Less than a week after revealing that 50 million Facebook users may have had their accounts compromised by hackers, the company is trying to allay concerns that the massive hack could get even worse.
The worry — which has been raised by a number of security professionals in recent days — is that hackers who were able to get into users’ Facebook accounts would also have been able to get into any account that uses Facebook Login.
Think about that for a second: Thousands of apps use Facebook Login, including many containing sensitive personal and financial information, like Tinder, Uber, Venmo, and, yes, Instagram. If hackers were indeed able to access those accounts, it would make an already massive hack exponentially worse.
The good news for now: Facebook says it hasn’t uncovered any evidence “so far” that hackers accessed third-party apps.
“We have now analyzed our logs for all third-party apps installed or logged during the attack we discovered last week. That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login,” Facebook’s VP of Product Management Guy Rosen wrote in a statement.
Of course, the key phrase there is “so far.” The investigation is still ongoing, and there’s always a chance things could change as the company learns more.
In any case, the Facebook attack highlights just how serious the consequences could be. For years, the company has touted Facebook Login as an invaluable tool for developers and users alike. Now, developers are scrambling to figure out if their users were impacted by the hack.
Rosen also said Facebook is, “out of an abundance of caution,” also working on a new tool that will allow developers “to manually identify the users of their apps who may have been affected.” Just in case.