A security researcher has discovered a massive leak of email addresses – in fact more than *800 million* email addresses. The massive exposure is due to lax security at an email address verification service called Verifications.io. Never used Verifications.io? It doesn’t matter, the odds are very good that your email address is in there.
The newest malware ransomware making news is B0r0nt0K (similar to ‘BorontoK’ only the Os are replaced with 0s). While it has hit at least one Linux server, experts say that it also has the potential to lock up Windows servers. Unfortunately, at the moment there seems to be no B0r0nt0k antivirus defense.
It all started with a seemingly innocent Google blog post earlier this month, in which Google announced that their ‘Hey Google’ Google Assistant was ready to go live on Nest Secure Nest Guard home security devices. Then people started having that ‘waaaait a minute…’ moment: this meant that there had to be a microphone in that Nest Guard device.
The Association of National Advertisers (ANA) admitted this week that it had suffered a data breach last August through October (2018), about which it learned last October (2018), but which it only advised those affected this week (the last week of January, 2019). Consider these dates when also considering the fact that just last month (December 2018, two months after ANA knew about the data breach) ANA was pushing back, hard, against legislation regarding more stringent requirements for – wait for it – notification of data breaches.
In the past 24 hours it was revealed, and then admitted by Apple, that a bug in the FaceTime app was allowing FaceTime callers to listen in on the audio of what was going on around the recipient’s device before the recipient picked up the call. And if the recipient pressed the button to reject the call, instead of ending the call it would start broadcasting video from the recipient’s device as well!
Memes. They’re cute. They’re funny. And they’re infected. That’s what researchers are saying about memes posted on Twitter from a particular account. The memes had commands embedded in their code, so that to look at the meme it looked normal, but when a computer infected with the particular malware encountered the meme, it would read the command and then execute it.
Facebook has announced that up to 1500 third-party Facebook apps had access to user photos that they were not supposed to be able to access – including unpublished photos. The self-inflicted privacy hole was due to a ‘bug’ in the Facebook photo API which, Facebook says, granted the apps unpermitted access to the photos of as many as 6.8 million Facebook users for 12 days in September of 2018.
Given all of the data breaches in 2018 (Marriott Starwood, 1-800-FLOWERS, Quora, Walgreens, the Post Office, etc.) it is no longer a question of whether your data has been breached – you need to assume that it has been – rather the question is what is the best way to monitor your bank accounts and credit card accounts for fraudulent activity? And what are some ways to protect against it in the future? (The answer to the latter may surprise you!)
Close on the heels of Quora’s data breach just two days ago, online florist 1-800-FLOWERS has announced that they have been subject to a data breach that has been going on for 4 years. The breach was of payment data including credit card number, expiration date, card security code, and the first and last name of the card holder. As many as 75,000 1-800-FLOWERS customers have been affected.
Quora has just announced that it discovered a data breach on Friday, November 30th. Taking a move from the playbook of, apparently, nobody else, Quora did not wait weeks or months or even days to announce the breach – going from discovery to notifying their users in no more than 72 hours. Thank you for that, Quora!
The Marriott hotel chain announced today that their Starwood property has suffered a massive data breach of as many as 500 million guest records. Note that even though the breach was discovered days earlier, they are announcing it on a Friday morning; Friday is known to be the day to announce things if you want them to get the least amount of attention.
Last year (in fact almost a year ago exactly) we told you about the U.S. Post Office’s new ‘Informed Delivery’ service. For those of you not familiar with the USPS Informed Delivery service, well, count your blessings. Because the postal service has experienced a serious breach, making the personal information of all 60 million plus Informed Delivery vulnerable.
Countless Amazon customers woke up this morning to an email from Amazon telling them that “our website inadvertently disclosed your name and email address due to a technical error.” And, in fact, that’s just about all the email said, other than “the issue has been fixed” and that there is no need for the customer to take any action.
Hot on the heels of California passing their California Consumer Protection Act (CCPA) which is actually a consumer data protection law, and on the slightly more distant heels of the passage and enactment of the General Data Protection Regulation (GDPR), Colorado has both passed and enacted the Colorado Consumer Data Protection Act (CCDPA).
Oh, the irony! Identity theft protection service LifeLock has exposed millions of their customers’ email addresses. And according to Krebs on Security, the exploitable vulnerability was so basic that it seems “that whoever put it together lacked a basic understanding of Web site authentication and security”!