Were you logged out of Facebook today? Well, you were among 90 million whose accounts were breached
San Francisco, Sep 28 : In the biggest-ever security breach after Cambridge Analytica scandal, Facebook on Friday admitted hackers broke into nearly 50 million users' accounts by stealing their "access tokens" or digital keys.
This allowed them to steal Facebook access tokens which they could then use to take over people's accounts, Facebook said in a statement.
Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they do not need to re-enter their password every time they use the app.
"Our investigation is still in its early stages. But it's clear that attackers exploited a vulnerability in Facebook's code that impacted 'View As', a feature that lets people see what their own profile looks like to someone else," said Guy Rosen, VP of Product Management.
Facebook security team discovered the security issue on September 25, and it has now fixed the vulnerability and informed the law enforcement.
"We have reset the access tokens of the almost 50 million accounts we know were affected to protect their security.
"We're also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a 'View As' look-up in the last year," Facebook said.
As a result, around 90 million people will now have to log back into Facebook, or any of their apps that use Facebook login.
After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.
"We're temporarily turning off the 'View As' feature while we conduct a thorough security review," Facebook said.
This attack exploited the complex interaction of multiple issues in Facebook code.
"The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens," it said.
Facebook said it does not know who is behind this massive security attack.
"We're working hard to better understand these details and "we will update this post when we have more information, or if the facts change," said the company.
In the Cambridge Analytica scandal, data of nearly 87 million people was breached upon.
Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.
Supreme Court lauds Tamil Nadu for using preventive detention against cyber offenders
New Delhi: The Supreme Court on Monday commended the Tamil Nadu government for invoking preventive detention laws to tackle cybercrime, observing that conventional criminal laws have proven ineffective in curbing such offences.
Justice Sandeep Mehta, while hearing a plea challenging a detention order against an accused in a cyber fraud case, remarked, “This is a good trend coming from the state that preventive detention laws are being used against cyber law offenders. It's a very welcome approach. Normal criminal laws are not proving successful against these offenders.”
The bench comprising Justices Sandeep Mehta and Joymalya Bagchi was considering a special leave petition filed by the father of the detenu, Abhijeet Singh, against a Madras High Court judgment that upheld his preventive detention under the Tamil Nadu Prevention of Dangerous Activities of Bootleggers, Drug Offenders, Goondas, Immoral Traffic Offenders and Slum Grabbers Act, 1982.
The detenu, a resident of New Delhi and originally from Punjab, was arrested on July 25, 2024, following a complaint at the Cyber Crime Police Station in Theni District. The complainant, Bhanumathi, alleged that she was defrauded of ₹84.5 lakh, of which ₹12.14 lakh had reportedly been transferred to an account operated by the detenu under the name ‘M/s Creative Craaft.’
Police investigation revealed that Abhijeet Singh had established four companies in his and his family members’ names and opened multiple bank accounts to route the defrauded money. A preventive detention order was issued against him by the District Collector on August 23, 2024. The Advisory Board confirmed the detention on September 25, 2024, and the State Government ratified it for a full term of 12 months on November 9, 2024.
Before the apex court, the petitioner’s counsel argued that the detention was unconstitutional, citing a violation of Article 22(5) and procedural lapses. He contended that the incident was a one-time offence and did not disturb public order. He also pointed out that the detenu had no previous criminal record and was not given adequate time to make a representation, with the notice for a September 25 hearing being served only on September 23, while the detenu was in Madurai and the hearing was in Chennai.
Justice Mehta questioned whether these issues were raised before the Advisory Board, to which the counsel replied affirmatively. The bench noted that the duration of detention lies within the state's discretion and cannot be curtailed by the court unless the detention itself lacks legal basis.
“If there is no basis for detention then the order itself has to go; the period cannot be curtailed based on that. You come on Wednesday, we will see,” Justice Mehta said, adjourning the matter to June 25 for further hearing.
Earlier, the Madras High Court had dismissed the habeas corpus plea, concluding that the detention did not suffer from any procedural or constitutional infirmities. The High Court held that all relevant materials had been placed before the Advisory Board and the detenu’s representations were duly considered.
The Supreme Court will continue hearing the matter on Wednesday, June 25, 2025.
