2.2 bn Facebook users must log out, re-login across devices: Experts
New Delhi, Sep 29 : After Facebook admitted that hackers broke into nearly 50 million users' accounts by stealing their "access tokens" or digital keys, cyber experts on Saturday warned over 2.3 billion users to log out and log back into Facebook, or any of third-party apps that use Facebook login.
Facebook has reset the access tokens of almost 50 million accounts it knew were affected. It has also taken the precautionary step of resetting access tokens for another 40 million accounts that have been subject to "View As" look-up in the last year.
"For now, logging out and back in is all that is necessary. The truly concerned should use this as a reminder and an opportunity to review all of their security and privacy settings on Facebook and all other social media platforms," Chester Wisniewski, Principal Research Scientist with global cyber security major Sophos, told IANS.
According to Dr Gary McGraw, Vice President of Security Technology, Synopsys (Software Integrity Group), this breach emphasises just how important software security is, and how subtle solid security engineering can be.
"When a feature like 'View As' can be turned on its head into an exploit, it indicates a design problem that led to unanticipated security vulnerability," noted Dr McGraw.
"Design flaws like this lurk in the mind boggling complexity of today's commercial systems, and must be systematically uncovered and corrected when software is being designed and built," he added.
If you've ever wondered what keeps you logged into your account even after you restart your laptop/browser - those are access tokens (cookies).
They maintain a constant session even when your IP changes.
"In this case, hackers were able to steal these tokens, which basically means the hacker could fool Facebook servers to believe they are the authorised users of the target's account that would give the attacker, complete access of the target's account," said Saket Modi, CEO and Co-Founder of Lucideus, an IT risk assessment and digital security services provider.
According to experts, they don't know for how long the vulnerability existed, who the hackers were and the extent of damage that might have been caused in terms of stealing not only one's profile data but, in this case, potentially the personal messages, pictures and chats, among others.
"As a precaution, all Facebook users must log out and re-login into all the gadgets that they have their Facebook session active like your cell phone (app or browser), laptop and desktop, etc," Saket Modi advised.
Facebook said it does not know who is behind this massive security attack.
"We're working hard to better understand these details and "we will update this post when we have more information, or if the facts change," said the company.
In the Cambridge Analytica scandal, data of nearly 87 million people was breached upon.
Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.
Allu Arjun didn't leave theatre despite being told about woman's death: Hyderabad police
Hyderabad, Dec 22: Top Telugu actor Allu Arjun did not leave the theatre during the screening of 'Pushpa-2' on December 4 despite being told to do so in view of a stampede in which a woman died, police officials claimed on on Sunday.
Speaking at a press conference on the annual round-up of 2024, city police commissioner C V Anand showed a video, made by police, on the situation that prevailed when the stampede occurred.
The video was made by collating footage, including from news channels and cell phone clips. It suggests the actor remained in the theatre till the midnight.
Anand did not make any comment on the video, but said the media can draw its own conclusions.
A police official talked about the sequence of events on the fateful night of December 4.
He said that he and other police officials informed a manager of Allu Arjun about the death of the woman and told him that the situation was out of control. He indicated that they were not allowed to meet the actor.
Allu Arjun's staff members told them that they would convey the matter to the actor but did not do so, he said.
The official said he later managed to reach the actor, told him about the woman's death and asked him to leave the theatre so that the fans don't harm each other while trying to catch a glimpse of him.
The official also told the actor that security arrangements would be made for his exit.
However, the actor said he would go only after watching the film, the police official said.
Later, accompanied by a senior officer, the official went inside and brought the actor out, he said.
Amid allegations that bouncers hired by Allu Arjun pushed crowds as well as policemen when the stampede occurred at the cinema hall, the police commissioner warned that stringent action as per law would be taken if THE bouncers indeed misbehaved with the police on duty.
The VIPs would be made responsible for the behaviour of the bouncers hired by them, he said.
Asked if the police would appeal against the interim bail granted to Allu Arjun, the commissioner refused to give a direct response, just saying it is part of the investigation.
What course of action is taken would be known in the days to come, he said.
He also declined to comment when asked if the family of the deceased told him about Allu Arjun's team or film production team allegedly threatening them not to speak on the issue.
Meanwhile, state Cinematography Minister Komatireddy Venkat Reddy found fault with Allu Arjun responding on Saturday to the debate in the Legislative Assembly.
The minister, who observed that the actor should have respect for the government and the chief minister, demanded an apology from Allu Arjun to the government and the CM.
"This government is never vindictive. As Cinematography Minister, we allowed benefit shows and hiking ticket prices to promote the film industry," he said.
However, Union Minister of State for Home Bandi Sanjay Kumar found fault with CM Revanth Reddy for his comments on Allu Arjun in the Assembly on Saturday.
The comments of the CM sounded like character assassination of Allu Arjun and hurting the Telugu film industry, he alleged in a statement.
Later in the day, Sanjay Kumar visited a boy who is undergoing treatment in a hospital after being injured in the stampede.
"Consoled his father over the heartbreaking loss of his wife, Revathi. I pray to god that Sritej recovers at the earliest. Assured support to the family in this difficult time," Kumar said on X.
Earlier in the day, state DGP Jitender told reporters in Karimnagar district that film personalities and all others should understand that safety and security of citizens is utmost important, and also conduct themselves accordingly.
