Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybersecurity

Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years

Krebs on Security – “Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.

Facebook is probing a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers. That’s according to a senior Facebook employee who is familiar with the investigation and who spoke on condition of anonymity because they were not authorized to speak to the press.

The Facebook source said the investigation so far indicates between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees. The source said Facebook is still trying to determine how many passwords were exposed and for how long, but so far the inquiry has uncovered archives with plain text user passwords in them dating back to 2012..”

What to do if all your computer files go poof

Washington Post: “As you toil away on your computers and other devices day after day, how many gigabytes of data are you churning out each year in the form of photos, financial records, creative endeavors and other priceless digital files? More importantly, what if the computer or external drive where all those files are stored… Continue Reading

Education and Science Giant Elsevier Left Users’ Passwords Exposed Online

Motherboard: “Elsevier, the company behind scientific journals such as The Lancet, left a server open to the public internet, exposing user email addresses and passwords. The impacted users include people from universities and educational institutions from across the world. It’s not entirely clear how long the server was exposed or how many accounts were impacted,… Continue Reading

How to Block Violent Videos on Facebook, Twitter, and YouTube

Lifehacker: “Because it’s 2019, and livestreaming has had five years or so to really build up into a mainstream activity that people actually do, this means that horrific acts of violence and terror around the world have a greater-than-zero chance of having some video component attached to them. After all, now that plenty of people… Continue Reading

Coming Soon to a Courtroom Near You? What Lawyers Should Know About Deepfake Videos

The Recorder (Law.com / paywall] via free access on Yahoo} “Are rules that guard against forged or tampered evidence enough to prevent deepfake videos from making their way into court cases? …If you follow technology, it’s likely you’re in a panic over deepfakes—altered videos that employ artificial intelligence and are nearly impossible to detect. Or else you’re over… Continue Reading

FTC Releases 2018 Privacy and Data Security Update

“The Federal Trade Commission, the nation’s primary privacy and data security enforcer, released its annual report highlighting its privacy and data security work for 2018. The FTC’s privacy and security enforcement actions in 2018 included shutting down revenge porn website MyEx.com, approving a settlement with peer-to-peer payment service Venmo over deceptive privacy settings, approving an… Continue Reading

The perilous life of computer virus cracker making powerful enemies online

BBC: “Fabian is world renowned for destroying ransomware – the viruses sent out by criminal gangs to extort money. Because of this, he lives a reclusive existence, always having to be one step ahead of the cyber criminals. He has moved to an unknown location since this interview was carried out…Ransomware is a particularly nasty… Continue Reading

Firefox Send – Free File Transfers while Keeping your Personal Information Private

Firefox Send, send.firefox.com. “Send is a free encrypted file transfer service that allows users to safely and simply share files from any browser. Additionally, Send will also be available as an Android app in beta later this week. Now that it’s a keeper, we’ve made it even better, offering higher upload limits and greater control… Continue Reading

Identity theft: 7 ways to protect yourself from cybercriminals

USAToday: “Cybercriminals will steal an estimated 33 billion records by 2023, according to Juniper Research, a firm that forecasts digital tech trends. Half of all data breaches globally will occur in the U.S. alone, Juniper says…Here are seven ways to protect your digital assets online…. Use strong, unique passwords Enable two-factor authentication (2FA) Freeze your… Continue Reading

Americans and Cybersecurity

Pew Report – Many Americans do not trust modern institutions to protect their personal data – even as they frequently neglect cybersecurity best practices in their own personal lives. “Cyberattacks and data breaches are facts of life for government agencies, businesses and individuals alike in today’s digitized and networked world. Just a few of the… Continue Reading

Phone numbers are the new Social Security numbers

Axios: “Cellphone numbers have become a primary way for tech companies like Facebook to uniquely identify users and secure accounts, in some ways becoming a proxy for a national ID.Why it matters: That over-reliance on cellphone numbers ironically makes them a less effective and secure authentication method. And the more valuable the phone number becomes… Continue Reading

Pwned Passwords

“Pwned Passwords are 551,509,767 real world passwords previously exposed in data breaches. This exposure makes them unsuitable for ongoing use as they’re at much greater risk of being used to take over other accounts. They’re searchable online below as well as being downloadable for use in other online systems. Read more about how HIBP protects… Continue Reading