News:

Skill.jobs Forum is an open platform (a board of discussions) where all sorts of knowledge-based news, topics, articles on Career, Job Industry, employment and Entrepreneurship skills enhancement related issues for all groups of individual/people such as learners, students, jobseekers, employers, recruiters, self-employed professionals and for business-forum/professional-associations.  It intents of empowering people with SKILLS for creating opportunities, which ultimately pursue the motto of Skill.jobs 'Be Skilled, Get Hired'

Acceptable and Appropriate topics would be posted by the Moderator of Skill.jobs Forum.

Main Menu

Facebook/Facebook Login Update

Started by sadia15-9913, October 05, 2018, 05:57:19 PM

Previous topic - Next topic

sadia15-9913

Facebook Login Update

October 2, 2018

We wanted to provide an update on the security attack that we announced last week. This was a serious issue and we worked fast to protect the security of people's accounts and investigate what happened. We fixed the vulnerability and we reset the access tokens for a total of 90 million accounts — 50 million that had access tokens stolen and 40 million that were subject to a "View As" look-up in the last year. Resetting the access tokens protected the security of people's accounts and meant they had to log back in to Facebook or any of their apps that use Facebook Login.

We've had questions about what exactly this attack means for the apps using Facebook Login. We have now analyzed our logs for all third-party apps installed or logged in during the attack we discovered last week. That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login.

Any developer using our official Facebook SDKs — and all those that have regularly checked the validity of their users' access tokens – were automatically protected when we reset people's access tokens. However, out of an abundance of caution, as some developers may not use our SDKs — or regularly check whether Facebook access tokens are valid — we're building a tool to enable developers to manually identify the users of their apps who may have been affected, so that they can log them out.

Security is incredibly important to Facebook. It's why we recommend developers stick to our Facebook Login security best practices:

Use our official Facebook SDKs for Android, iOS and JavaScript — these will automatically check the validity of access tokens on a daily basis and force a fresh login when they are reset by Facebook, protecting the security of users accounts.
Use the Graph API to keep information updated regularly and always log users out of apps where error codes show that any Facebook session is invalid.
We're sorry that this attack happened — and we'll continue to update people as we find out more.

Source:Google