Tag Archives: General Interest

Posted on Author Atlantic Computer Services Categories Blog

MySpace Permanently Lost Large Amounts Of User Data

Are you or were you a MySpace user?  If so, we have bad news.

The struggling company recently announced that when they attempted to migrate all user data to new servers, something in the process went wrong.

As a result, massive amounts of user data was lost.

The only way to describe the loss is catastrophic, with the company reporting that most user-uploaded videos, songs and photos added to the site between 2003 and 2015 are gone with no hope of recovery.  More than a decade’s worth of content, gone in the blink of an eye.

The company’s official announcement reads as follows:

“As a result of a server migration project, any photos, videos and audio files you uploaded more than three years ago may no longer be available on or from MySpace.  We apologize for the inconvenience.  If you would like more information, please contact our Data Protection officer.”

That’s it. Even worse, the migration happened more than a year ago, in February 2018.  At that time, users took to Reddit to complain about not being able to access content that was more than three years old.  Eventually, the level of complaints grew to the point that the company could no longer ignore it and finally came clean.

IT managers and business owners should take notes on this incident.  This is possibly one of the worst handlings of a data loss incident we’ve seen in recent history.  Not only was the company completely uncommunicative for more than a year, when they did finally make an announcement, it was terse.

Describing that level of data loss as an ‘inconvenience’ is not just insensitive, it’s bad business.  If the company was struggling before, that goes double now and worst of all, it was, from start to finish an entirely self-inflicted wound.

In any case, if you are, or were a MySpace user at some point, most of your older data is probably gone forever.

0
Posted on Author Atlantic Computer Services Categories Blog

Millions Of Facebook Usernames And Passwords Stored By Accident

Are you a Facebook user?  If you are, it may be time to change your password.  KrebsOnSecurity recently reported that it found hundreds of millions of Facebook user account names and passwords stored in plain text and searchable by more than twenty-thousand Facebook employees. At present, there is no official count, but Facebook says the total number of records was between 200,000 and 600,000.

That’s a big number, which makes this a serious incident, but in truth, it represents only a fraction of the company’s massive user base.

Although there’s no indication that any Facebook employee abused their access to the information, the fact remains that it was accessed regularly.  The investigation to this point has revealed that no less than 2,000 engineers and developers made more than nine million internal queries to the file.

Facebook software engineer Scott Renfro, interviewed by KrebsOnSecurity, had this to say about the issue:

“We’ve not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data.

In this situation, what we’ve found is these passwords were inadvertently logged but that there was no actual risk that’s come from this.  We want to make sure we’re reserving those steps and only force a password change in cases where there’s definitely been signs of abuse.”

This is just the latest in an ongoing series of security-related issues Facebook has found itself in the midst of.  While the company is wrestling with making changes to prevent such incidents in the future, that’s small comfort to the millions of users that have been adversely impacted over the last year.

According to the official company statement, unless you receive a notification from them, there’s nothing you need to do and no need to change your password. But given the importance of data security, if you’d rather be safe than sorry, it certainly couldn’t hurt.

0
Posted on Author Atlantic Computer Services Categories Blog

Recent Breach Targeted MyPillow And Amerisleep Customer Data

If you’ve purchased bedding from either MyPillow or Amerisleep, your data may have been compromised. These companies are two popular mattress and bedding merchants operating in the US. This is according to a recent report coming to us from RiskIQ. The hacking group Magecart appears to be behind both breaches, which is bad news for both companies and their customers.

That is because Magecart is one of the most talented and active hacker groups on the scene today, having launched a number of successful attacks against high profile targets that have included Ticketmaster, Feedify, Shopper Approved, Newegg, and British Airways.

MyPillow entered into Magecart’s crosshairs in October 2018, when the group compromised MyPillow’s e-commerce and sales platform and began skimming credit card information submitted by the company’s customers. The group also registered a similar domain, mypiltow.com and utilized ‘Let’s Encrypt’ to implement an SSL certificate.  Unsuspecting visitors to the site had no idea they were on a domain controlled by the hacking group.

According to RiskIQ researcher Yonathan Klijnsma, “…this type of domain registration typosquatting means that the attackers had already breached MyPillow and started setting up infrastructure in its name.”

Within a month’s time, the hacking group moved onto the second phase of its attack, registering a new website called livechatinc.org, which mimicked the Live chat used by MyPillow.  With a poisoned script already running inside the company’s infrastructure, Magecart was able to mimic the genuine tag used by the live support service. This was so that by all outward appearances, customers believed they were chatting with an actual MyPillow employee.

The attack on AmeriSleep dates back a bit further to April 2017, but followed a similar pattern.  The skimmer remained in operation between April through October of 2017.  The company rid themselves of Magecart’s malicious software, only to come under attack again in December 2017.

In both cases, the skimmer domains have been taken offline, but both companies are still dealing with the malicious code injection issues. RiskIQ notes that given Magecart’s history, even when both companies clear their servers of malicious code, they’re likely to be re-infected in short order.  Watch your credit card statements if you’ve made a purchase from either company.

0
Posted on Author Atlantic Computer Services Categories Blog

Windows 10 Will Get New Update Feature

A small but significant update is coming in the next version of Windows 10, which should have the company’s massive user base breathing a sigh of relief.

The company is experimenting with a new feature that it can use to trigger automatic uninstalls of buggy updates. This happens in the background, so there’s nothing the user must do.

This is significant, given the recent trouble Microsoft has been having with its updates.  Unfortunately, the company made some radical changes to its testing procedures last year. Since that time, they’ve released several updates that have been problematic.  Most recently, a Windows 10 update wound up deleting user files for a small but vocal percentage of the company’s user base.

The company is working hard to improve their process. However, the fact that they’re even considering a feature like this (much less actively experimenting with it) is a clear signal that they’re not confident in their ability to release a clean, relatively problem-free update.

It should be noted that at present, the new experimental feature is only visible to Windows Insiders users and it is unclear when it will be released to the general public.  Odds are excellent, however, that it will happen soon.

Given the problems we outlined above, industry insiders generally regard this as a positive development.  Of course, the hope is that Microsoft will be able to avoid releasing a buggy update, but given the company’s recent track record, the inclusion of this feature is an excellent fallback position.

In any case, if you’re a member of the Windows Insider program, you may be able to see it in action now and in the weeks ahead.  If not, you’ll have to wait a while.

0
Posted on Author Atlantic Computer Services Categories Blog

End Of Support Notifications Being Sent To Windows 7 Users

If you’re still clinging to your old Windows 7 machine, you should know that the day is relentlessly drawing closer when Microsoft is going to stop supporting the OS altogether.  In fact, in the near future, you’re going to start seeing reminders pushed out by the company that the end is drawing near. They’re calling this a “courtesy reminder” and recommending an upgrade to Windows 10.

If you’re dead-set on continuing to use Windows 7 past the date when official support ends, Microsoft is offering an additional three years of paid support for the platform. However, the price of that support will double with each passing year.

The company has taken pains to continue supporting what is still a surprisingly popular operating system.  However, given all of the above, the writing on the wall is pretty clear to see at this point.

If you haven’t yet begun to make plans to move away from your legacy systems that require Windows 7 to function, it’s well past time to do so.  When the support stops, you’re going to find yourself at increasing risk. The hackers around the world are going to find flaws in Windows 7’s armor and Microsoft isn’t going to be around to fix them.

Even worse, an increasing percentage of modern software simply won’t run on those older systems, which puts you in an increasing bind on that front. You would have to buy separate systems to run the newer software you need, while maintaining a few of the older boxes to house and run the software that depends on the older OS.  That complicates things, to say the least.

The longer you delay, the worse those risks are going to become.  Painful as it might be to consider moving away from the platform, the alternative is worlds worse.  Time and technology have simply moved on.

 

0
1 187 188 189 190 191 192