the case.
"We analyzed third-party access during the time of the attack we have identified. That investigation has found no evidence that the attackers accessed any apps using Facebook Login," Facebook security VP, Guy Rosen, told the Reuters News Agency.
Facebook set out the possible negative consequences of the data breach in full when it disclosed it last week. This is thought to be due to the European Union's GDPR regulation, which would have imposed heavy penalties on Facebook if it was found to have failed to give a full picture to affected users. However, a side effect of this well-meaning and reasoned regulation is that Facebook painted the worst possible scenario after the disclosure.
For this reason, some security experts have criticized the 72-hour window imposed by GDPR to disclose everything, arguing that it doesn't provide enough time to assess the impact of the breach.
More than 42,000 websites allow users to login using their Facebook account, so the initial revelation that the stolen data could have been used to access those sites sent shockwaves. Alas, at present, there is no evidence that the data was misused in such a way.
Written by: James Delahunty @ 3 Oct 2018 7:04