Facebook: No third party apps affected by new cyberattack

Oct. 3 (UPI) -- Nearly a week after it divulged a new cyberattack that affected millions of accounts, Facebook said it didn't affect any third-party apps that sign in users with their Facebook credentials.

The social media company announced the breach last week and said it might have affected as many as 50 million accounts. The hackers exploited Facebook's "view as" feature, which lets people view their own profiles as others would see it.

The breach concerned some that the roughly 40,000 Facebook-linked third party apps might also have been compromised. Facebook gave the "all clear" Tuesday.

"We have now analyzed our logs for all third-party apps installed or logged in during the attack we discovered last week," Facebook Vice President of Product Management Guy Rosen said in a statement. "That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login."

With another 40 million accounts potentially looked up in the last year, Rosen said 90 million users who were forcefully logged out of their accounts can now log back in.

The breach involved what are known as "access tokens," which allow users to more conveniently log in to their various accounts. Some hackers, though, have developed ways to exploit the tokens.

"We fixed the vulnerability and we reset the access tokens for a total of 90 million accounts -- 50 million that had access tokens stolen and 40 million that were subject to a 'View As' look-up in the last year."

"This allowed them to steal Facebook access tokens which they could then use to take over people's accounts."