It hasn’t even been a year since their last major scandal, yet Facebook is involved in another major data breach.
Towards the end of September, the social media conglomerate confirmed that at least 50 million of their users’ access tokens were compromised.
After some investigations within the company, one positive finding is that they found no traces of hackers accessing third-party applications through the “Login with Facebook” feature.
Facebook’s VP for Security Guy Rosen said, “We have now analyzed our logs for all third-party apps installed or logged in during the attack we discovered last week. That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login.”
This, however, could have been so much worse as the data breach would have given hackers a way to obtain secret access tokens – which could then be used as a means to steal private user information without the use of a password or two-factor authentication.
The stolen access tokens could still be a threat as third-party services differ in their validation steps when using the Facebook Login feature.
Websites that do not follow Facebook’s official software in validating user access could still let hackers use affected accounts to their advantage.
It hasn’t been a year since the Cambridge Analytica chaos, yet Facebook faces another major data breach scandal
To combat this issue, Facebook is in the process of producing a tool that allows developers to manually filter users of their apps who might have been affected and log them out if needed.
Rosen added, “Any developer using our official Facebook SDKs — and all those that have regularly checked the validity of their users’ access tokens – were automatically protected when we reset people’s access tokens.”
During the outset of the hack, Facebook force logged out 90 million users from their account, resetting their access tokens as a precaution.
Outside of Facebook, other third-party services are taking steps toward providing more security to their users. Uber has deactivated Facebook-based login sessions as a result of the data breach while they look into the hacking on their end.
Facebook hasn’t released any information about the identity or whereabouts of the people behind the substantial attack or specific details about the data affected by it.
According to the Data Protection Commission of Ireland, about 5 million of the affected users were from the European Union. Facebook could be fined approximately $1.63 billion under the General Data Protection Regulation if they are found to not be protecting their users’ security.
One step to gain back control of your account is to change your password to a more secure and unique one. Another one would be to check the security and login settings of your account and log-out existing active sessions after changing your password.
To combat these types of online risks, Trend Micro Maximum Security’s advanced artificial intelligence learning can stop ever-evolving threats in their tracks – ensuring you and your family are safe online.