Facebook Breach May Have Also Exposed Third-Party Sites via ‘Login with Facebook’

Facebook admitted yesterday it suffered a major security breach, which exposed user data for nearly 50 million accounts. Only in a follow-up press briefing on the security flaw, did Facebook reveal more ways data could have been accessed.

According to Wired, Facebook told reporters the company’s ‘Login with Facebook’ single sign-on feature used by third-party sites may have also been breached. Many websites on the web allow users to sign up or login with their Facebook accounts, saving the time to create yet another login. But if this single sign-on protocol is hacked, then it opens up all your data on sites where you logged in via Facebook:

“The access token enables someone to use the account as if they were the account holder themselves. This does mean they could access other third-party apps using Facebook login,” Guy Rosen, Facebook’s vice president of product, said in a call with reporters Friday. “Developers who used Facebook login will be able to detect those access tokens have been reset.”

If you were affected by this Facebook security breach and saw your account logged out across all platforms yesterday, it’s best you double check any third-party websites or apps where you’ve used ‘Login with Facebook’, as data may have been accessed or compromised. While Facebook did reset all access tokes to these third-party apps and websites, it’s still worth investigating.