Last week, Facebook disclosed a massive attack that compromised around 50 million login tokens—tokens that many feared could have been used to access thousands of third-party services, including Tinder and Airbnb. The social network’s ongoing investigation concluded today that this has not happened.
In a statement to Reuters, Guy Rosen, Facebook’s vice president of product, said, “We analysed third-party access during the time of the attack we have identified. That investigation has found no evidence that the attackers accessed any apps using Facebook Login.”
By the time Facebook announced the breach, it had also revoked the 50 million hijacked login tokens—as well as an additional 40 million that had used the “view as” feature, a site function associated with the vulnerability these hackers exploited—meaning if no such logins took place already, they should not be able to perform such an attack now.
Facebook has yet to clarify who is responsible for the attack or what data they may have taken from these 50 million users. We have reached out for comment and will update if we hear back.