After a serious data breach, Facebook is building a tool for developers that use its Facebook Login feature but not its SDK, which will help manually identify users that use the login. Facebook announced the option in a blog post confirming it has reset the access tokens for 90 million accounts.
“Any developer using our official Facebook SDKs — and all those that have regularly checked the validity of their users’ access tokens – were automatically protected when we reset people’s access tokens. However, out of an abundance of caution, as some developers may not use our SDKs — or regularly check whether Facebook access tokens are valid — we’re building a tool to enable developers to manually identify the users of their apps who may have been affected, so that they can log them out.”
The vulnerability that led to hackers stealing the login credentials of 50 million accounts, and using the View As option for a further 40 million, has been fixed, and the tokens reset as a precaution.
Facebook recommends developers use its SDK to check token validity on a daily basis, and log users out should the token be reset at Facebook’s end. There’s no word on when the tool will arrive.