Tag Archives: Social Networking

Posted on Author Atlantic Computer Services Categories Blog

Facebook Admits To Accessing Email Contacts

Facebook can’t seem to stay out of its own way.  Recently, the social media giant has made headlines on a regular basis, and seldom for anything good or groundbreaking.  Not long ago, the company found itself in the midst of a controversy when it came to light that they were asking people for their email account passwords, claiming that it needed these in order to verify the identities of the new users.

As a practice, this is almost unheard of.  In fact, countless numbers of articles have been written underscoring the fact that no legitimate company would ever request such information.  In addition, if anyone ever received an email asking for email logins and passwords, (or passwords of any kind), it was a sure sign of a scam in progress.

In addition to that being a horrible business practice, the fear was that Facebook was improperly using the information and unauthorized to harvest personal information on everyone who complied with their unreasonable request.

As it turns out, those fears were spot on.  The company recently released a statement saying that they “unintentionally” uploaded email contacts from some 1.5 million new users on its servers, without the consent or knowledge of those users.

Part of the company’s dubious explanation reads as follows:

“Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time.  We estimate that up to 1.5 million people’s email contacts may have been uploaded.  These contacts were not shared with anyone and we’re deleting them.  We’ve fixed the underlying issue and are notifying people whose contacts were imported.  People can also review and manage the contacts they share with Facebook in their settings.”

Given the company’s recent history of privacy abuses, this explanation has not been well received. It provides further evidence that Facebook has and continues to utterly fail when it comes to protecting its users’ information, even as it generates billions of dollars in revenue from it.

0
Posted on Author Atlantic Computer Services Categories Blog

MySpace Permanently Lost Large Amounts Of User Data

Are you or were you a MySpace user?  If so, we have bad news.

The struggling company recently announced that when they attempted to migrate all user data to new servers, something in the process went wrong.

As a result, massive amounts of user data was lost.

The only way to describe the loss is catastrophic, with the company reporting that most user-uploaded videos, songs and photos added to the site between 2003 and 2015 are gone with no hope of recovery.  More than a decade’s worth of content, gone in the blink of an eye.

The company’s official announcement reads as follows:

“As a result of a server migration project, any photos, videos and audio files you uploaded more than three years ago may no longer be available on or from MySpace.  We apologize for the inconvenience.  If you would like more information, please contact our Data Protection officer.”

That’s it. Even worse, the migration happened more than a year ago, in February 2018.  At that time, users took to Reddit to complain about not being able to access content that was more than three years old.  Eventually, the level of complaints grew to the point that the company could no longer ignore it and finally came clean.

IT managers and business owners should take notes on this incident.  This is possibly one of the worst handlings of a data loss incident we’ve seen in recent history.  Not only was the company completely uncommunicative for more than a year, when they did finally make an announcement, it was terse.

Describing that level of data loss as an ‘inconvenience’ is not just insensitive, it’s bad business.  If the company was struggling before, that goes double now and worst of all, it was, from start to finish an entirely self-inflicted wound.

In any case, if you are, or were a MySpace user at some point, most of your older data is probably gone forever.

0
Posted on Author Atlantic Computer Services Categories Blog

Millions Of Facebook Usernames And Passwords Stored By Accident

Are you a Facebook user?  If you are, it may be time to change your password.  KrebsOnSecurity recently reported that it found hundreds of millions of Facebook user account names and passwords stored in plain text and searchable by more than twenty-thousand Facebook employees. At present, there is no official count, but Facebook says the total number of records was between 200,000 and 600,000.

That’s a big number, which makes this a serious incident, but in truth, it represents only a fraction of the company’s massive user base.

Although there’s no indication that any Facebook employee abused their access to the information, the fact remains that it was accessed regularly.  The investigation to this point has revealed that no less than 2,000 engineers and developers made more than nine million internal queries to the file.

Facebook software engineer Scott Renfro, interviewed by KrebsOnSecurity, had this to say about the issue:

“We’ve not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data.

In this situation, what we’ve found is these passwords were inadvertently logged but that there was no actual risk that’s come from this.  We want to make sure we’re reserving those steps and only force a password change in cases where there’s definitely been signs of abuse.”

This is just the latest in an ongoing series of security-related issues Facebook has found itself in the midst of.  While the company is wrestling with making changes to prevent such incidents in the future, that’s small comfort to the millions of users that have been adversely impacted over the last year.

According to the official company statement, unless you receive a notification from them, there’s nothing you need to do and no need to change your password. But given the importance of data security, if you’d rather be safe than sorry, it certainly couldn’t hurt.

0
Posted on Author Atlantic Computer Services Categories Blog

Creator Of Popular Kids App Fined For Privacy Violations

The Federal Trade Commission just issued an enormous fine to a Chinese app developer for illegally collecting the personal data of the children who used it.

The company was handed a staggering $5.7 million fine when the FTC filed a complaint alleging that the video-sharing app was in violation of the Children’s Online Privacy Protection Act.

Their mistake was that the app did not require parental consent from users under the age of 13 before collecting personal information. As with many apps of this type, this one (called Tik Tok) collected vast amounts of information. This included user names, email addresses, first and last names, phone numbers, profile pictures, user-entered biographical information, location data, and more.

In addition to the obvious COPPA violations, the app’s development team came under fire when it was discovered that much of each user’s account information remained visible to the general public, even if the user opted to make their profile private.

Worst of all, in the FTC filing, it was noted that adults had made numerous attempts to contact children via the app. It also stated that until the company released an update in 2016, there was a feature in place that allowed a user to view all other signed-in users within a fifty-mile radius of their location.

The general state of app security and permissions is quite poor, but even given the relatively low standards in today’s market, the Tik Tok app sets new lows on several different fronts.  The hefty fine levied by the FTC was not only wholly justified, but it is hoped, will serve as a warning shot across the bow of app developers to start cleaning up their collective acts a bit, especially when marketing apps to children.

John Fokker, the head of Cyber Investigations at McAfee applauded the ruling, but also cautioned:

“…the responsibility also lies with parents to ensure their children are only signing up for services they’re old enough and wise enough to use.”

Wise words indeed, and kudos to the FTC.

0
Posted on Author Atlantic Computer Services Categories Blog

Social Media Is Big Business For Criminals

The rise of Social Media has been a game changer for businesses around the world, creating opportunities for customer engagement that were previously unimaginable.  Unfortunately, business owners aren’t the only ones reaping the benefits of Social Media.  The hackers of the world are in on the game too, and for them, Social Media represents a giant piggy bank that they’ve only begun tapping into.

Even now in the early stages of cybercriminal attacks on Social Media, the payoffs have been enormous. Social media attacks have been netting them a staggering $3.25 billion dollars a year.  As shocking as that figure might be, it’s important to remember that cybercrime on Social Media is a relatively new phenomenon.  Between 2013 and now, the number of cybercrime incidents involving social media has quadrupled.

The attacks take many forms, but one way or another, they come down to abusing the trust that is so essential for a functioning Social Media ecosystem.

Some attackers set up scam pages hawking illegal pharmaceuticals. Others gravitate toward cryptomining malware, while others still ply the Social Media waters intent on committing digital currency fraud or feigning a romantic connection to get money and personal information from their victims. Even if you’re one of the rare companies that doesn’t have a significant Social Media presence yet, that doesn’t mean you’re safe from harm.

Gregory Webb, the CEO of Bromium, recently spoke on the topic, outlining a danger that many business owners are simply unaware of.

“Social Media platforms have become near ubiquitous, and most corporate employees access Social Media sites at work, which exposes significant risk of attack to businesses, local governments as well as individuals.  Hackers are using social media as a Trojan horse, targeting employees to gain a convenient backdoor to the enterprise’s high value assets.”

In light of this, it’s probably well past time to sit down with your employees and make sure they’re aware of the risks they’re exposing you to when they access Social Media accounts at work.

0
1 8 9 10 11