40 million more “likely” affected If you were born in the late 80s, you probably know the meaning of AFK. Otherwise, not only that you likely have no clue what it is, but chances are that you never logged out of your account. And that was perfectly fine. Until today, when almost 90 million users have found themselves logged out of Facebook hours ago as a precaution to what appears to be the worst privacy blunder of the social network to date. And, yes, we’ve heard of Cambridge Analytica and the rest of the stories. The story, frame by frame As per Facebook’s announcement, almost 50 million accounts have been compromised through a daisy-chained vulnerability in the View As feature, which allowed an unknown party to snatch authentication tokens of these 50 million users. These authentication tokens allow you to stay logged into the account whenever you refresh the browser page, reboot the computer or put it to sleep. As long as you have the token, you are granted access to your accou..

A Taiwanese bug hunter says that he will livestream his attempt to delete Mark Zuckerberg’s Facebook page this weekend. Chang Chi-yuan is something of a minor celebrity in Taiwan, having regularly publicised security holes in online services, and even appeared on TV talk shows describing how boredom has driven him to “dabble” in hunting for bugs in the hope of earning cash through bounties.His past activities have seen him recognised in, for instance, on the “Hall of fame” page of Japan’s popular Line messaging service But perhaps Chang Chi-yuan became most notorious when he was reportedly sued for hacking into a Taiwanese bus operator and buying a ticket for just one Taiwanese dollar (equivalent to a mere US $0.03). Perhaps unsurprisingly, the bus company was not amused. More recently Chang has claimed to have found a loophole in Apple Pay that allowed him to buy 500 iPhones for just one Taiwanese dollar.The method Chang might use to erase Mark Zuckerberg’s Facebook page hasn..

Women’s fashion retailer SHEIN has suffered a major security breach that has exposed the personal information and passwords of over six million customers. In a press statement, SHEIN reveals that it discovered on August 22 2018 that malicious hackers had compromised its computer network, and that between June and early August 2018 customer email addresses and “encrypted password credentials” had been stolen. According to the company, malware had opened backdoors on corporate servers through which the attackers had stolen data associated with approximately 6.42 million customers. What hasn’t been disclosed is how the malware came to be planted on SHEIN’s servers, and says it is against its policy to discuss the specific details, but SHEIN does say that the security holes exploited by the hackers have now been closed. From the description, the attack against SHEIN does not appear to bear the hallmarks of the Magecart attacks which have impacted a number of sites in recent months, inc..

If you want a discount on your next flight or hotel reservation, or maybe an upgrade to business class, you might try looking in unexpected places. Who would have thought frequent flyer miles could be purchased on the Dark Web? There’s a first time for everything and, yes, there is a black market for air miles – Dream Market, Olympus Market and Berlusconi Market. Aren’t drugs profitable anymore? Or maybe hackers are bored and trying to expand operations. Points can be reclaimed through gift cards, and identification is rarely required, which makes it very easy for criminals to further use. In August, researchers from CompariTech came across a list on the marketplace and researched to see how much they’re actually worth. Rewards from more than a dozen airline programs, including Emirates Skywards, SkyMiles and Asia Miles, were on sale “at a fraction of the cost,” with prices based on Bitcoin or Monero. The minimum purchase is for 100,000 points at a fluctuating price of $884, the comp..