“We have asked them about the impact, they wanted some time for the investigation and have committed to get back to us with a detailed report by Wednesday morning,” said the official, who did not wish to be identified.
In this latest instance, Facebook has claimed that certain accounts have been affected but not compromised, the official said.
“We have, however, not sent any formal notice, but have just communicated our concerns to the company,” the official said. In the latest Facebook breach, attackers exploited a vulnerability in the code of the ‘View As’ feature that lets users see how their profiles look like to others. Facebook has now fixed the vulnerability and launched an investigation. It also logged out the 50 million affected users and an additional 40 million after the revelations.
After the breach came to light, the firm informed law enforcement authorities in the US and communicated the breach to the Irish Data Protection Authority.
The social network has its largest userbase in India with about 270 million accounts at end of July, according to Statista website.
The company has been battling a series of regulatory hurdles in the country.
While the Central Bureau of Investigation has launched an inquiry over the Cambridge Analytica scandal, Facebook-owned WhatsApp has been under government scrutiny over the spread of fake news and rumours on its platform, which led to mob violence and killings in the country.
ET reported on Monday that the impact could be far-reaching in India because beyond Facebook, hackers could have accessed any account logged into using the social network. In India, Facebook’s single sign-on feature allows users to log into third party apps such as Swiggy, Zomato, BigBasket, Hotstar, Tinder, Nykaa, SonyLIV, RentoMojo, FreshMenu, Chai Point, Quora, Snapchat, HealthifyMe, and Dominos, without creating a unique profile for each one.
It is unclear how long the hackers will be able to use the access tokens to get into third-party apps. Facebook has not offered details on what kind of data could have been compromised from third-party apps.
The Economic Times