Loading...

Follow Adam Levin - Identity, Security, and Personal F.. on Feedspot

Continue with Google
Continue with Facebook
or

Valid

A trove of internal communications from senior level Facebook employees were released by a British parliamentary committee earlier this week. The documents were seized in late November, and span a period from 2012 to 2015. The documents were initially sealed in U.S. courts as part of an ongoing lawsuit against the social media giant.

Revelations from the communications include:

  • An update to Facebook’s Android app collected user’s phone data, including call lengths, dates, times, text messages, and phone call recipients, even when the app wasn’t being used.   
  • Senior level staff discussed removing user data restrictions for developers with advertising budgets exceeding $250,000. 
  • Facebook used Ontavo, its security app, to measure how often people used other apps on their phones. The data collected impacted their decision to acquire WhatsApp in 2014 for $19 billion, and to restrict Vine access to Facebook user data.

The release of the internal documents is part of a larger investigation into the company’s business practices.

“Like any organization, we had a lot of internal discussion and people raised different ideas,” said Facebook CEO Mark Zuckerberg on his Facebook profile. “I understand there is a lot of scrutiny on how we run our systems. That’s healthy given the vast number of people who use our services around the world, and it is right that we are constantly asked to explain what we do.”

The post Internal Facebook Documents Released in UK appeared first on Adam Levin.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The Mozilla Foundation has released the second installation of *Privacy Not included, the organization’s annual privacy guide to internet-connected gifts. The list was started to promote the idea that privacy and security by design can and should be a major selling point.

Mozilla is the non profit organization behind the popular open source Firefox web browser. It released the guide to educate consumers about privacy and tech, by providing a list of connected devices ranked by privacy and security. The list comes out around the holidays to help consumers give great internet-connectable gifts that don’t compromise privacy and security

“It seems both consumers and companies are starting to see the value in connected products that are safe, secure, and private,” said Mozilla on their blog.

The guide reviews 70 products across six categories organized by Mozilla’s proprietary “Creep-O-Meter,” a vote-based system that allows consumers to rank products on a scale of “Not Creepy” to “Super Creepy” based on privacy settings. Each product also has an individualized report, answering such questions as “Can it spy on me?” “What does it know about me?” “Can I control it?” and “What could happen if something goes wrong?”

The Nintendo Switch, a mobile/home gaming hybrid console, enjoys top spot on the “Not Creepy” list this year. The device boasts encryption, automatic security updates, parental controls, and a policy of deleting user data, among other privacy and security features. Google and Amazon’s smart home appliances were not deemed un-creepy, with Google Home, Amazon Echo, and Amazon Dot all garnering a consumer shudder among those who shared their opinion with Mozilla.

At the very bottom of the “Not Creepy” list? The FREDI Baby Monitor, which has an unprotected camera and microphone, no privacy policy, a default password (it’s “123”), and no automatic security updates.

Read the guide here.

The post Mozilla Releases Annual Privacy Guide to Holiday Shopping appeared first on Adam Levin.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Email accounts of four top officials at the National Republican Congressional Committee (NRCC) were successfully hacked during the 2018 midterm elections.

The NRCC announced the hack on Tuesday through spokesman Ian Prior, and attributed it to “an unknown entity.”

“[U]pon learning about the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter,” said Prior.

The hack was first identified in April by MSSP, a security provider hired by the NRCC, but wasn’t disclosed because the committee’s investigation into the matter was still underway. House Republicans including Speaker Paul Ryan and Majority Leader Kevin McCarthy were unaware of the hack until Monday.

The NRCC hired CrowdStrike, the cybersecurity firm that assisted the Democratic Party in mitigating damage caused by Russian hackers during the 2016 election season, to investigate the intrusion.  The hacked emails themselves have not yet been made public.

Read more about the story here.

The post National Republican Congressional Committee Emails Breached During Midterms appeared first on Adam Levin.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The data of 114 million businesses and individuals has been discovered in an unprotected database. The information exposed included the full name, employer, email, address, phone number and IP address of 56,934,021 individuals, and the revenues and employee counts for up to 25 million business entities.

Hackenproof, the Estonian cybersecurity company that found the data trove online, announced their discovery on their blog. The data was found on Shodan, an IoT-centric search engine that allows users to look up and access “power plants, Smart TVs, [and] refrigerators.” Shodan’s most popular search terms include “unprotected webcams” and “routers with default passwords.” (Side note: always change the default password on your devices.)

The data is thought to have originated from Data&Leads, Inc., which promptly took down their entire website as soon as the exposure was made public. A cached version of the company’s website shows that it promised “access to our massive in-house data collection, as well as one of the largest data supplier networks of any data or lead company.”

The data was exposed due to a misconfiguration of Elasticsearch, an open-source search engine technology. Similar misconfigurations have provided a bounty of other recent incidents, including:

The information made available from the Data&Leads leak, while not necessarily directly leading to breaches or identity theft for those exposed, can easily be exploited in combination with other information available on the dark web, or via phishing scams.

The reality of a legitimate company like Hackenproof scouring Shodan and Elasticsearch for unprotected record would suggest the strong possibility that hackers are out there trying to do the same. The takeaway? Secure your accounts and practice good data hygiene accordingly.

The post 114 Million US Citizens and Companies Found Unprotected Online appeared first on Adam Levin.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Facebook has shuttered its so-called war room that was created stop foreign interference in elections, this according to a Bloomberg report.

The “room” is a metaphor. The project was comprised of 24 teams totaling 24,000 people, and was originally set up to review activity by foreign entities that tried to distribute misinformation ahead of this year’s U.S. midterm, and also in Brazil during their election seasons. The company maintains that the war room was temporary, but that it could be brought together again for other election seasons, and that it will continue to deploy similar war rooms in the future.

Facebook heavily publicized its efforts during the lead-up to the midterm elections, which it did at least in part to reassure users, government, and investors that it wanted to avoid a repeat of the Russian “troll farms” during the 2016 elections.

Critics of the company maintained that both its war room and its efforts to add transparency to political advertisements were more theatre than solution; Vice News submitted ads pretending to be on behalf of all 100 U.S. Senators, all of which were approved, as well as several from Vice President Mike Pence, and perhaps most mind-bogglingly, ISIS.

Faceook’s announcement that it had blocked a relatively paltry 115 Russia-affiliated accounts the day before the U.S. elections ultimately did little to adjust the impression that its efforts weren’t as strenuous as the company insisted.

The announcement comes during a week of negative publicity for the scandal-ridden social media giant, including a revelation that they considered selling user data, a seizure of internal documents from the U.K. Parliament, news that Sharyl Sandberg is obsessed with George Soros, and a grilling from 7 nations in a panel over its many data scandals.  

The post Facebook Ends Its “War Room” Initiative appeared first on Adam Levin.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Marriott announced an enormous breach of the company’s reservations database that may have potentially exposed the personally identifiable information of more than 500 million guests.

If you’ve made reservations at the St. Regis, Westin, Sheraton, W Hotels or anywhere else that operates on Marriott’s Starwood guest reservation database, it’s time to redouble your cybersecurity and privacy efforts, because this compromise is one of biggest we’ve seen—dwarfed only by the Yahoo breach that affected 2 billion users.

“The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it,” Marriott disclosed in a statement. The vulnerability that the hackers took advantage of had been in place and used for “unauthorized access,” according to the company statement, since 2014

There is no clarity on credit cards, with the company at this time still unable to determine if the hackers were able to de-encrypt card numbers, but it is known that 327 million guests were exposed. The information compromised includes (but assume is not limited to): name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.

This is a tremendous blow to consumers who trusted their information would be safe, and represents a potentially life-changing situation for anyone affected since there is enough information to make virtually any identity theft scam possible.

There are some basics when it comes to protecting yourself when your information is compromised, and they are simple. Follow the three Ms:

1. Minimize your exposure. Don’t authenticate yourself to anyone unless you are in control of the interaction (and be paranoid), don’t overshare on social media or communicate facts about your life (in other words, the answers to security questions) with social media contacts, on the phone or any other way, use a password manager or at the bare minimum make sure none of your long-and-strong passwords match, safeguard any documents that can be used to hijack your identity, and consider freezing your credit at all three credit reporting agencies.

2. Monitor your accounts. Check your credit report every day, keep track of your credit score, review major accounts daily if possible. There are places to check your credit score for free online, and most credit cards let you see your FICO score. If you prefer a more laid back approach, sign up for free transaction alerts from financial services institutions and credit card companies, or subscribe to a credit and identity monitoring program,

3. Manage the damage. Make sure you get on top of any incursion into your identity quickly and/or enroll in a program where professionals help you navigate and resolve identity compromises–oftentimes available for free, or at minimal cost, through insurance companies, financial services institutions and HR departments.

The way these compromise events unroll publicly can be hard to follow, and there may be further revelations about the Marriott breach, but regardless those details there are actions you can take to protect yourself, and they are no longer optional in the general and pervasive atmosphere of cyber insecurity out there.

The post Marriott Breach: More than 500 Million Guest Affected appeared first on Adam Levin.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Marriot announced an enormous breach of the company’s reservations database that may have potentially exposed the personally identifiable information of more than 500 million guests.

If you’ve made reservations at the St. Regis, Westin, Sheraton, W Hotels or anywhere else that operates on Marriot’s Starwood guest reservation database, it’s time to redouble your cybersecurity and privacy efforts, because this compromise is one of biggest we’ve seen—dwarfed only by the Yahoo breach that affected 2 billion users.

“The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it,” Marriott disclosed in a statement. The vulnerability that the hackers took advantage of had been in place and used for “unauthorized access,” according to the company statement, since 2014

There is no clarity on credit cards, with the company at this time still unable to determine if the hackers were able to de-encrypt card numbers, but it is known that 327 million guests were exposed. The information compromised includes (but assume is not limited to): name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.

This is a tremendous blow to consumers who trusted their information would be safe, and represents a potentially life-changing situation for anyone affected since there is enough information to make virtually any identity theft scam possible.

There are some basics when it comes to protecting yourself when your information is compromised, and they are simple. Follow the three Ms:

1. Minimize your exposure. Don’t authenticate yourself to anyone unless you are in control of the interaction (and be paranoid), don’t overshare on social media or communicate facts about your life (in other words, the answers to security questions) with social media contacts, on the phone or any other way, use a password manager or at the bare minimum make sure none of your long-and-strong passwords match, safeguard any documents that can be used to hijack your identity, and consider freezing your credit at all three credit reporting agencies.

2. Monitor your accounts. Check your credit report every day, keep track of your credit score, review major accounts daily if possible. There are places to check your credit score for free online, and most credit cards let you see your FICO score. If you prefer a more laid back approach, sign up for free transaction alerts from financial services institutions and credit card companies, or subscribe to a credit and identity monitoring program,

3. Manage the damage. Make sure you get on top of any incursion into your identity quickly and/or enroll in a program where professionals help you navigate and resolve identity compromises–oftentimes available for free, or at minimal cost, through insurance companies, financial services institutions and HR departments.

The way these compromise events unroll publicly can be hard to follow, and there may be further revelations about the Marriot breach, but regardless those details there are actions you can take to protect yourself, and they are no longer optional in the general and pervasive atmosphere of cyber insecurity out there.

The post Marriot Breach: More than 500 Million Guest Affected appeared first on Adam Levin.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Adam Levin was interviewed on CBS This Morning to discuss how the Postal Service’s Informed Delivery system could be used to steal mail.

See the video here.

The post Adam Levin Discusses USPS Informed Delivery Theft Scams on CBS News appeared first on Adam Levin.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Amazon was hit with a data breach just days before Black Friday and Cyber Monday, the biggest shopping time of the year. The major data breach exposed names and email addresses of customers due to a technical error on their website.

Amazon emailed their customers Tuesday, November 20, 2018 stating the following:

“Our website inadvertently disclosed your email address or name and email address due to a technical error. The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action. The impacted customers have been contacted.”

Amazon has not reached out and provided any further details, like how many people were affected or if any information was stolen. An Amazon spokesman has only said the following this statement: “We have fixed the issue and informed customers who may have been impacted.”  Their vague response to this breach has many customers and security experts concerned. The number of customers affected by this is still unknown. The gain e-commerce explained that the breach did not occur due to a hack, but rather a technical glitch led customer information to be exposed on their website.

When a data breach occurs to any organization big or small it is important to inform customers. Companies such, Amazon, located in Washington state, are required to inform the state attorney of incidents affecting 500 state residents and greater. It is unclear how European GDPR laws will affect Amazon’s response to the incident. For now, customers should abide by best security practices, and change their usernames and passwords for their accounts.

This article originally appeared on LIFARS.com

The post Amazon hit with a Data Breach right before Black Friday appeared first on Adam Levin.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview