Thomas Rid is a professor at the Johns Hopkins University. He said, “Nothing we’ve seen here is so sophisticated that it requires a state actor. Fifty million random Facebook accounts are not interesting for any intelligence agency.”
Also, Facebook has reported the breach to the FBI and European authorities.
Ongoing Risk?
Jake Williams is a security expert at Rendition Infosec. He said he’s concerned that the Facebook breach might have affected third party apps connected to Facebook. Many websites allow users to login using their Facebook credentials. Williams said, “These access tokens that were stolen show when a user is logged into Facebook and that may be enough to access a user’s account on a third party site.”
Facebook confirmed that third party apps and sites, including Instagram, was at risk. “The vulnerability was on Facebook, but these access tokens enabled someone to use the account as if they were the account-holder themselves,” said Rosen.
To combat the problem, Facebook reset the access tokens for all 50 million user accounts. It also reset another 40 million it considered at risk. Users now simply need to log back in. Rosen says that users do not need to reset their passwords. Security experts, however, say that it wouldn’t hurt to take that extra step.
