Internet Security

Facebook hit with three privacy investigations in a single day

Third time lucky — unless you’re Facebook . The social networking giant was hit Thursday by a trio of investigations over its privacy practices following a particularly tumultuous month of security lapses and privacy violations — the latest in a string of embarrassing and damaging breaches at the company, much of its own doing. First…


Third time lucky — unless you’re Facebook.

The social networking giant was hit Thursday by a trio of investigations over its privacy practices following a particularly tumultuous month of security lapses and privacy violations — the latest in a string of embarrassing and damaging breaches at the company, much of its own doing.

First came a probe by the Irish data protection authority looking into the breach of “hundreds of millions” of Facebook and Instagram user passwords that were stored in plaintext on its servers. The company will be investigated under the European GDPR data protection law, which could lead to fines of up to four percent of its global annual revenue for the infringing year — already some several billions of dollars.

Then, Canadian au

Read More

Be the first to write a comment.

Leave a Reply

Internet Security

Facebook co-founder, Chris Hughes, calls for Facebook to be broken up

The latest call to break up Facebook looks to be the most uncomfortably close to home yet for supreme leader, Mark Zuckerberg. “Mark’s power is unprecedented and un-American,” writes Chris Hughes, in an explosive op-ed published in The New York Times. “It is time to break up Facebook.” It’s a long read, but worth indulging…


The latest call to break up Facebooklooks to be the most uncomfortably close to home yet for supreme leader, Mark Zuckerberg.

“Mark’s power is unprecedented and un-American,” writes Chris Hughes,in an explosive op-ed published in The New York Times. “It is time to break up Facebook.”

It’s a long read, but worth indulging for a well-articulated argument against the market-denting power of monopolies, shot through with a smattering of personal anecdotes about Hughes’ experience of Zuckerberg — who he at one point almost paints as “only human,” before shoulder-dropping into a straight thumbs-down that “it’s his very humanity that makes his unchecked power so problematic.”

The tl;dr of Hughes’ argument against Facebook/Zuckerberg being allowed to continue its/his reign of the internet knits together different strands of the techlash zeitgeist, linking Zuckerberg’s absolute influence over Facebook, and therefore over the unprecedented billions of people he can reach and behaviourally reprogram via content-sorting algorithms, to the crushing of innovation and startup competition; the crushing of consumer attention, choice and privacy, all hostage to relentless growth targets and an eyeball-demanding ad business model; the crushing control of speech that Zuckerberg — as Facebook’s absolute monarch — personally commands, with Hughes worrying it’s a power too potent for any one human to wield.

“Mark may never have a boss, but he needs to have some check on his power,” he writes. “The American government needs to do two things: break up Facebook’s monopoly and regulate the company to make it more accountable to the American people.”

His proposed solution is not just a break up of Facebook’s monopoly of online attention by re-separating Facebook, Instagram and WhatsApp— to try to reinvigorate a social arena it now inescapably owns — he also calls for U.S. policymakers to step up to the plate and regulate, suggesting an oversight agency is also essential to hold internet companies to account, and pointing to Europe’s recently toughened privacy framework, GDPR, as a start.

“Just breaking up Facebook is not enough. We need a new agency, empowered by Cong

Read More

Continue Reading
Internet Security

How to handle dark data compliance risk at your company

Lisa Hawke Contributor Share on Twitter Lisa Hawke is VP of Security and Compliance at Everlaw, and Vice Chair of Women in Security and Privacy. Slack and other consumer-grade productivity tools have been taking off in workplaces large and small — and data governance hasn’t caught up. Whether it’s litigation, compliance with regulations like GDPR…


Slack and otherconsumer-grade productivity tools have been taking off in workplaces large and small — and data governance hasn’t caught up.

Whether it’s litigation, compliance with regulations like GDPR or concerns about data breaches, legal teams need to account for new types of employee communication. And that’s hard when work is happening across the latest messagin

Read More

Continue Reading
Internet Security

Facebook needs a white hat Cambridge Analytica

Rob Blackie Contributor Share on Twitter Rob Blackie is a Digital Strategist based in London, England, who has contributed to The Guardian and The Independent newspapers. Mike Butcher Contributor More posts by this contributor Consolidation in Africa as classifieds player Jiji acquires their main competitor OLX Wayve claims ‘world first’ in driving a car autonomously…


Facebook has hada terrible couple of years. Fake news. Cambridge Analytica. Charges of anti-Semitism. Russia hacking the 2016 election. Racist memes, murders and lynchings in India, Myanmar and Sri Lanka.  

And Facebook is just the tech company with the longest list of scandals.There’s Google, YouTube and Twitter’s well-documented roles in radicalization to consider, not to mention growing global health crises caused by medical misinformation spread on all the major platforms.

Investors are rightly beginning to worry. If tech companies and their investors can’t foresee and stop these problems, it will likely lead to damaging regulation, costing them billions.

The rest of us are increasingly unhappy that internet giants refuse to take responsibility. The argument that the problem lies with third-party abuse of their tools is wearing thin, not just with the media and politicians, but increasingly with the public as well.

If the tech giants don’t want regulators to step in and police, they need to do much more to predict, and stop the abuse, before it even happens.

One hundred cardboard cutouts of Facebook founder and CEO Mark Zuckerberg stand outside the U.S. Capitol in Washington, DC, April 10, 2018. Advocacy group Avaaz is calling attention to what the groups says are hundreds of millions of fake accounts still spreading disinformation on Facebook. (Photo: SAUL LOEB/AFP/Getty Images)

The common factor in social media scandals

The problems mentioned above weren’t caused by anybody breaking existing social network rules. Nor

Read More

Continue Reading
Internet Security

We found a massive spam operation — and sunk its server

For ten days in March, millions were caught in the same massive spam campaign. Each email looked like it came from someone the recipient knew: the spammer took stolen email addresses and passwords, quietly logged into their email account, scraped their recently sent emails and pushed out personalized emails to the recipient of that sent…


For ten daysin March, millions were caught in the same massive spam campaign.

Each email looked like it came from someone the recipient knew: the spammer took stolen email addresses and passwords, quietly logged into their email account, scraped their recently sent emails and pushed out personalized emails to the recipient of that sent email with a link to a fake site pushing a weight loss pill or a bitcoin scam.

The emails were so convincing more than 100,000 people clicked through.

We know this because a security researcher found the server leaking the entire operation. The spammer had forgotten to set a password.

Security researcher Bob Diachenko found the leaking data and with help from TechCrunch analyzed the server. At the time of the discovery, the spammer’s rig was no longer running. It had done its job, and the spammer had likely moved onto another server — likely in an effort to avoid getting blacklisted by anti-spam providers. But the server was primed to start spamming again.

Given there were more than three million unique exposed credentials sitting on this spammer’s server — hosted onintelimost.com, we wanted to secure the data as soon as possible. With no contact information for the spammer — surprise, surprise — we asked the hosting provider, Awknet, to pull the server offline. Within a few hours of making contact, the provider nullrouted the server, forcing all its network traffic into a sinkhole.

TechCrunch provided a copy of the database to Troy Hunt. Anyone can now check breach notification site Have I Been Pwned to see if their email was misused.

But the dormant server — while it was still active — offered a rare opportunity to understand how a spam operation works.

The one thing we didn’t have was the spam email itself. We reached out to dozens of people to ask about the email they received. Two replied — but only one still had a copy of the email.

The email sent by the spammer. (Image: supplied)

“The same mail appeared on three occasions,” said one of the recipients in an email to TechCrunch. “The subject was related to an email I had sent previously

Read More

Continue Reading