https://www.wired.com/story/facebook-security-breach-third-party-sites/
FACEBOOK revealed that it had suffered a security breach that impacted at least 50 million of its users, and possibly as many as 90 million. What it failed to mention initially, but revealed in a followup call Friday afternoon, is that the flaw affects more than just Facebook. If your account was impacted it means that a hacker could have accessed any account that you log into using Facebook.
“The access token enables someone to use the account as if they were the account holder themselves. This does mean they could access other third-party apps using Facebook login,” Guy Rosen, Facebook’s vice president of product, said in a call with reporters Friday. “Developers who used Facebook login will be able to detect those access tokens have been reset.”
Connor Fairman says
This is a great point. I wrote my post about the hack itself. Very true that once someone has your auth token, they can pretty much do any activity you can do on Facebook. This is possibly an even greater concern than your account information being stolen because a hacker with your auth token could post crazy things under your name, which could cause severe reputational damage to a user.