Following a massive breach that compromised tens of millions of accounts, Facebook has started sending out custom messages to inform people if or how they were impacted. Users who have yet to receive a custom notification from the social network can manually check whether their account got hacked, and what data might have been leaked. Here’s how. First, some background. As many of you probably read in the news last week, between September 14 and September 27 an unknown attacker used daisy-chained vulnerabilities in the platform’s View As feature to snatch authentication tokens of tens of millions of users. The initial count was 50 million to 90 million compromised accounts. After further investigation, Facebook said only 30 million accounts were in fact compromised. In an update posted to the Facebook newsroom, Guy Rosen, VP of Product Management, said: “We now know that fewer people were impacted than we originally thought. Of the 50 million people whose access tokens we believed ..
On the surface, it’s easy to wrongly conclude that Google and Bing are automating PPC pros right out of relevance. Basic PPC tasks can now happen with very little human intervention through the Google and Bing interfaces — easy enough for a novice PPC manager to create and launch pretty good campaigns. That’s terrific. The big engines have made viable PPC accessible to the masses. Today, even a basic mom and pop shop can drive business effectively and inexpensively by tapping into the billions of searches happening daily. The challenge, though, is that great PPC is actually becoming more challenging than ever, in part because of automation. Ironic? Yes. And while it may seem that Google and Bing have made it really easy to operate solely within their platforms, there is actually greater need for powerful third-party tools — a trend we expect to see continue. Let’s address the obvious head-on: Optmyzr is one of those third-party tools, so, of course, we’ll say our service is needed. ..
Facebook provided an update on the investigation into the massive data exploit it reported to users on September 28. While the overall number of people affected is lower than previously thought (30 million rather than 50 million), that’s about the only good news. How it happened. The attackers were able to take advantage of a combination of three separate software bugs to get Facebook access tokens (used to allow users to stay logged into the app) and take over users’ accounts. They stole the tokens of some 30 million Facebook users. Timing. Facebook says it discovered the attack on September 25 and started notifying users on September 28. For two weeks, September 14 to 27, the hackers were able to use the access tokens to extract data. That means it took two days to address the problem and invalidate the access tokens. Network effect downfall. As with the Cambridge Analytica scandal, Facebook’s social graph opened up access to Facebook friends and allowed the attackers to take adva..
According to a Fortune report Friday, Twitter is under investigation by Irish privacy authorities for violating the General Data Protection Regulation (GDPR). Michael Veale, a privacy researcher at the Unversity College London, filed a report with the Irish data protection authority (DPA) complaining that Twitter refused to give him records on what kind of data was collected by him. Veale’s request was prompted by suspicions that the social media platform collects additional data on users that click on links made by its link-shortening service, t.co, and that it drops cookies into user browsers to track them after they leave. Under GDPR, data subjects are allowed to ask companies to provide a copy of the data they collect, as well as amend, move and delete it. Companies found in breach of GDPR can be assessed fees up to €20 million, or 4 percent of their annual revenue, whichever is higher. When Veale asked for a copy of his data, Twitter told him no, saying it would take a “dispro..
In its latest salvo against misleading political spam accounts, Facebook announced Thursday that it had removed 559 Pages and 251 accounts from its platform for creating inauthentic activity motivated by profit. Facebook removed Pages, groups and accounts that that were found to be created solely to stir up political debate from the U.S., Middle East, Russia and the U.K. Nathaniel Gleicher, Facebook head of cybersecurity policy, and product manager Oscar Rodriguez said money was the primary motivator for these accounts. “The people behind (the spam) create networks of Pages using fake accounts or multiple accounts with the same names. They post clickbait posts on these Pages to drive people to websites that are entirely separate from Facebook and seem legitimate, but are actually ad farms,” Gleicher and Rodriguez said. Why you should care Facebook has been working to expand its AI capabilities and number of human reviewers to flag and take down political spam and fake news on its p..
YouTube quietly announced in its help forums that it has begun cracking down on YouTube channels that take already-produced videos and reuploading them to their channels. YouTube said it has seen a serious issue with some channels producing “duplicative content” and is thus removed these types of channels, allowing them to reapply in 30 days if they want to rejoin the video platform. YouTube said posting duplicate content on the platform is against the YouTube Partner Program polices. If you have seen your channel removed because of this, YouTube said it means that it is not just about copyright issues. YouTube explained: The spirit of this YPP policy is to make sure we’re only allowing channels into the program when the content adds value, and is original and relevant. If you upload content from multiple sources or repurpose existing content, you may still be eligible for YPP so long as you’re contributing to the value of that content in some way. For example, if you add significan..
Adobe has released important patches for almost its entire array of offerings, including the Technical Communications Suite, Experience Manager, Digital Editions, Acrobat and Reader, as well as the notoriously buggy Flash Player. The Technical Communications Suite allows users to author, manage and publish interactive instructional information from technical documents to online help systems, knowledge bases, and interactive training. Version 10.5.1 suffers from an insecure library loading vulnerability that could lead to privilege escalation. The patch for this flaw can be downloaded here. Adobe Framemaker is part of the same suite, but users who have Framemaker 10.5.1 installed individually can patch their buggy app with a standalone patch offered here. Experience Manager suffers from five vulnerabilities, affecting versions 6.0 through 6.4. “These updates resolve two reflected cross-site scripting vulnerabilities rated Moderate, and three stored cross-site scripting vulnerabiliti..
Another day, another hack targeting the healthcare sector. Vancouver-based Rebound Orthopedics & Neurosurgery revealed Friday evening it fell victim to a malware-laced phishing attack that resulted in the exposure of 2,800 records, including personal data of patients and staff. The breach reportedly started with a phishing email. An employee unknowingly opened the included attachment, which unleashed malware that collected patient personal information — including name, date of birth, Social Security number, driver’s license number, financial account information and some health information. Personal data of Rebound employees may have also been compromised. “We have no idea who did this,” said Rebound Executive Director John Bauman. After learning of the incident, Rebound immediately notified its information technology department, which halted unauthorized access. Rebound also enlisted the help of a computer forensic team which detected not one but three attempts to break into Rebound..
Earlier today Google filed an appeal of the European Commission’s (EC’s) record €4.3 billion (roughly $5 billion) antitrust fine. The fine was imposed in July because of Google Play app pre-install requirements. Claim is that Google tying apps to Android. The EC saw the practice of requiring handset makers to pre-install certain Google apps as “an abuse of market position” (akin to tying). By contrast, Google argued at the time in a blog post that the practice is beneficial to the ecosystem and enables the company to offer the Android OS for free. Google was given 90 days to change how it did business with phone makers or face additional fines. Google said, as soon as the fine was imposed, that it would appeal the decision. More consumer choice at lower cost. In the appeal, among other things, Google will argue that its practices offer consumers more choice at lower cost. The EC has alleged that Google’s practices harm competitors in multiple ways and give Google’s own apps an unfai..
Heathrow Airport escapes hefty GDPR fine; gets only £120,000 (under 1998 DPA) for 2017 privacy breach incident
The UK Information Commissioner’s Office has fined Heathrow Airport Limited (HAL) £120,000 for failing to ensure that the personal data on its network was properly secured. The circumstances that led to the fine circulated widely in the media in October of last year, when the mishap (to put it lightly) occurred. The (long) story (short) went like this: a HAL employee lost a USB drive containing 2.5GB of highly sensitive information; a person found the drive and viewed its contents at a public library, then passed it to a national newspaper which copied the data before giving the stick back to HAL. The drive, containing 76 folders and over 1,000 files, was not encrypted or password protected. “Although the amount of personal and sensitive personal data held on the stick comprised a small amount of the total files, of particular concern was a training video which exposed ten individuals’ details including names, dates of birth, passport numbers, and the details of up to 50 HAL aviatio..