Facebook says it has found no evidence 'so far' that hackers broke into ...

Facebook says it has found no evidence 'so far' that hackers broke into third-party apps after a data breach exposed 50 million users.

The social media giant said attackers exploited the site's 'View As' feature, which lets people see what their profiles look like to other users. 

Yesterday the firm revealed that hackers may have been able to break into any third-party service which a person used their Facebook logins to access - a feature called Facebook Single Sign-On.

Private data stored on thousands of websites that use the service, including Uber, Airbnb, Tinder, Spotify the New York Times and the Washington Post, could also have been accessed by cyber criminals.

However, the firm has now said it found no evidence 'so far' that the service was exploited. 

It is now building a tool to enable developers to manually identify the users of their apps who may have been affected so that they can log them out.

Scroll down for video

Facebook says it has found no evidence 'so far' that hackers broke into third-party apps after a data breach exposed 50 million users (stock image)  

Facebook says it has found no evidence 'so far' that hackers broke into third-party apps after a data breach exposed 50 million users (stock image)  

WHAT SERVICES WERE AFFECTED BY THE FACEBOOK BREACH? 

Private data stored on thousands of websites that use the service, including Uber, Airbnb, Tinder, Spotify the New York Times and the Washington Post, could have been accessed by cyber criminals.

Recent research revealed that some of the web's most popular sites lack basic security precautions that would have limited the fallout of the Facebook hack.

They found that just two of the world's 95 most popular sites - a list that includes Uber, Airbnb, the New York Times and the Washington Post - asked users to re-enter their Facebook password each time they used Facebook Single Sign-On.

Any web or mobile site that allowed you to log-in via Facebook may have been affected by the recent breach.

These include:

- Spotify

- Tinder

- Instagram

- Airbnb

- Uber

- New York Times

- Washington Post 

'This was a serious issue and we worked fast to protect the security of people’s accounts and investigate what happened', Guy Rosen, VP of Product Management wrote in a blog post.

'We have now analysed our logs for all third-party apps installed or logged in during the attack we discovered last week.

'That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login', he said.

The vulnerability was fixed and users' access tokens were reset.

Resetting the access tokens meant users had to log back in to Facebook or any of their apps that use Facebook Login.

Mr Rosen said that any developer using the official Facebook Software Development Kit (SDK) was automatically protected when people's access tokens were re-set.

However, not all developers use Facebook SDKs.

Mr Rosen said that 'out of an abundance of caution' developers  are 'building a tool to enable developers to manually identify the users of their apps who may have been affected, so that they can log them out'. 

Recent research revealed that some of the web's most popular sites lack basic security precautions that would have limited the fallout of the Facebook hack.

They found that just two of the world's 95 most popular sites - a list that includes Uber, Airbnb, the New York Times and the Washington Post - asked users to re-enter their Facebook password each time they used Facebook Single Sign-On. 

The unknown attackers took advantage of a feature in the code called 'Access Tokens,' to take over people's accounts, potentially giving hackers access to private messages, photos and posts - although Facebook said there was no evidence that had been done.

Mr Rosen laid bare the potential ripple effects in a conference call with reporters last week.

He said: 'The access token enables someone to use the account as if they were the account holder themselves.

'This does mean they could access other third-party apps using Facebook login.' 

It is not clear whether hackers have used Facebook's login service to access other apps, writes Business Insider.

Private data stored on thousands of websites that use the service, including Uber, Airbnb, Tinder, Spotify (pictured) the New York Times and the Washington Post, could also have been accessed by cyber criminals 

Private data stored on thousands of websites that use the service, including Uber, Airbnb, Tinder, Spotify (pictured) the New York Times and the Washington Post, could also have been accessed by cyber criminals 

HOW DO YOU PROTECT YOURSELF? 

The best way to protect yourself is to set up two-step authentication.

Two-factor authentication adds an extra layer of security to apps and websites by asking for both a password and a unique code when logging in.

Once verified, if anyone tries to log into their account they will be sent an autentication code via text message.

Even if a hacker has obtained the user's email address and password, they won't be able to access the account without this extra code.

While the extra layer of security isn't completely hacker proof, it's far more robust.

Also if users have different passwords for each account it means hackers will not be able to access all accounts in one go.

However, it's now more likely these firms will carry out investigations of their own.

Users that were logged out of the service between 27th and 28th September are likely to have been impacted by the breach.      

As a result of the breach, the firm logged roughly 90 million people out of their accounts this week as a security measure.  

Earlier this week a shocking report revealed Facebook logins were being sold on the dark web for just $3.90 (£3) each.

Email logins sell for as little as $2.70 (£2) each, according to experts who analysed the value of 26 commonly used accounts.  

They found the majority of someone's online life could be available for just $970, which includes all usernames, passwords and email addresses.

According to a blog post by Cheshire-based firm Money Guru, which carried out the research, these details are frequently stolen to sell to companies with want to do targeted advertising.

'There are few better ways to gain insight into someone's life than their social media accounts', researchers wrote.

'These details are frequently stolen to sell to companies with little scruples about targeted advertising.

'It's also a fast track to identity theft as they can take control of your accounts, lock you out and cause serious reputational damage in a short space of time', they wrote. 

As a result, some experts and officials have grown concerned about whether the firm can effectively manage and protect users' data.

READ THE FULL STATEMENT FROM MARK ZUCKERBERG ON THE DATA BREACH  

I want to update you on an important security issue we've identified. We patched the issue last night and are taking precautionary measures for those who might have been affected. We're still investigating, but I want to share what we've already found:

On Tuesday, we discovered that an attacker exploited a technical vulnerability to steal access tokens that would allow them to log into about 50 million people's accounts on Facebook.

We do not yet know whether these accounts were misused but we are continuing to look into this and will update when we learn more.

We've already taken a number of steps to address this issue:

1. We patched the security vulnerability to prevent this attacker or any other from being able to steal additional access tokens. And we invalidated the access tokens for

read more from dailymail.....

Get the latest news delivered to your inbox

Follow us on social media networks

PREV BAE Systems unveils its ‘Black Night’ tank to upgrade the Challenger 2
NEXT Technology Elon Musk tells Tesla staff to 'ignore the distractions,' hints at being ...