Jump to content
EraserheadX

Security/privacy news

Recommended Posts

https://help.quora.com/hc/en-us/articles/360020212652

 

Quote

What kind of user data was affected?

Based on what we have learned, some of our users’ information has been exposed, including:

Account information, e.g. name, email address, encrypted password (hashed with a salt that varies for each user), data imported from linked networks when authorized by users
Public content and actions (e.g. questions, answers, comments, upvotes)
Non-public content and actions (e.g. answer requests, downvotes, direct messages)
Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content.

 

Μέχρι στιγμής φαίνεται ότι έχουν διαρρεύσει δεδομένα από ~100 εκατομμύρια λογαριασμούς, συμπεριλαμβανομένου το κωδικού. Από την περιγραφή, οι κωδικοί δε φαίνεται να είναι κρυπτογραφημένοι με κάποιον ιδιαίτερα ισχυρό αλγόριθμο, διαφορετικά -λογικά- θα φρόντιζαν να το επισημάνουν.

 

Το περιεχόμενο στον παραπάνω σύνδεσμο έχει ενημερωθεί αρκετές φορές και εδώ και μερικές ώρες περιλαμβάνει και οδηγίες για όσους θελήσουν να διαγράψουν τον λογαριασμό τους με αυτήν την αφορμή...

  • Like 1

Share this post


Link to post
Share on other sites

Υπάρχουν και χειρότερα.

 

Hacker είχε πρόσβαση για μήνες σε e-mail μελών της επιτροπής του Κογκρέσου των Δημοκρατικών, καταγράφοντας όπως λένε "sensitive information" και το ανακάλυψαν τον Απρίλιο του 2018. Και το κουφό στην όλη υπόθεση; Δεν το είπαν στους ανωτέρους τους έως και σήμερα! Το FBI είχε ξεκινήσει έρευνα αλλά όπως ισχυρίζονται, δεν το ανακοίνωσαν ώστε να βρουν τον hacker χωρίς να το υποπτευθεί.

 

https://www.politico.com/story/2018/12/04/exclusive-emails-of-top-nrcc-officials-stolen-in-major-2018-hack-1043309

  • Like 1

Share this post


Link to post
Share on other sites

https://www.blog.google/technology/safety-security/expediting-changes-google-plus/

 

Quote

Our testing revealed that a Google+ API was not operating as intended. We fixed the bug promptly and began an investigation into the issue.

Our investigation into the impact of the bug is ongoing, but here is what we have learned so far:

  • We have confirmed that the bug impacted approximately 52.5 million users in connection with a Google+ API.
  • With respect to this API, apps that requested permission to view profile information that a user had added to their Google+ profile—like their name, email address, occupation, age (full list here)—were granted permission to view profile information about that user even when set to not-public.
  • In addition, apps with access to a user's Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user but that was not shared publicly.
  • The bug did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft.
  • No third party compromised our systems, and we have no evidence that the developers who inadvertently had this access for six days were aware of it or misused it in any way.

[...]

 

We have also decided to accelerate sunsetting consumer Google+, bringing it forward from August 2019 to April 2019.  We want to give users ample opportunity to transition off of consumer Google+, and over the coming months, we will continue to provide users with additional information, including ways they can safely and securely download and migrate their data.

 

  • Like 1

Share this post


Link to post
Share on other sites

https://signal.org/blog/setback-in-the-outback/

 

Quote

Like many others, we have been following the latest developments in Australia related to the “Assistance and Access” bill with a growing sense of frustration. [...] Attempting to roll back the clock on security improvements which have massively benefited Australia and the entire global community is a disappointing development.

 

Although we can’t include a backdoor in Signal, the Australian government could attempt to block the service or restrict access to the app itself. Historically, this strategy hasn’t worked very well.

 

  • Like 2

Share this post


Link to post
Share on other sites
Posted (edited)

https://www.theverge.com/2019/4/13/18309192/microsoft-outlook-email-account-hack-breach-security

 

Quote

Microsoft has started notifying some Outlook.com users that a hacker was able to access accounts for months earlier this year. The software giant discovered that a support agent’s credentials were compromised for its web mail service, allowing unauthorized access to some accounts between January 1st and March 28th, 2019. Microsoft says the hackers could have viewed account email addresses, folder names, and subject lines of emails, but not the content of emails or attachments.

 

Microsoft_Incident_Notification.jpg

Edited by acct
  • Like 3

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.