Facebook CEO Mark Zuckerberg. Photo: Aurelien Morissard/IP3/Getty Images

Facebook, third-party apps and regulators are scrambling to figure out key details of a breach that gave hackers access to 50 million accounts — a week after it was first discovered and four days after it was revealed.

The big picture: Observers widely noted that past security failures on this scale have always ended up affecting much larger numbers of users than originally announced. Two major online services that allow users to sign in with Facebook reported no evidence of problems, but investigations are just beginning.

What happened: Hackers stole "access tokens" that gave them the ability to control 50 million accounts. It's not clear whether they used them to get into Facebook or any of the thousands of other services that take Facebook credentials.

What they’re saying:

  • A spokesperson for Tinder said the dating app “has conducted a full forensic investigation and has no evidence to suggest accounts have been accessed based on the limited information Facebook has provided.”
  • “Spotify has not experienced a security breach,” said a spokesperson for the music streaming service, which lets you log in with a Facebook account.
  • Airbnb, another major company that lets users log in with Facebook credentials, did not comment on the potential impact of the breach. Pinterest told CNN it examining the impact on its platform.

Yes, but: Tinder's spokesperson said that "if Facebook would share the affected user lists, it would be very helpful in our investigation."

  • A Facebook spokesperson noted the company had reached out to Tinder. He also pointed Axios to exec Guy Rosen’s comments last week that developers who let users log in with their Facebook accounts would be able to detect whose access tokens had been reset in response to the breach.

Multiple Congressional committees want answers about the breach, with both the House Energy and Commerce Committee and the Senate Commerce committees seeking staff briefings from Facebook, per aides.

  • “We’re looking at it, our staff’s been in contact with them and we’ll determine whether or not it’s something we need to have a hearing about,” said Senate Commerce Committee Chairman John Thune (R-S.D.) on Monday night, adding the breach was “pretty serious.”
  • Democratic staffers on the Senate Intelligence Committee are also interested in the breach and have spoken to Facebook about it, said a Congressional aide.
  • A Facebook spokesperson also said the company had not yet been contacted by the Federal Trade Commission about an investigation. The agency reached a settlement over privacy issues with the social giant in 2012.

The hack has also reverberated in Europe, where regulators have taken a hard line on data protection.

  • “This is really worrying news,” tweeted the European Union’s top data protection official in response to the Irish Data Protection Commission's statement that less than 10% of the 50 million affected accounts were located in the European Union, which could still amount to almost 5 million users.

What’s next: Facebook has promised to provide regulators and the public with more details. “As we work to confirm the location of those potentially affected, we plan to release further info soon,” it said in a tweet.

Go deeper

Pundits react to a chaotic debate: “What a dark event we just witnessed”

The first presidential debate between President Trump and Joe Biden in Cleveland on Tuesday night was a shouting match, punctuated by interruptions and hallmarked by name-calling.

Why it matters: If Trump aimed to make the debate as chaotic as possible with a torrent of disruptions, he succeeded. Pundits struggled to make sense of what they saw, and it's tough to imagine that the American people were able to either.

Trump to far-right Proud Boys: "Stand back and stand by"

Asked to condemn white supremacist violence at the first presidential debate on Tuesday, President Trump said the far-right Proud Boys group should "stand back and stand by," before immediately arguing that violence in the U.S. "is not a right-wing problem. This is a left-wing problem."

Why it matters: Trump has repeatedly been accused of failing to condemn white nationalism and right-wing violence, despite the FBI's assessment that it's the most significant domestic terrorism threat that the country faces. The president has frequently associated antifa and the left-wing violence that has afflicted some U.S. cities with Biden, despite his condemnation of violent protests.

Mike Allen, author of AM
1 hour ago - Politics & Policy

The first Trump v. Biden presidential debate was a hot mess

Photos: Jim Watson and Saul Loeb/AFP via Getty Images

This debate was like the country: Everybody’s talking. Nobody’s listening. Nothing is learned. It’s a mess.

  • We were told President Trump would be savage. Turned out, that was a gross understatement. Even the moderator, Fox News' Chris Wallace, got bulldozed.

Why it matters: Honestly, who the hell knows?