Facebook recently revealed the company has discovered a potentially serious security flaw which might have exposed the data of around 50 million users. The vulnerability was spotted in the implementation of the ‘View As’ feature and may have been introduced back in July 2017, allowing hackers to steal digital login credentials of millions of users.
But a new revelation might further widen the impact of the security breach. Facebook’s VP of product management, Guy Rosen, has disclosed that hackers may have also exploited the security flaw to access users’ accounts on third-party services, which use Facebook login, such as Tinder, Airbnb, Spotify as well as Instagram.
A Facebook spokesperson recently acknowledged malicious parties may have gained access to an individual’s profile on other services if they used their Facebook account to sign up for it. This basically means if you signed up for Instagram using your Facebook account, hackers might have also gained access to your Instagram account.
As of now, the exact number of third-party services that were compromised by the security breach in Facebook’s system has not been revealed, but early estimates suggest that Tinder, Instagram, Spotify and Airbnb accounts might have been compromised.
In an interaction with KrebsOnSecurity, a Facebook spokesperson revealed that it is possible that hackers may have exploited the vulnerability to access third-party sites and apps. However, the Facebook representative added that so far, no evidence of ‘interactive log in to third-party sites as the user’ has been discovered.
If the latter is proved to be true, the linked third-party services such as Tinder and Spotify might launch their own investigation to gauge the extent of the security breach. Facebook, on the other hand, has patched the security loophole, revoked the ‘access tokens’ of the affected users and has ìnformed them about the incident via a notification on top of their feed.