Facebook Says Hackers Haven’t Accessed Third-Party Apps


Facebook, reeling from the latest security data breach that impacted 50 million users, said Tuesday (October 2) hackers didn’t access third-party websites with its single sign-on service.

According to a report in Reuters citing Facebook, the social media giant said it hasn’t found evidence that the hackers accessed users’ other websites through the Facebook login. “We analyzed third-party access during the time of the attack we have identified. That investigation has found no evidence that the attackers accessed any apps using Facebook Logins,” said Guy Rosen, a Facebook vice president overseeing security, in a statement sent to Reuters. Late last week Rosen warned the hackers may have accessed third-party websites and apps. The report noted that some security experts think Facebook may have disclosed a worst case scenario when reporting the hack last week so that it is in compliance with the new European Union privacy rules.  “Interesting impact of the GDPR 72-hour deadline: Companies announcing breaches before investigations are complete,” former senior Facebook chief information security officer Alex Stamos said in a tweet, Reuters pointed out. He went on to say that as a result, “everybody is confused on actual impact, lots of rumors.”

Facebook said on Friday (Sept. 28) that roughly 50 million of its users had their data exposed through an attack on its network. Facebook found that attackers were able to take control of user accounts through a function within the platform’s code, The New York Times reported.

Following the discovery, Facebook had the vulnerability fixed and reached out to authorities. More than 90 million users had to log out of their accounts as a result of the breach, which has been described as a typical measure taken with comprised accounts. “We’re taking it really seriously,” Facebook Chief Executive Mark Zuckerberg told reporters in a conference call at the time. “We have a major security effort at the company that hardens all of our surfaces.” Zuckerberg also told reporters, “I’m glad we found this. But it definitely is an issue that this happened in the first place.”




B2B APIs aren’t just for large enterprises anymore — middle-market firms and SMBs now realize their potential for enabling low-cost access to real-time payments and account data. But those capabilities are only the tip of the API iceberg, says HSBC global head of liquidity and cash management Diane Reyes. In this month’s B2B API Tracker, Reyes explains how the next wave of banking APIs could fight payments fraud and proactively alert middle-market treasurers to investment opportunities.