Facebook says hackers didn't access any third-party app
San Francisco, Oct 3 : Tendering a fresh apology in the data breach that affected 50 million users, Facebook has said that a detailed investigation found no evidence that the hackers accessed any third-party apps using Facebook Login.
In the biggest-ever security breach after Cambridge Analytica scandal, Facebook last week admitted that hackers broke into nearly 50 million users' accounts by stealing their "access tokens" or digital keys.
"We have now analysed our logs for all third-party apps installed or logged in during the attack we discovered last week. That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login," Guy Rosen, Vice President of Product Management at Facebook, said in a statement late on Tuesday.
Rosen said Facebook has fixed the vulnerability and reset the access tokens for a total of 90 million accounts -- 50 million that had access tokens stolen and 40 million that were subject to a "View As" look-up in 2017.
"Resetting the access tokens protected the security of people's accounts and meant they had to log back in to Facebook or any of their apps that use Facebook Login," the Facebook executive said, adding that "we're sorry that this attack happened".
Any developer using official Facebook SDKs -- and all those that have regularly checked the validity of their users' access tokens - were "automatically protected when we reset people's access tokens".
"However, out of an abundance of caution, as some developers may not use our SDKs, we're building a tool to enable developers to manually identify the users of their apps who may have been affected, so that they can log them out," said Rosen.
The social media giant recommends developers stick to its Login security best practices like using official Facebook SDKs for Android, iOS and JavaScript, using the Graph API to keep information updated regularly and log users out of apps where error codes show that any Facebook session is invalid.
Ireland's Data Protection Commission, which is Facebook's lead privacy regulator in Europe, has asked Facebook to submit more details in the incident where data of over 50 million users were hacked.
The privacy watchdog could fine Facebook as much as $1.63 billion for the data breach.
Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.
CM Siddaramaiah alleges ‘criminal conspiracy’ in Sringeri recount, vows legal action
Bengaluru (PTI): Alleging a “criminal conspiracy” by BJP candidate D N Jeevaraj in the Sringeri Assembly poll recounting, Karnataka CM Siddaramaiah on Tuesday said the outcome was manipulated after valid postal ballot votes in favour of Congress leader T D Raje Gowda were tampered with during the recounting process.
Following a Karnataka High Court order on an election petition filed by Jeevaraj, challenging Raje Gowda’s election, the reverification and recounting were conducted on Saturday.
After the reverification and recount of postal ballots for the Sringeri Assembly constituency, votes polled in favour of Raje Gowda were reduced by 255, the returning officer said.
A report on the matter has been submitted to the Election Commission of India for further action, the officer added.
Congress leader Raje Gowda had won the 2023 Assembly polls from Sringeri by 201 votes, defeating his nearest rival Jeevaraj.
Addressing a press conference in Bengaluru, Siddaramaiah said the High Court had directed the recounting of postal ballots and that irregularities were noticed during the exercise conducted on May 2.
“This is a clear case of criminal conspiracy,” Siddaramaiah said, alleging that valid votes cast in favour of Raje Gowda were altered after being accepted by counting agents of all parties, including Congress, BJP, and JD(S).
He claimed that during the recounting of postal ballots, 255 votes were initially accepted as valid by all agents but were later tampered with by subordinate officials.
“There is a second mark on the votes polled in favour of Raje Gowda. They had accepted these as valid votes. Subsequently, another mark was made by officials. This is a clear case of criminal conspiracy,” he said.
When asked who was behind the alleged conspiracy, the CM replied, “It was hatched by Jeevaraj and others. It is planned.”
Siddaramaiah further alleged that the returning officer acted improperly by declaring the result despite the presence of an Election Commission observer during the recounting.
“Immediately after the counting, the returning officer announced the result. He should not have done so; this is against the law,” he said.
He pointed out that Raje Gowda had originally won by 201 votes, but after the recounting, the BJP candidate was declared the winner by 52 votes.
“The BJP has committed a criminal act of conspiracy. This is not vote chori but vote dacoity,” he alleged.
The CM said a police complaint had already been filed by Raje Gowda’s election agent, Sudhir Kumar, and emphasised the need for electoral integrity.
“We want transparency and free and fair elections. That is what our Constitution mandates,” he added.
Stating that the government would pursue legal remedies, Siddaramaiah said, “We are preparing an appeal challenging the returning officer’s announcement in a court of law.”
Responding to a separate query on elections in other states, the CM said there appeared to be an anti-incumbency factor in West Bengal, while results in Tamil Nadu were “surprising,” adding that Vijay’s party was emerging as the largest there.
Following the victory of party candidates in Bagalkote and Davanagere South, Siddaramaiah expressed confidence about future electoral prospects in Karnataka.
“Even in 2028, we will win the Assembly elections. We will come back,” the CM said.
Siddaramaiah added that he would order a forensic examination into the alleged tampering of postal ballots.
