Some Smartphones Hold Their Value Better Than Others Says Report

Cellphones are everywhere. There are literally billions of them in service and many people have and regularly use more than one. They also represent a significant investment, and the hope is that when you buy one, it will provide you with at least a few years of reliable service and retain a fair amount of its value. You get it hoping that when the time comes to trade it in on a newer model, you get a significant amount of money for it.

Unfortunately, cellphones tend to lose value at wildly differing rates. This is an entirely intuitive conclusion, but until recently, it was something that hasn’t been closely tracked. Until now. BankMyCell is a website that tracks the trade-in values of a staggering array of smartphone makes and models, and the details in their data may surprise you.

For instance, the company discovered that Android phones tend to lose their value at roughly twice the rate of iPhones in the first year, with the trade in price of Android devices giving up more than a third of their value (-33.62 percent) compared to the iPhone, which loses only 16.7 percent of its value on year one.

Things don’t get any better on year two. By that point, an Android-based phone will have lost 61.5 percent of its value, compared to -35.7 percent for iPhones.

BankMyCell’s data gets quite granular, and they have statistics for some of the most popular models available. For instance, after nine months of ownership, the company finds that the Galaxy S20 loses 34.78 percent of its value compared to the iPhone 11, which only loses 12.84 percent, while the Galaxy S20+ loses 30.59 percent of its value, versus the iPhone 11 Pro’s loss of 21.31 percent of its value. Finally, the Galaxy S20 Ultra loses 36.3 percent of its value after nine months, compared with the iPhone 11 Pro Max, which ony loses 15.96 percent of its value.

All that to say, if you’re looking for a phone that will offer the highest possible trade in value when you upgrade, then Apple’s products are hands-down the way to go.

Even Big Companies Like Nissan Get Hacked

Even the largest companies in the world can’t claim immunity to hacking, data breaches and momentary lapses in judgment.

Nissan is a classic case in point.

Recently, due to a careless oversight, default admin credentials were left in place on part of the company’s network.

That allowed an unknown third party to easily breach the company’s network and gain access to some 20 gigabytes’ worth of code residing in normally well-protected corporate repositories. The vast cache included source code for most of the company’s mobile apps and a wide range of diagnostic tools. It also contained code and other documentation relating to market research, client acquisition and the company’s NissanConnect service.

A Swedish developer named Tillie Kottmann analyzed both the contents of the repository and the anatomy of the breach itself. Kottmann discovered that once the default admin credentials were discovered by an unknown hacker, a torrent link for the source code collection began making the rounds online and was widely shared. It potentially put the contents into the hands of thousands or hackers around the world, and possibly even more than that.

Kottman’s company is in the habit of maintaining a secure repository of all compromised data like this, and often works with the companies who suffer incidents like this one to help improve their security.

In this case, Nissan NA reached out to Kottmann and asked that her copy of their repository be deleted, and she complied with that request. Needless to say, the company has since better-secured the repository, but at this point, the damage has been done.

If there’s a silver lining to be found, it lies in the fact that the repository didn’t contain sensitive customer or payment card data. So if you’re a Nissan customer, there’s nothing for you to do or worry about.

The loss of control over the proprietary data, however, could be a major issue for the company. Although it’s too soon to say precisely what the scope and scale of the fallout might be. In any case, the situation is still unfolding and it bears watching.

The 2014 Home Depot Data Breach Finally Reaches Settlement

Unless you’re a regular Home Depot shopper, you may have missed the fact that back in 2014, the company was the victim of a successful hacking attack that saw malware installed on the company’s POS (Point of Sale) system.

The attack allowed them to collect more than 40 million records belonging to customers in both the US and Canada.

As a consequence of the hack, a total of 46 states, and the District of Columbia filed a lawsuit against the company. That lawsuit has recently been settled, to the tune of $17.5 million, USD. In addition to the fine, the company has been directed to implement a number of improvements to its security system designed to help minimize the risk of their customers in the future.

Massachusetts Attorney General Maura Healey had this to say about the outcome:

“Retailers must take meaningful steps to protect consumers’ credit and debit card information from theft when they shop. This settlement ensures Home Depot complies with our state’s strong data security law and requires the company to take steps to protect consumer information from illegal use or disclosure.”

Our view is that Ms. Healey overstates the impact of the outcome of the suit. The fine is a pittance, amounting to less than fifty cents per compromised customer record, and any company interested in staying in business in this day and age shouldn’t need to be named in a lawsuit to follow current IT Security Best Practices.

Even so, the resolution of the lawsuit has resulted in some positive changes, although they are too late to make a difference for the 40 million customers already impacted.

These kinds of issues are happening with increasing frequency, and that’s not going to change until companies everywhere, of all shapes and sizes, get more serious about protecting their customers’ data. What’s the state of your company’s security? If you’re not sure, there’s no time like the present to review it carefully.

Lenscrafters And Other Luxottica Eyewear Patients Had Information Breached

Luxottica is the latest company to fall victim to relentless hackers.

Even if you’re not familiar with the name, if you wear glasses or contacts, you might have dealings with the company even without realizing it.

As the world’s largest eyewear company, they produce all the best-known brands, including:

  • Ray-Ban
  • Oakley
  • Oliver Peoples
  • Ferrari
  • Michael Kors
  • Bulgari
  • Armani
  • Prada
  • Chanel
  • Coach
  • And many others

In addition to that, they work closely with all the biggest names in eye care, including EyeMed, LensCrafters, Target Optical and others.

Unfortunately, if you’ve gotten your eyes examined at any of the places just mentioned, or if you own a pair of glasses bearing one of the brand names mentioned above, you may have reason to be concerned. The recent hack exposed personal and protected health information for patients utilizing the care centers we mentioned above.

According to the notification the company sent out last week, hackers were able to breach the company’s defenses by way of their appointment scheduling app.

Once in the system, Luxottica determined that personal, protected customer information may have been compromised. The data potentially included the full name of the patient, any contact information saved in the system, appointment date and time, the patient’s health insurance policy number, and any notes your doctor may have entered into the system relating to prescriptions, health conditions or recommended procedures.

In addition to that, if you had saved your payment card information or social security number in the system, those items are also at risk. At this point, the company has provided no specific information about the scope and scale of the breach, so there’s no way of knowing exactly how many patient records were compromised. Out of an abundance of caution, if you get your glasses from any of the companies mentioned above and you scheduled your eye appointment online, the safest course would be to assume that your data has been compromised and proceed accordingly.

It’s unfortunate, but this will certainly not be the last high profile attack we read about this year. Stay vigilant out there, and stay safe.

Luxury Brand Louis Vuitton Experiences Data Breach Concerns

If you’re a fan of the luxury fashion brand Louis Vuitton, be advised that the company recently and quietly fixed an issue on their website that may have been exploited by hackers before the company became aware of it. The problem was discovered by independent researcher Sabri Haddouche, who, following proper responsible reporting protocols, reached out to the company and informed them of the issue.

Unfortunately, their response was frustrating and read in part, as follows:

“Thank you for contacting Louis Vuitton. In response to your query, we regret to inform you that we are not able to answer favorably to your sponsorship proposal. We thank you for your understanding and your interest in Louis Vuitton and wish you a pleasant day.”

An unusual response, to be sure, but Haddouche kept trying to make contact with someone who at least knew what it was he was attempting to tell them. Finally, he was successful on that front and the company moved to correct the issue.

The crux of the issue was this: The website allowed users to view their own account details but the account numbers were sequential, and part of the URL. Haddouche noticed this when he saw his account number in the URL and tried simply incrementing it by +1, which brought up an entirely different user’s account information.

There is no evidence that hackers discovered and made use of this simple exploit before Haddouche reported it and the company corrected it. The truth is that they may well have, so if you have an account on Louis Vuitton’s website, be aware that whatever personal information you had stored in your account profile may have been compromised.

Kudos to Sabri Haddouche for his dogged determination in getting the company to pay attention to the issue.