Thursday 18 April 2019

With No Permission, Facebook Slurped up ‘Hundreds of Millions’ of Email Contacts

Book Another Facebook Farce


This story only gets worse for Facebook: Two weeks ago, I told you about how Zuckerberg’s firm was demanding some users enter their email passwords. But now, further revelations make the situation look much, much worse.

It appears Facebook was actually copying those users’ entire contact lists—without permission. The company says it was “unintentional.” So that’s alright then.

How many more straws can fit on this camel’s back? In today’s SB Blogwatch, we’ve lost count of all the Facebook scandals.


Read more: securityboulevard.com/2019/04/with-no-permission-facebook-slurped-up-hundreds-of-millions-of-email-contacts

Wipro customers hacked, says Krebs. Nothing to see here, says Wipro.

Wipro PR go slow—oh no


IT outsourcing outfit Wipro is under fire this week. Sources say it got hacked months ago, and since then has been used as a jumping-off point to hack its customers. Possibly by a state actor.

If that weren’t bad enough, when Brian Krebs—the journalist who reported the hack—asked the Bengaluru firm about it, his questions were ignored. When Wipro PR finally made a buzzword-bingo statement, it was only sent to Indian media.

And then Wipro executives contradicted the statement. Said execs went on to publicly badmouth the reporter.

This is a terrible example of how to act on a breach report. In this week’s Security Blogwatch, we break out the popcorn.


Read more: techbeacon.com/security/wipro-customers-hacked-says-krebs-nothing-see-here-says-wipro

Tuesday 16 April 2019

Microsoft Cloud Breach: Hackers Read Your Email for 90 Days

Face Meets Palm


Hackers have been able to read the email of Microsoft’s free cloud customers—no password required. Yes, you read that right.

Incredibly, the perps got away with it for almost three months, from early January to late March. It appears they stole a master “golden” support credential—presumably via social engineering.

But Microsoft “takes data protection very seriously.” So that’s OK then.

On the face of it, this is palm-worthy to the max. In today’s SB Blogwatch, we can’t believe what we read:


Read more: securityboulevard.com/2019/04/microsoft-cloud-breach-hackers-read-your-email-for-90-days