Facebook says it has not found any evidence “so far” that its attackers accessed third-party sites through Facebook Login.
It’s a sliver of good news about a massive data breach that the company first disclosed last week. Attackers accessed as many as 50 million accounts in the largest such breach of Facebook’s network.
“We have now analyzed our logs for all third-party apps installed or logged during the attack we discovered last week. That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login.” said Facebook’s Guy Rosen in a statement.
On Friday, Facebook(FB) announced unknown attackers had exploited a vulnerability to access the accounts. They were able to view other people’s Facebook profiles as if they were the accounts’ owners. For example, they could see friends’ profiles and updates.
Facebook says it closed the loophole on Thursday night, but 90 million users were forcefully logged out of their accounts as a precaution.
The attackers stole Facebook “access tokens,” which keep a person logged into their Facebook account over long periods. Facebook reset all 50 million tokens, as well as tokens for an additional 40 million people who had used the “view as” feature in the past year as a precautionary step.
During a call about the hack last week, Rosen said the attackers would have also been able to access third-party sites using Facebook Login, but the company had found no evidence of them doing so.
Hundreds of sites and apps including Tinder, Spotify and Airbnb use Facebook Login, which lets people access the services with their Facebook username and password. Early this week, developers were confused about whether their services had been exposed in the Facebook hack.
The company says partners following Facebook “best practices” were automatically protected. Some developers might not have followed those rules, and they could have put their users at risk.
“We’re sorry that this attack happened — and we’ll continue to update people as we find out more,” Rosen said.
— CNN’s Donie O’Sullivan contributed reporting.
CNNMoney (San Francisco ) First published October 2, 2018: 7:13 PM ET
“It’s a story that has been absolutely clouded in secrecy, in distortion and in so much unknown,” Professor Hocking said.
Alongside the correspondence between the Queen and Sir John known as the “Palace letters”, the National Archives also holds telegrams and attachments like newspaper clippings, exchanged between August 15, 1974 and December 5, 1977.
The material was deposited in 1978, after Sir John left the office, by Sir David Smith, the official secretary to the governor-general.
The letters were due for release 12 years ago, but, because they had been marked as “private” correspondence rather than “Commonwealth records”, they were not covered by the rules binding Commonwealth documents.
“Without this High Court decision, we were in the most extraordinary situation where pivotal historical documents were kept in our own archives and embargoed by the Queen,” Professor Hocking said.
“This historic decision has overturned that. It reasserts Australian law over Australian archives and it also challenges … royal secrecy, where the activities of the monarch have been able to be shrouded in secrecy through the notion of confidentially and personal records.”
End of a long battle for Hocking
Today’s win comes after a series of court battles, since Professor Hocking first sought access to the letters in 2016.
Professor Hocking had already lost a Federal Court bid to overturn the decision to keep the letters private, which was made by the National Archives.
During the High Court hearing in February, Professor Hocking acknowledged the long legal process, but she was delighted to have had the case heard by the highest legal court in Australia.
“It’s about our history, it’s about our knowledge of our history, but it’s also about having control over our own national archival resources,” she said.
Professor Hocking’s lawyers told the High Court that the documents were created and received by the governor-general as part of his official job, and therefore were the property of the Commonwealth.
“[The] evidence did not show that any person who dealt with the records or similar correspondence between a governor-general and the Queen perceived that the Australian copy of those records was the personal property of the person who was governor-general,” the submissions read.
The High Court was also told there was a constitutional issue if a governor-general were to derive personal property in his communications with the Queen while in office.
The judgement was delivered in Brisbane this morning, because COVID-19 restrictions have prevented the bench to travel to the High Court of Australia in Canberra.
Professor Hocking received the news in Melbourne, and is planning to travel to Canberra to access the letters soon.
“I really look forward to going into the archives next week and speaking to the director-general … and ensuring that I can see all 211 of these Palace letters as soon as the National Archives reopens,” she said.
“But as biographer and a historian, what is most pleasing to me is that we will have sorts of documentation that we need to write accurate history.”