Facebook says cyber-attack hackers did not use third party logins

Some security experts, including a former Facebook executive, said the company may have painted a dire, worst-case scenario when it disclosed the attack on Friday.

By REUTERS
October 3, 2018 02:01
2 minute read.
Facebook says cyber-attack hackers did not use third party logins

The Facebook application is seen on a phone screen August 3, 2017. . (photo credit: THOMAS WHITE / REUTERS)

 
X

Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analyses from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief

UPGRADE YOUR JPOST EXPERIENCE FOR 5$ PER MONTH Show me later

Facebook Inc said on Tuesday that investigators have determined that hackers did not access other sites that use the social networking site's single sign-on in a massive cyber attack that the company disclosed last week.

"We analyzed third-party access during the time of the attack we have identified. That investigation has found no evidence that the attackers accessed any apps using Facebook Login,” said Guy Rosen, a Facebook vice president overseeing security, in a statement sent to Reuters.

Be the first to know - Join our Facebook page.


The announcement comes after Facebook last week disclosed its worst-ever security breach, saying hackers had stolen login codes that allowed them to access nearly 50 million Facebook accounts.

Facebook shares fell for a third day on Tuesday, dropping 1.9 percent to $159.33.

Rosen had warned on a Friday conference call that the hackers could have also accessed third-party websites and apps that allow uses to access their accounts using Facebook logins.

Some security experts, including a former Facebook executive, said the company may have painted a dire, worst-case scenario when it disclosed the attack on Friday to ensure that compliance with strict new European Union privacy rules that took effect in late May.

The EU’s General Data Protection Regulation, or GDPR, imposes steep penalties if companies fail to follow rules that include a requirement that they disclose breaches within 72 hours of discovery. That is a tight window that security experts say does not give investigators adequate time to determine the impact of the breach.


“Interesting impact of the GDPR 72-hour deadline: Companies announcing breaches before investigations are complete,” former senior Facebook Chief Information Security Officer Alex Stamos said in a tweet.

The result is that “everybody is confused on actual impact, lots of rumors,” he tweeted, adding that “a month later, truth is included in official filing."

The social networking company's initial warning that the attackers may have accessed external accounts using Facebook Login was alarming because more than 42,000 websites use the service, according to estimates from researchers with the University of Illinois at Chicago.

The warnings prompted some sites to launch their own investigations amid concern the attack could reverberate across the internet.

UK-based travel site SkyScanner and IKEA Group's TaskRabbit, which provides home repairs and furniture assembly, said they would probe the potential impact on their customers.

Ride-hailing service Uber Technologies Inc said it has closed active sessions using Facebook login credentials as it investigated the matter.

Join Jerusalem Post Premium Plus now for just $5 and upgrade your experience with an ads-free website and exclusive content. Click here>>

Related Content

CEO of Quali, Lior Koriat
December 11, 2018
JVP leads $22.5 million investment round in Quali

By EYTAN HALON