Facebook breach may still be able to access victims’ accounts at third-party services and mobile apps. Facebook has offered no timeline for when that might change. Attackers stole single sign-on access tokens to at least 50 million Facebook accounts. Facebook says it’s reset 90,000 access tokens and forced users to log in again. Facebook: Us, Enforce Rules? Facebook, however, does not enforce these best practices, which puts users at risk, while also putting them at risk. Cambridge Analytica obtained profile data for as many as 87 million Facebook users in the interim.”]
Source: https://www.cuinfosecurity.com/blogs/facebook-cant-reset-all-breach-victims-access-tokens-p-2669