Tag Archives: Facebook

Posted on Author Atlantic Computer Services Categories Blog

Recent Popular Aged Face APP on Facebook Has Serious Privacy Issues

If you spend any time at all on social media, you’ve probably seen the latest craze:  People posting photos of themselves aged, so they look like they’re in their sixties, seventies, or even older than that. FaceApp, the program behind the face-aging magic has actually been available for a few years, but it has only recently gained the attention of the masses, suddenly and inexplicably going viral after enjoying a quiet existence early on.

Unfortunately, one feature of the app, paired with the company’s expansive terms of service could make a number of users uncomfortable.

Let’s start with the company’s terms of service, which reads, in part, as follows:

“You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you.  When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your Username, location or profile photo) will be visible to the public.”

That’s quite a mouthful but think for a moment about the scope and scale of the permission you’re giving to this app to use it.

Now pair that with the fact that when you tap a photograph in the app and instruct it to age you, it uploads a copy of your photo to servers located in Russia.  Also note that it doesn’t ask your permission to do this, or inform you of it, it just happens in the background.

According to a company spokesperson, the purpose of this functionality is to enhance and improve the speed of the image transformation in-app, relying in part on AI algorithms on the company’s servers.

It’s a (barely) plausible explanation but think about those two things taken together and ask yourself if you’re really 100% comfortable with giving that level of control to a company. Is it worth what you’re getting in return?  For a few chuckles of appreciation at your magically aged photograph?

Most people aren’t comfortable with that, but sadly, most people don’t read TOS agreements closely before agreeing to their terms.  If you’re one of the legions of recent fans of FaceApp, keep the details above in mind and discontinue using the application right away.

0
Posted on Author Atlantic Computer Services Categories Blog

Instagram User Information May Have Been Available To Hackers

Do you have an Instagram account?

If so, be advised that David Stier (a business consultant and researcher for CNET) has recently discovered a flaw in Instagram’s website that exposed thousands of users’ email addresses and phone numbers for a period of more than a month.

Mr. Stier provided screen shots and other details to Instagram demonstrating that when the source code for some users’ profiles were displayed in a web browser, supposedly confidential information was plainly visible.

The exposed information ran the gamut and included the contact and personal information of individual adult users, some businesses, and an unknown number of minors.  The company responded promptly and issued a patch that corrected the problem not long after they were made aware, but at this point, the damage may have already been done.

From a user’s perspective, the best thing you can do is to change your Instagram password immediately and be on the alert that if a hacker made a copy of the information, you may be on the receiving end of phishing emails in a bid to collect even more information from you in the months ahead.

At this point, it is unknown whether any group or individual other than Mr. Stier found and made use of the exposed information. Instagram faced a similar issue several months ago, in which the company improperly protected a database containing the contact information of millions of their users, including several influencers and celebrities.  This database was initially uploaded and shared by a Mumbai-based marketing firm called Chtrbox, and the information it contained is unquestionably in the wild at this point.

Instagram’s parent company, Facebook, issued a brief statement to the effect that they were working with Chtrbox to understand exactly how they came to posses the data and how it became publicly available.  At this time, however, no additional information is available.

0
Posted on Author Atlantic Computer Services Categories Blog

Facebook Admits To Accessing Email Contacts

Facebook can’t seem to stay out of its own way.  Recently, the social media giant has made headlines on a regular basis, and seldom for anything good or groundbreaking.  Not long ago, the company found itself in the midst of a controversy when it came to light that they were asking people for their email account passwords, claiming that it needed these in order to verify the identities of the new users.

As a practice, this is almost unheard of.  In fact, countless numbers of articles have been written underscoring the fact that no legitimate company would ever request such information.  In addition, if anyone ever received an email asking for email logins and passwords, (or passwords of any kind), it was a sure sign of a scam in progress.

In addition to that being a horrible business practice, the fear was that Facebook was improperly using the information and unauthorized to harvest personal information on everyone who complied with their unreasonable request.

As it turns out, those fears were spot on.  The company recently released a statement saying that they “unintentionally” uploaded email contacts from some 1.5 million new users on its servers, without the consent or knowledge of those users.

Part of the company’s dubious explanation reads as follows:

“Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time.  We estimate that up to 1.5 million people’s email contacts may have been uploaded.  These contacts were not shared with anyone and we’re deleting them.  We’ve fixed the underlying issue and are notifying people whose contacts were imported.  People can also review and manage the contacts they share with Facebook in their settings.”

Given the company’s recent history of privacy abuses, this explanation has not been well received. It provides further evidence that Facebook has and continues to utterly fail when it comes to protecting its users’ information, even as it generates billions of dollars in revenue from it.

0
Posted on Author Atlantic Computer Services Categories Blog

Millions Of Facebook Usernames And Passwords Stored By Accident

Are you a Facebook user?  If you are, it may be time to change your password.  KrebsOnSecurity recently reported that it found hundreds of millions of Facebook user account names and passwords stored in plain text and searchable by more than twenty-thousand Facebook employees. At present, there is no official count, but Facebook says the total number of records was between 200,000 and 600,000.

That’s a big number, which makes this a serious incident, but in truth, it represents only a fraction of the company’s massive user base.

Although there’s no indication that any Facebook employee abused their access to the information, the fact remains that it was accessed regularly.  The investigation to this point has revealed that no less than 2,000 engineers and developers made more than nine million internal queries to the file.

Facebook software engineer Scott Renfro, interviewed by KrebsOnSecurity, had this to say about the issue:

“We’ve not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data.

In this situation, what we’ve found is these passwords were inadvertently logged but that there was no actual risk that’s come from this.  We want to make sure we’re reserving those steps and only force a password change in cases where there’s definitely been signs of abuse.”

This is just the latest in an ongoing series of security-related issues Facebook has found itself in the midst of.  While the company is wrestling with making changes to prevent such incidents in the future, that’s small comfort to the millions of users that have been adversely impacted over the last year.

According to the official company statement, unless you receive a notification from them, there’s nothing you need to do and no need to change your password. But given the importance of data security, if you’d rather be safe than sorry, it certainly couldn’t hurt.

0
Posted on Author Atlantic Computer Services Categories Blog

Social Media Is Big Business For Criminals

The rise of Social Media has been a game changer for businesses around the world, creating opportunities for customer engagement that were previously unimaginable.  Unfortunately, business owners aren’t the only ones reaping the benefits of Social Media.  The hackers of the world are in on the game too, and for them, Social Media represents a giant piggy bank that they’ve only begun tapping into.

Even now in the early stages of cybercriminal attacks on Social Media, the payoffs have been enormous. Social media attacks have been netting them a staggering $3.25 billion dollars a year.  As shocking as that figure might be, it’s important to remember that cybercrime on Social Media is a relatively new phenomenon.  Between 2013 and now, the number of cybercrime incidents involving social media has quadrupled.

The attacks take many forms, but one way or another, they come down to abusing the trust that is so essential for a functioning Social Media ecosystem.

Some attackers set up scam pages hawking illegal pharmaceuticals. Others gravitate toward cryptomining malware, while others still ply the Social Media waters intent on committing digital currency fraud or feigning a romantic connection to get money and personal information from their victims. Even if you’re one of the rare companies that doesn’t have a significant Social Media presence yet, that doesn’t mean you’re safe from harm.

Gregory Webb, the CEO of Bromium, recently spoke on the topic, outlining a danger that many business owners are simply unaware of.

“Social Media platforms have become near ubiquitous, and most corporate employees access Social Media sites at work, which exposes significant risk of attack to businesses, local governments as well as individuals.  Hackers are using social media as a Trojan horse, targeting employees to gain a convenient backdoor to the enterprise’s high value assets.”

In light of this, it’s probably well past time to sit down with your employees and make sure they’re aware of the risks they’re exposing you to when they access Social Media accounts at work.

0
1 3 4 5 6