After Bitcoin revealed its security flaw, it was Facebook’s turn to discover a potentially serious security flaw that might expose (or might have exposed) the personal data of more than 50 million users to the third-party applications. “View As” was implemented and this was the time when the vulnerability was spotted. It has been told that the vulnerability might have been introduced back in July 2017, that would allow hackers to steal digital login credentials of millions of users. But a new revelation might prove that the impact of the security breach might be serious than it was considered to be.
The VP of product management in Facebook, Guy Rosen, disclosed that “hackers might have exploited the security flaws in accessing the users’ accounts for third-party application services such as such as Tinder, Airbnb, Spotify as well as Instagram, that uses Facebook login.”
The biggest security breach after the Cambridge Analytica data scandal, Facebook on Friday admitted that stealing the “access tokens” or digital keys hackers broke into almost 50 million accounts.
A Facebook spokesperson recently acknowledged the fact that some malicious parties might have gained access to every user’s profile on other services if these users used their Facebook account to sign up for it. What this means is that basically if you signed up for an Instagram account using your Facebook account, hackers might have gained access to your Instagram account as well. It is like a chain of hacking.
Currently, the exact number of third-party services that were at stake due to the security breach by Facebook’s system hasn’t been revealed yet, but some reports and estimates suggest that these third-party applications consist of Tinder, Instagram, Spotify, and Airbnb accounts, whose security might have been compromised.
During an interaction with KrebsOnSecurity, a Facebook spokesperson told that it is definitely possible for hackers to exploit the vulnerability of access to third-party sites and applications. The spokesperson was quick to add that no evidence of ‘interactive login to third-party sites as the user’ has been discovered as of now.
If it is proven that third-party applications security is at stake due to logging in using Facebook, the linked third-party services like Tinder and Spotify might end up launching their own investigation to check for the extent of this security breach. Facebook confirmed that it had developed a patch for the security loophole, revoked the ‘access tokens’ of the affected users and has also ìnformed the affected users about the security breach via a notification on top of their feed.