Probably email addresses, not the emails. Note
that they immediately identified a more secure method for
authenticating their Admins. Why didn’t they use that from the
beginning?
Timehop
Security Breach Affects the Company’s Entire 21 Million Userbase
Timehop, a mobile app that surfaces old social
media posts from the same day but from previous years, has announced
a security breach affecting its entire userbase of over 21 million
users.
Not all users were affected to the same extent.
The company said a hacker gained access to its infrastructure and
stole details on its users that included usernames, emails, telephone
numbers, and access keys.
Timehop says that not all users had an email
address or phone number attached to their account.
… Further, not all usernames contained users’
real names.
Nonetheless, the hacker stole the access keys for
all 21 million users. These access keys link the Timehop account to
various social media accounts from where Timehop pulls older social
media posts and images.
… The company said it is now working with law
enforcement and cyber-security firms to track down the intruders and
secure its infrastructure.
According to preliminary evidence from the
investigation, the intrusion took place on December
19, 2017, when a hacker gained access to an admin account
for Timehop’s cloud infrastructure. Timehop says it failed to
secure that account with multi-factor authentication, making the
attack possible.
… The hacker logged into this account on four
separate days in December 2017 and March and June 2018, during which
it carried out reconnaissance operations.
The intrusion went undetected until July 4, when
the intruder started exfiltrating the company’s database. Timehop
says it detected the operation and cut off the hacker’s access two
hours and nineteen minutes later.
The company said it now secured all accounts with
multi-factor authentication to prevent further intrusions.
Another side of identity theft.
Oprah, Is
That You? On Social Media, the Answer Is Often No.
Kip Moore, a country music singer-songwriter with
hits like “Beer Money” and “Hey Pretty Girl,” has had some
disturbing experiences with fans lately.
At some shows, women have approached him demanding
to know why he stopped chatting with them on Instagram or Facebook.
Some said they left their husbands to be with him after he said he
loved them. Now they could be together, the women told him.
“They’re handing me a letter, you know,
‘Here’s the divorce papers. I’ve left so and so,’” Mr.
Moore, 38, said. “If I check my inbox right now, I’d have
hundreds of these messages. But I try not to check it, because it
disheartens me.”
Mr. Moore, fueled by his
country music fame, is a victim of what has become a widespread
phenomenon: identity theft on social media. Recent searches found at
least 28 accounts impersonating him on Facebook and at least 61 on
Instagram. Many of the accounts send messages to his fans promising
love and asking for money. Those who get duped often direct their
anger at the real Mr. Moore.
… To get a sense of the scale of the problem,
The New York Times commissioned an analysis to tally the number of
impersonators across social media for the 10 most followed people on
Instagram, including Beyoncé and Taylor Swift. The analysis,
conducted by Social
Impostor, a firm that protects celebrities’ names online, found
nearly 9,000 accounts across Facebook, Instagram and Twitter
pretending to be those 10 people.
I may ask my students to read and analyze one of
the privacy policies they have already agreed to.
How to Read
Long Privacy Policies the Easy Way
the
quint: “So once I tried reading the privacy policy of a company
and post that the process ran its natural course. There were parts I
felt were absolutely inconsequential and the excessive use of jargon
resulted in me giving up and ultimately clicking “I Agree”. I’m
sure it’s just not me and almost 90 percent of people who use these
websites and services don’t even read the privacy policy. I get
it! You don’t have the time to go through a 2,500-word-long
document. And, of course, the language used is a bit convoluted and
filled with legalese. Since data privacy policy holds some key
information, many companies try to eschew critical information in
order to sell the data to ad companies. The introduction of GDPR has
instilled a certain amount of fear among such companies, but still
users don’t find validity in reading the whole policy. So, is
there an easier way to extract the important bits of a privacy policy
without diving into its extraneous side? Maybe this can help…”
Trying to understand…
Law Review
Article – Carpenter v. United States: Big Data is Different
Carpenter v. United States, 585 U.S. ___
(2018) (Roberts, C.J.). Response
by Margot E. Kaminski Geo. Wash. L. Rev. On the Docket (Oct.
Term 2017) Slip
Opinion | SCOTUSblog
“A central truism of U.S. privacy law is that if
you share information, you do not have an expectation of privacy in
it. This reasoning runs through both Fourth Amendment jurisprudence
and privacy tort cases, and has repeatedly been identified as a
central failing of American privacy law in the digital age. On June
22, in Carpenter v. United States, the Supreme Court did
away with this default. While repeatedly claiming to be fact-bound
and incremental, Chief Justice Roberts’s opinion has
paradigm-shifting implications not only for Fourth Amendment law, but
also for private-sector privacy law.”
No comments:
Post a Comment