Stolen millions

More announcements of company data (our data) being stolen. The numbers involved each time are just incredible.

Hackers breach Quora.com and steal password data for 100 million users
Compromised information includes cryptographically protected passwords, full names, email addresses, data imported from linked networks, and a variety of non-public content and actions, including direct messages, answer requests and downvotes. […] In a post published late Monday afternoon, Quora officials said they discovered the unauthorized access on Friday. They have since hired a digital forensics and security firm to investigate and have also reported the breach to law enforcement officials.

Whenever these stories are reported, the articles often end with a little summary of other recent snafus. The one above ended with:

Quora’s post is only the latest disclosure of a major breach. On Friday, hotel chain Marriott International said a system breach allowed hackers to steal passport numbers, credit card data, and other details for 500 million customers. In September, Facebook reported an attack on its network allowed hackers to steal personal details for as many as 50 million users. The social network later lowered the number of accounts affected to about 30 million.

A post from The Register, about that massive Marriott breach, concluded with this reminder of previous losses.

Marriott’s Starwood hotels mega-hack: Half a BILLION guests’ deets exposed over 4 years
Few hacks of individual firm’s customer data have come close to the scale of this one. The Yahoo! breach in 2013 saw three billion email accounts breached, while Carphone Dixons, the UK electronics retail chain, managed to lose control of 5.9 million sets of payment card data. In the US, the US Government Office for Personnel Management (which handles sensitive files on millions of government workers) had the personal data of 21 million employees’ breached by hackers.

Remember the hacking cough?

More hacking schadenfreude, but with an added GDPR element this time.

First, the hapless Tories.

Major security flaw in Tory conference app reveals users’ data
Commentators said the flaw raised questions over the ability of the government to harness technology to solve issues around the Irish border and customs checks. The app may also have breached data laws. Its privacy policy states that it “complies with … the European Union’s general data protection regulation (GDPR)”.

Boris Johnson’s profile immediately vandalised with hardcore pornography in Tory conference app security blunder
The highly serious blunder allowed anyone to access details of hundreds of MPs including Foreign Secretary Jeremy Hunt and Defence Secretary Gavin Williamson – who have police protection and warn regularly of the hacking threat from Russia. But it also gave pranksters an opportunity to have fun with the profiles of prominent Conservatives.

And then Facebook. Again.

Facebook says at least 50 million users affected by security breach
Facebook said the FBI is now investigating. Because users in Europe are also affected, the company said it has informed data protection authorities in Ireland — where the company’s European headquarters are located. The Irish Data Protection Commission has asked Facebook to clarify the breach “urgently.” If Facebook is found to have breached European data protection rules — the newly implemented General Data Protection Regulation (GDPR) — the company can face fines of up to four percent of its global revenue.

Facebook hack: Here’s what you need to do to secure your account
Critically, for European users, Facebook has been in touch with the Data Protection Commissioner in Ireland – where it is registered – to inform it of the breach. This will be the first data protection incident from one of the major tech companies since the enforcement of Europe’s General Data Protection Regulation (GDPR) in May. GDPR gives regulators the power to issue huge fines but this is yet to be tested. In a statement the Irish Data Protection Commission said Facebook hasn’t given it many details yet. It is “concerned” that despite Facebook discovering the breach on Tuesday, it hasn’t been able to “clarify the nature of the breach and the risk for users at this point”.

Fake degrees still big business

The scale of this still astounds me. All the work that goes into administering and assuring our degrees – let alone the work the students themselves undertake – is put in jeopardy if these fraudulent qualifications are not challenged.

Fake degrees, real news
But as this recent File on Four investigation by the BBC demonstrated, this Diploma Mill business is still booming and, according to the report, over 3,000 fake qualifications have been sold to individuals (and in one case a company) in the UK out of a worldwide total of 215,000 which netted a profit in excess of £37m in 2015. It seems that the investigation in Pakistan has ground to a halt “amid claims of government corruption” and sales are continuing, but now with a new twist: extortion.

Belltown University? Queens Bay University? Just two from a very long list indeed.

Your favourite passwords

As well as the obvious “12345678”, “password” and “qwerty” (I can’t believe people really use those?), it seems people’s names beginning with J are especially common.

Top 500 most common passwords visualized
Most common passwords. Is yours here? Also, after some deep analysis, we’ve discovered that passwords fit into 11 categories. See what they are.

If any of your passwords feature on that chart, please read this and change them. Right now.

The usability of passwords
Using more than one simple word as your password increases you security substantially (from 3 minutes to 2 months). But, by simply using 3 words instead of two, you suddenly got an extremely secure password. It is 10 times more secure to use “this is fun” as your password, than “J4fS<2”.

High tech in high office

For gadget geek in the Oval Office, high tech has its limits
Mr. Obama is the first true gadget geek to occupy the Oval Office, and yet his eagerness to take part in the personal technology revolution is hampered by the secrecy and security challenges that are daily requirements of his job. What counts as must-have features for many people — high-definition cameras, powerful microphones, cloud-connected wireless radios and precise GPS location transmitters — are potential threats when the leader of the free world wants to carry them around.

I guess he doesn’t have these problems any more.