Facebook recently revealed that the company had discovered a potentially dangerous security flaw which may have exposed the data of maybe over 50 million users. The defect was spotted in the implementation of the ‘View As’ feature and might have been introduced back in July 2017, enabling hackers to steal digital login credentials of millions of users.
But this revelation might further widen the impact of the security breach. Facebook VP of product management, Guy Rosen, disclosed that hackers might have also exploited the vulnerability to access users accounts on third-party services, which use Facebook login, such as Airbnb, Tinder, Spotify as well as Instagram.
A spokesperson for Facebook acknowledged malicious parties might have gained access to an individual’s profile on other platforms if they used their Facebook account to sign up for it. This means if you signed up for Instagram using your Facebook account recently, hackers might have also gained access to your Instagram account.
But for now, the exact number of third-party services that were compromised by the vulnerability in Facebook’s security system has not been revealed but earlier suggests that Tinder, Spotify, Instagram and Airbnb accounts may have been compromised.
In an interaction with KrebsOnSecurity, a Facebook spokesperson revealed that its possible that hackers may have exploited the breach to access third-party apps and sites. However, the social media giant representative added that so far, there’s no evidence of ‘interactive login to third-party sites as the user’ has been discovered.
If the second is said to be true, the linked third-party services such as Spotify and Tinder might launch a separate investigation to gauge the extent of the vulnerability. facebook, on the other hand, has fixed the security loophole, revoked the ‘access tokens’ of the affected users and has informed them about the incident through a notification on top of their feed.