On Friday, the Silicon Valley tech firm disclosed that it had detected a security breach in which an as-yet unknown attacker, or attackers, managed to achieve access to tens of millions of users’ accounts by exploiting vulnerabilities in its software system.
But it wasn’t until a second, follow-up conference call with reporters on friday that Facebook acknowledged one of the most alarming components of the incident: Not only did the hackers obtain the ability to access the Facebook accounts of the affected users, they additionally had access to the other service in which someone used their Facebook account to register – together with apps like tinder, Spotify, and Airbnb.
Instagram, that is owned by Facebook, may additionally have been affected.
The revelation drastically widens the potential impact of the hack, putting people’s personal information elsewhere across the web at risk. it’s going to force the various major corporations and startups reliant on Facebook’s login service to audit their own systems for proof of malicious activity as a result.
Tinder, Airbnb, and Spotify – perhaps 3 of the highest-profile tech companies to use Facebook’s login service – didn’t immediately reply to Business Insider’s request for comment.
So what happened? in brief, the attackers found a way to trick Facebook into issuing them “access tokens” – basically, digital keys – that permit them access different users’ accounts as if they were that user. after spotting some uncommon activity earlier this month, Facebook realized what was happening on tuesday evening and subsequently revoked these access tokens before revealing the hack publically on friday – though not before 50 million folks were affected.
These access keys additionally let the attackers theoretically access the other services that somebody used Facebook’s login service to log in to, whether that is dating app tinder, or a niche smartphone game, and gain access to extremely personal data.
It’s not clear whether this has actually occurred – when asked, a Facebook exec said only that the corporate was early in its investigation – but the possibility could force the other companies to undertake their own investigations into the issue.
It’s also not yet clear who is behind the attack on Facebook, or whether the attacks were targeted, and therefore the reason behind it. Facebook has currently patched the vulnerabilities and revoked the compromised access tokens, forcing affected users to log back in (though their passwords haven’t been compromised, the company says) and notifying them regarding the issue.
But there are at least 2 high-profile victims of the hack that we all know about: Facebook ceo Mark Zuckerberg, and COO Sheryl Sandberg. A spokesperson confirmed that the company’s 2 top execs were both among the tens of millions of users affected.