Facebook has said that third-party apps allowing users to log in using their Facebook account do not appear to have been compromised by last week’s security attack.
Tinder and Spotify are among the high-profile services which allow users to log in using an existing Facebook account.
The social network revealed last Friday that up to 50 million accounts had been compromised in a cyber attack which stole access tokens used to keep users logged into their accounts, which in the wrong hands could be used to take over user accounts.
Facebook reset the access tokens for the affected accounts, as well as logging out 40 million other users as a precautionary measure.
In an update on the incident, which Facebook says it is still investigating, product management vice president Guy Rosen said: “We’ve had questions about what exactly this attack means for the apps using Facebook Login.
“We have now analysed our logs for all third-party apps installed or logged in during the attack we discovered last week. That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login.”
On Tuesday, The EU said it was preparing to investigate Facebook over the breach, which could have impacted nearly five million European users.
Investigators at the Irish Data Protection Commission (IDPC), the lead supervisory authority for Facebook in the EU, said it was gathering information and establishing the basis for an inquiry under the General Data Protection Regulation (GDPR) introduced this year.
If it is found to have broken the guidelines, the social media giant could face a maximum fine of 1.63 billion dollars (€1.4bn), or 4% of annual revenue.
“This was a serious issue and we worked fast to protect the security of people’s accounts and investigate what happened,” Mr Rosen said in his update.
“We’re sorry that this attack happened — and we’ll continue to update people as we find out more.”