Magazines
Cancel
PanachePanacheView in App

Facebook confirms Instagram, Tinder weren't accessed by hackers after data breach

An internal investigation showed that none of the third-party apps were attacked that required a Facebook login.

By , ET Bureau |
Agencies
BENGALURU: Facebook said that its investigation into the hack that was revealed last week has found "no evidence" of third-party apps like Tinder, Instagram, etc being accessed by hackers.

The breach that affected 50 million people, Facebook said on Friday, was by done by exploiting a bug in the 'View As' feature that lets people see what their profile looks like to others. This allowed hackers to steal the "access tokens" which could allow them access to take over any account.

As a precaution, Facebook had expired the "access tokens" of nearly 90 million accounts that had logged users out of their respective accounts. After revoking access, Facebook warned that the stolen token might also affect third party application like Tinder, Instagram etc that use Facebook login.


Facebook Data Breach Making Headlines, Here's How Other Scandals Began
1/6
The Facebook leak was traced back to Aleksandr Kogan, an academic at Cambridge university. Here is the root of other such worldwide breaches.
(Image: Twitter/@AleksandrBKogan)
The Facebook leak was traced back to Aleksandr Kogan, an academic at Cambridge university. Here is the root of other such worldwide breaches. (Image: Twitter/@AleksandrBKogan)
In 2012, companies like Visa Inc licensee, J C Penney Co, JetBlue Airways Corp and French retailer Carrefour SA were attacked by hackers, resulting in a collective loss of up to $300 million. A Russian and Ukrainian gang hacked into the records for over seven years, breaching 8,00,000 bank accounts and stealing more than 160 million credit and debit card numbers. While his colleagues did the hacking, 32-year-old Russian Roman Kotov was charged with mining the data.
In 2012, companies like Visa Inc licensee, J C Penney Co, JetBlue Airways Corp and French retailer Carrefour SA were attacked by hackers, resulting in a collective loss of up to $300 million. A Russi..
Read More
While eBay’s database was hacked earlier in 2014, the news came out only in May that year. The online auction house went into damage control. Its then CEO John Donahue asked 145 million users to change their passwords, but said that financial information was stored separately and hence, remained safe. One mind boggling detail is that the unknown hackers had access to eBay’s accounts for 229 days.
While eBay’s database was hacked earlier in 2014, the news came out only in May that year. The online auction house went into damage control. Its then CEO John Donahue asked 145 million users to chan..
Read More
In 2007, more than 94 million customer accounts belonging to the department store group TJX were compromised. The man behind it, Albert Gonzalez, was also indicted in the Heartland Payment’s data breach, where hackers stole more than 130 million credit and debit card numbers from the payment processing system in 2008. College dropout Gonzalez used several screen names like ‘soupnazi’ (a reference to the popular Seinfeld episode), ‘kingchilli’ and ‘cumbajohny’ in the TJX hack. While Gonzalez was arrested in a Miami hotel, officials found $1.6 million in cash hidden in plastic bags in a drum buried at his parent’s backyard. The soupnazi was sentenced to 20 years in prison in 2010.
In 2007, more than 94 million customer accounts belonging to the department store group TJX were compromised. The man behind it, Albert Gonzalez, was also indicted in the Heartland Payment’s data bre..
Read More
The personal records of over 78 million customers were stolen in 2015 from American health insurance giant Anthem. Investigators suspected China’s role in the breach. Apparently, the hack happened in 2014, when just one user at an Anthem subsidiary opened a phishing email. It gave access to the company’s warehouse. In 2017, Anthem reached a settlement of $115 million — the money will reportedly be used to pay for an additional two years of credit monitoring for the breach’s victims.
The personal records of over 78 million customers were stolen in 2015 from American health insurance giant Anthem. Investigators suspected China’s role in the breach. Apparently, the hack happened in..
Read More
Literally every single Yahoo user account was hacked into. In September 2017, Yahoo confirmed that all of its three billion accounts were exposed as part of an August 2013 breach. In a separate incident in 2016, a hacker called Peace put up the company’s user information for sale in the darknet market site, The RealDeal. The news affected Verizon’s takeover of the company, knocking off $350 million from the sale price. Verizon bought out Yahoo in June 2017.
Literally every single Yahoo user account was hacked into. In September 2017, Yahoo confirmed that all of its three billion accounts were exposed as part of an August 2013 breach. In a separate incid..
Read More
See More SlideshowsMore Slideshows

"We have now analysed our logs for all third-party apps installed or logged in during the attack we discovered last week. That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login," said Guy Rosen, VP of Product Management in a blog post.

Resetting the access tokens was done to make sure the hackers with stolen access tokens do not use it to take over people's Facebook account or other apps that they had logged in via Facebook login. This announcement comes as a breather for frequent users of Facebook single sign-on feature, who had questions about what this attack means for the apps using Facebook Login.

ADVERTISEMENT
Computer scientist Jason Polakis who had analyzed the single sign-on tool said that this is "great news" because the extent of the attack has been curtailed.

However, the computer scientist expressed concern about the use of SSO.




Download
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
READ MORE
ADVERTISEMENT

READ MORE:

facebook |Tinder |Instagram |Facebook data breach |computer science

LOGIN & CLAIM

50 TIMESPOINTS

Indra Nooyi's parting note as PepsiCo CEO to staff: Listen to podcasts, search Google

More from our Partners

Loading next story
Cancel
Business News › Magazines › Panache › Facebook confirms Instagram, Tinder weren't accessed by hackers after data breach
Text Size:AAA

Popular Categories

Hot on Web

In Case you missed it

Top Searched Companies

Download ET APP


Follow us on


Powered by

become a member

Terms of Use & Grievance Redressal Policy
DNPA Code of Ethics|Privacy Policy|Archive|Delete Data|Feedback|

Copyright © 2026 Bennett, Coleman & Co. Ltd. All rights reserved. For reprint rights:
Times Syndication Service

Do Not Sell My Personal Information
Success
This article has been saved

*

+