Sunday January 19, 2020
Home Lead Story Hackers Didn&...

Hackers Didn’t Access Any Third-party Apps: Facebook

The privacy watchdog could fine Facebook as much as $1.63 billion for the data breach

0
//
Facebook
Facebook releases Messenger redesign on Android, iOS. Pixabay

Tendering a fresh apology in the data breach that affected 50 million users, Facebook has said that a detailed investigation found no evidence that the hackers accessed any third-party apps using Facebook Login.

In the biggest-ever security breach after Cambridge Analytica scandal, Facebook last week admitted that hackers broke into nearly 50 million users’ accounts by stealing their “access tokens” or digital keys.

“We have now analysed our logs for all third-party apps installed or logged in during the attack we discovered last week. That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login,” Guy Rosen, Vice President of Product Management at Facebook, said in a statement late on Tuesday.

Rosen said Facebook has fixed the vulnerability and reset the access tokens for a total of 90 million accounts — 50 million that had access tokens stolen and 40 million that were subject to a “View As” look-up in 2017.

Facebook
This Feb. 19, 2014, photo shows a Facebook app icon on a smartphone in New York. VOA

“Resetting the access tokens protected the security of people’s accounts and meant they had to log back in to Facebook or any of their apps that use Facebook Login,” the Facebook executive said, adding that “we’re sorry that this attack happened”.

Any developer using official Facebook SDKs — and all those that have regularly checked the validity of their users’ access tokens – were “automatically protected when we reset people’s access tokens”.

“However, out of an abundance of caution, as some developers may not use our SDKs, we’re building a tool to enable developers to manually identify the users of their apps who may have been affected, so that they can log them out,” said Rosen.

Facebook
Facebook, social media. Pixabay

The social media giant recommends developers stick to its Login security best practices like using official Facebook SDKs for Android, iOS and JavaScript, using the Graph API to keep information updated regularly and log users out of apps where error codes show that any Facebook session is invalid.

You May Also Like to Read About- A New Planet Dwarf Planet Discovered Beyond Pluto

Ireland’s Data Protection Commission, which is Facebook’s lead privacy regulator in Europe, has asked Facebook to submit more details in the incident where data of over 50 million users were hacked.

The privacy watchdog could fine Facebook as much as $1.63 billion for the data breach. (IANS)

Next Story

US Judge Orders Facebook to Disclose Malicious Apps’ Data: Report

The social networking giant found that the apps -- primarily social media management and video streaming apps -- retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API (application programming interface)

0
Social Media, Facebook, Authenticity, Posts
The social media application, Facebook is displayed on Apple's App Store, July 30, 2019. VOA

As part of a probe ordered in the wake of the Cambridge Analytica data scandal involving 87 million users, a US judge has ordered Facebook to hand over data of thousands of apps that violated its user privacy.

Facebook admitted last year that it suspended “tens of thousands” of apps for possible privacy violations.

A Massachusetts judge rejected the social networking giant’s attempts to withhold the key details from state investigators, The Washington Post said in a report on Friday.

“We are disappointed that the Massachusetts Attorney General and the Court didn’t fully consider our arguments on well-established law. We are reviewing our options, including appeal,” a Facebook spokesperson Andy Stone was quoted as saying in the report.

Maura Healey, the Democratic Attorney General of Massachusetts, said: “We are pleased that the Court ordered Facebook to tell our office which other app developers may have engaged in conduct like Cambridge Analytica.”

facebook, instant games
FILE – Attendees walk past a Facebook logo during Facebook Inc’s F8 developers conference in San Jose, California, United States. VOA

The state of Massachusetts launched the probe last September after Facebook admitted that it had suspended “tens of thousands” of apps on its platform as a result of its review on privacy practices launched following the scandal involving Cambridge Analytica.

The review, launched in 2018, followed revelations that the political consultancy hijacked personal data on millions of Facebook users and included attorneys, external investigators, data scientists, engineers, policy specialists and others, according to a Facebook statement.

The Cambridge Analytica scandal resulted in a record-breaking, $5 billion fine for Facebook from the US Federal Trade Commission (FTC).

Also Read: I Fall in Love with India Every Time I Return Here: Amazon CEO Jeff Bezos

In November 2019, Facebook revealed that at least 100 app developers may have accessed Facebook users’ data for months, confirming that at least 11 partners “accessed group members’ information in the last 60 days”.

The social networking giant found that the apps — primarily social media management and video streaming apps — retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API (application programming interface). (IANS)