The breach, which Facebook said Friday had, stemmed from a vulnerability in Facebook’s “view as” feature, which lets people see what their profiles look like to other people. Attackers exploited code associated with the feature that allowed them to steal “access tokens” that could be used to take over people’s accounts.
“We have now analyzed our logs for all third-party apps installed or logged during the attack we discovered last week,” Guy Rosen, Facebook’s vice president of product management, said in a blog post Tuesday. “That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login.
“Any developer using our official Facebook SDKs — and all those that have regularly checked the validity of their users’ access tokens — were automatically protected when we reset people’s access tokens,” he said.
As a precautionary measure, Facebook logged about 90 million people out of their accounts, the company said.
The social network said Friday that it discovered the attack about a week ago and had already informed the FBI and the Irish Data Protection Commission. Facebook said the investigation is in the early stages and it doesn’t yet know who was behind the attacks.
The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.
Special Reports: CNET’s in-depth features in one place.