Archive for the ‘email’ Category

In new gaffe, Facebook improperly collects email contacts for 1.5 million

April 18th, 2019
In new gaffe, Facebook improperly collects email contacts for 1.5 million

Enlarge (credit: Getty Images)

Facebook's privacy gaffes keep coming. On Wednesday, the social media company said it collected the stored email address lists of as many as 1.5 million users without permission. On Thursday, the company said the number of Instagram users affected by a previously reported password storage error was in the "millions," not the "tens of thousands" as previously estimated.

Facebook said the email contact collection was the result of a highly flawed verification technique that instructed some users to supply the password for the email address associated with their account if they wanted to continue using Facebook. Security experts almost unanimously criticized the practice, and Facebook dropped it as soon as it was reported.

In a statement issued to reporters, Facebook wrote:

Read 7 remaining paragraphs | Comments

Posted in Biz & IT, email, Facebook, passwords, Privacy | Comments (0)

An email marketing company left 809 million records exposed online

March 9th, 2019
(GERMANY OUT) Leerstehendes Fabrikgebäude im Bonner Stadtteil Friesdorf. Vernagelte Eingangstüre mit zerschlagenen Scheiben    (Photo by JOKER / Karl-Heinz Hick/ullstein bild via Getty Images)

Enlarge / (GERMANY OUT) Leerstehendes Fabrikgebäude im Bonner Stadtteil Friesdorf. Vernagelte Eingangstüre mit zerschlagenen Scheiben (Photo by JOKER / Karl-Heinz Hick/ullstein bild via Getty Images) (credit: Ullstein Bild | Getty Images)

By this point, you've hopefully gotten the message that your personal data can end up exposed in all sorts of unexpected internet backwaters. But increased awareness hasn't slowed the problem. In fact, it's only grown bigger—and more confounding.

Last week, security researchers Bob Diachenko and Vinny Troia discovered an unprotected, publicly accessible MongoDB database containing 150 gigabytes of detailed, plaintext marketing data—including 763 million unique email addresses. The pair went public with their findings this week. The trove is not only massive but also unusual; it contains data about individual consumers as well as what appears to be "business intelligence data," like employee and revenue figures from various companies. This diversity may stem from the information's source. The database, owned by the "email validation" firm Verifications.io, was taken offline the same day Diachenko reported it to the company.

While you've likely never heard of them, validators play a crucial role in the email marketing industry. They don't send out marketing emails on their own behalf, or facilitate automated mass email campaigns. Instead, they vet a customer's mailing list to ensure that the email addresses in it are valid and won't bounce back. Some email marketing firms offer this mechanism in-house. But fully verifying that an email address works involves sending a message to the address and confirming that it was delivered—essentially spamming people. That means evading protections of internet service providers and platforms like Gmail. (There are less invasive ways to validate email addresses, but they have a tradeoff of false positives.) Mainstream email marketing firms often outsource this work rather than take on the risk of having their infrastructure blacklisted by spam filters, or lowering their online reputation scores.

Read 14 remaining paragraphs | Comments

Posted in Biz & IT, email, security, spam | Comments (0)

Google doesn’t want employees to use work email to organize, per report

January 24th, 2019
Exterior of Google office building.

Enlarge / Some Googlers held protest signs during the November 2018 walkout. (credit: Cyrus Farivar)

Newly revealed filings to the National Labor Relations Board show that attorneys for Google have been lobbying the agency to undo an earlier decision that required companies to let employees organize on the company's own email systems.

According to a Thursday report by Bloomberg, Google has urged the NLRB in both May 2017 and as recently as November 2018 to overturn a 2014 decision known as Purple Communications.

In that case, the majority found that workers at Purple Communications, an American Sign Language interpreting company, could not be barred from using their work email for organizing purposes. The three Democratic-appointed members found that the workers' own work email was a "natural gathering place," particularly when those workers—like ASL interpreters—were distributed across a wide geographic area.

Read 3 remaining paragraphs | Comments

Posted in email, google, Policy | Comments (0)

Mass email hoax causes closures across the US and Canada

December 14th, 2018
Tape reading

Enlarge / Police tape. (credit: Tony Webster / Flickr)

A tsunami of emailed bomb threats is prompting closures at hospitals, schools, public transit agencies, and business across the US and Canada.

Word of the emails surfaced Thursday morning in tweets such as this one:

And this one:

Read 5 remaining paragraphs | Comments

Posted in bitcoin, Biz & IT, bomb threats, email, Hoax | Comments (0)

Thousands of sensitive emails stolen in intrusion of Republican campaign arm

December 4th, 2018
Thousands of sensitive emails stolen in intrusion of Republican campaign arm

Enlarge (credit: Getty Images | Chris Clor)

An email intrusion targeting a key Republican campaign committee allowed unknown people to steal thousands of sensitive emails from four senior aides, Politico reported Tuesday.

The attack on the National Republican Congressional Committee, the main group that works to elect Republicans to the US House of Representatives, allowed the person or group responsible to monitor the aides’ email accounts for several months, Politico said. The intrusion was detected in April by a managed security services provider the NRCC had retained to monitor the security of its network.

The unnamed provider informed NRCC officials, who in turn alerted security firm Crowdstrike. Crowdstrike, which was called in to investigate the Russian government’s 2016 hack of the Democratic National Committee, had already been retained by the NRCC when the intrusion was discovered in April, Politico said.

Read 5 remaining paragraphs | Comments

Posted in email, hacking, National Republican Congressional Committee, Policy, republicans, unauthorized access | Comments (0)