Facebook has said that services which let users log in using their accounts do not appear to have been compromised in the recent security attack.
Tinder and Airbnb are among those which accept Facebook log-ins as an alternative to creating an account.
Initially Facebook had suggested it was possible platforms such as these could also have been compromised.
The firm's former security chief said this was an implication of reporting a breach before investigating fully.
The breach was announced on Friday 28 September, one day after Facebook notified the Irish data regulator, but with many unanswered questions .
Alex Stamos, who left his post as the firm's chief security officer in August, tweeted that new European privacy laws mean that firms must report data breaches before they know full details themselves.
The General Data Protection Regulation (GDPR) legislation, introduced in May 2018, states that a firm must report any security breach within 72 hours.
"You can do incident response quickly or not correctly, but not both!" he wrote.
However, some people responding argued that the public had a right to know sooner rather than later.
"The 72-hour notification brings the customer needs to the forefront, rather than shareholder value," tweeted James.
Up to 50 million Facebook accounts are believed to have been left exposed in the breach, announced last week.
An additional 40 million users were also logged out as a precautionary measure.
The issue, which was based on a weakness in a feature allowing Facebook members to view how their profile appeared to others, has now been fixed.
In a blog publicising the latest information on the attack, Guy Rosen, vice-president of product management, wrote that there was no evidence "so far" that attackers had accessed any apps using Facebook log-ins.
The breach was a result of a change made by Facebook in July 2017.
It is not yet known whether the hack affected its corporate chat app, Workplace.
The firm has no evidence yet to suggest that it has, reports Reuters.