Skip to main content

FACEBOOK said, HACKERS did not Access Data of Third-party Apps connected to Facebook. Automated Publishing Via Osuta Yusuf Robot Trigger. When Facebook last weekend disclosed a massive data breach—that compromised access tokens for more than 50 million accounts—many feared that the stolen tokens could have been used to access other third-party services, including Instagram and Tinder, through Facebook login. Good news is that Facebook found no evidence "so far" that proves such claims. In a blog post published Tuesday, Facebook security VP Guy Rosen revealed that investigators "found no evidence" of hackers accessing third-party apps with its "Login with Facebook" feature. "We have now analyzed our logs for all third-party apps installed or logged in during the attack we discovered last week. That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login," Rosen says. This does not mean that the stolen access tokens that had already been revoked by Facebook do not pose any threat to thousands of third-party services using Facebook Login, as the company explains it depends upon how websites validate their users access tokens. Many websites that do not use Facebook's official SDKs to regularly validate their users access tokens could still allow attackers to access users' accounts using revoked access tokens. In order to help such websites, Facebook is building a tool that will enable developers to "manually identify the users of their apps who may have been affected, so that they can log them out." "Any developer using our official Facebook SDKs — and all those that have regularly checked the validity of their users' access tokens – were automatically protected when we reset people's access tokens," Rosen says. While announcing its worst-ever data breach last week, Facebook said unknown hackers had exploited a chain of Vulnerabilities in its code to steal 50 million accounts tokens—digital keys that keep users logged in, so they don't need to re-enter their credentials every time they use the app. The social media giant fixed the issue on Thursday night and forcefully logged 90 million users out of their accounts as a precaution by resetting their access tokens. Even after Facebook announced that it found no evidence of hackers accessing third-party services that use Facebook's single sign-on in the massive attack, some of those services are taking necessary steps to safeguard their users. For example, Uber has precautionarily expired all active Facebook-based login sessions temporarily after the data breach, while the company is still investigating the breach at its end. The social media giant has yet to disclose the attackers responsible for the massive attack, their origins, and the data they may have stolen from the affected 50 million Facebook users. The Irish Data Protection Commission said that less than 10 percent of the 50 million users (which equals to five million users) attacked in the breach are based in the European Union (EU), where Facebook can be fined up to $1.63 billion under the nation's General Data Protection Regulation (GDPR) if it did not find doing enough to protect the security of users.

Automated Publishing Via Osuta Yusuf Robot Trigger.

When Facebook last weekend disclosed a massive data breach—that compromised access tokens for more than 50 million accounts—many feared that the stolen tokens could have been used to access other third-party services, including Instagram and Tinder, through Facebook login.

Good news is that Facebook found no evidence "so far" that proves such claims.

In a blog post published Tuesday, Facebook security VP Guy Rosen revealed that investigators "found no evidence" of hackers accessing third-party apps with its "Login with Facebook" feature.

"We have now analyzed our logs for all third-party apps installed or logged in during the attack we discovered last week. That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login," Rosen says.

This does not mean that the stolen access tokens that had already been revoked by Facebook do not pose any threat to thousands of third-party services using Facebook Login, as the company explains it depends upon how websites validate their users access tokens.

Many websites that do not use Facebook's official SDKs to regularly validate their users access tokens could still allow attackers to access users' accounts using revoked access tokens.

In order to help such websites, Facebook is building a tool that will enable developers to "manually identify the users of their apps who may have been affected, so that they can log them out."

"Any developer using our official Facebook SDKs — and all those that have regularly checked the validity of their users' access tokens – were automatically protected when we reset people's access tokens," Rosen says.

While announcing its worst-ever data breach last week, Facebook said unknown hackers had exploited a chain of Vulnerabilities in its code to steal 50 million accounts tokens—digital keys that keep users logged in, so they don't need to re-enter their credentials every time they use the app.

The social media giant fixed the issue on Thursday night and forcefully logged 90 million users out of their accounts as a precaution by resetting their access tokens.

Even after Facebook announced that it found no evidence of hackers accessing third-party services that use Facebook's single sign-on in the massive attack, some of those services are taking necessary steps to safeguard their users.

For example, Uber has precautionarily expired all active Facebook-based login sessions temporarily after the data breach, while the company is still investigating the breach at its end.

The social media giant has yet to disclose the attackers responsible for the massive attack, their origins, and the data they may have stolen from the affected 50 million Facebook users.

The Irish Data Protection Commission said that less than 10 percent of the 50 million users (which equals to five million users) attacked in the breach are based in the European Union (EU), where Facebook can be fined up to $1.63 billion under the nation's General Data Protection Regulation (GDPR) if it did not find doing enough to protect the security of users.

Comments

Popular posts from this blog

We Bring You Brief Series of Sanctions Against Uganda Government Officials.

📸: Gen Abel Kandiho. On 9-December-2021, USA slapped sanctions against the then CMI Commander Gen Abel Kandiho. 📸: Gen Kale Kayihura. On 9-December-2022, UK slapped sanctions against former Police Boss Gen Kale Kayihura. 📸: Commissioner General of Prisons, Johnson Byabashaija. Again on this 4-December-2023, the same USA has slapped sanctions against Uganda Prisons Commander Johnson Byabashaija over alleged torture and human rights abuses in Prisons across Uganda. We ask, has USA and UK made December as an LCM to slap sanctions against high ranking government officials in Uganda even when the sanctions just remain on paper without deeper investigations to ascertain logical conclusions or remedy to that effect ?. #iip_updates  #Information_is_Power  #we_inform_the_uninformed

How to Host a Website for Free From Your PC or Laptop.

Why pay for a web hosting service when your old computer can do the same thing? Learn how to self-host your site. If you're planning to launch a website but don't want to pay recurring monthly or annual hosting fees, you can use any old laptop or desktop PC to host a website for free. It's a great way to utilize your old system instead of throwing it away. In this guide, we will install and set up services on our 10-year-old laptop to host a WordPress, Joomla, or custom HTML or PHP-based website with a free SSL certificate. MAKEUSEOF VIDEO OF THE DAY Things You Will Need to Host a Website Following are the pre-requisites to host a website for free from home with just your computer: An old laptop or PC running Ubuntu Server. A registered domain name for your website Ethernet cable to connect the laptop or PC to router for reliable and fast connection Step 1: Update and Upgrade the Packages After  installing Ubuntu Server on your computer , execute the following c...

WHERE IS MINISTER OF SEX SIMON LOKODO?. (He deserves a battle of soda from me! Ministe`r esalanga mabee. He is quick to run after Mrs Dr Stella Nyanzi and other Opposition elements. Government aza aza edo zuu vaa kpere bua). Anyway, below is the article! POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit'  Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos. Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.

POLICE OFFICER AKOL ESTHER CHARGED OF BEING A PUBLIC NUISANCE Naughty Officer Officer who embarrassed police after leaking nude photo charged 13.03.2018 She serves in the 'Very Important Persons Protection Unit' Akol Esther  (Courtesy) A female police officer whose nude photo surfaced on social media has been charged of being a public nuisance. Akol Esther serves in the Very Important Persons Protection Unit (VIPPU) of the police force. Kampala Metropolitan Police spokesperson Luke Owoyesigire says  Akol Esther might be demoted or expelled from the police force if found guilty of circulating nude photos . Police court is yet to announce date when Akol Esther is expected to appear for a hearing. This comes at a time when Pornography Control Committee is taking tough measures against persons circulating pornography content. The committee warned and promised to arrest persons who will circulate pornographic content.