Facebook & Linkedin breaches hit 500 million users

Facebook and LinkedIn have both suffered massive data breaches, exposing the details of more than 533 million and 500 million user accounts respectively, it has been revealed.

Extensive leaked data from Facebook was reportedly found online by security researcher Alon Gal – including the personal information of 11 million UK users such as phone numbers, locations, birth dates and many email addresses.

It’s believed that the ‘hack’ may relate to a bug in Facebook’s friend-adding ‘Contact Importer’ tool which was fixed in September 2019. Previous breaches in 2017 fell before the introduction of GDPR, which Facebook argues absolved it of responsibility to notify users.

Questions still hover over the LinkedIn breach in particular, with the company claiming much of their data appears to have been aggregated from other sources, or (like Facebook) were perhaps not technically ‘hacked’ at all – but scraped in bulk from publicly visible parts of the popular professional website.

The huge cache of Linkedin data was thought to be on sale, after security researches found a 2 million user ‘sample’ advertised online.

A Facebook spokesperson told Reuters the social media platform will not inform users if their accounts were part of the breach, and Linkedin are yet to issue a statement on this point – although given that LinkedIn has around 740 million accounts in total, a clear majority of its users are likely affected.

Users of both platforms can check if their email addresses (and now phone numbers) were likely breached via either platform over at: https://haveibeenpwned.com/ – and are advised to update passwords as a precaution.

 

For IT Support and cybersecurity expertise, please contact our team today.


773 Million Email Addresses Breached Online

Online Security breach website HaveIBeenPwned.com has detected the largest online breach of email addresses to date – nearly 773 million unique emails.

The 87GB of breached personal data, publicised by Microsoft Regional Director and cybersecurity expert Troy Hunt, was spotted last week via online file-hosting website MEGA under the ominous name “Collection #1”, and has now been removed.

The data itself, believed to be a terrifying aggregation of a large number of previous smaller data breaches, also contained more than 21 million identifiable plain-text passwords.

More than 140 million of the email addresses identified have never been seen before by HaveIBeenPwned.com, suggesting some of the personal data may originate from as yet undiscovered breaches.

Those affected by the breach are advised to change their passwords immediately, to prevent criminals potentially exploiting the data to access other online services where the user has registered with identical login credentials.

You can check if your email(s) (and potentially passwords) have been breached among the 773 million by clicking here.

For IT support and cybersecurity expertise, contact Lineal about your requirements today.


Google and Apple unite over user privacy

 

Google and Apple’s respective CEOs have joined forces over the issue of customer privacy, with Apple CEO Tim Cook publicly refusing the Federal Bureau of Investigation (FBI) ‘backdoor’ access to iPhone software.

Google CEO Sundar Pichai backed Apple’s decision on Twitter, arguing that assisting the FBI to gain such access to a private individual’s smartphone would be a ’troubling precedent.’

The mobile phone privacy dispute with the FBI over encryption comes 2 months after Farook and Tashfeen Malik killed 14 people in a mass shooting in San Bernadino, California, with investigators demanding that Apple now assist the authorities in accessing Farook Malik’s iPhone 5C.

Both Apple and Google argue that ‘backdoor’ decryption would put the privacy of millions of ordinary smartphone users at risk from Government intrusion, with Tim Cook famously arguing that ‘You can’t have a back door that’s only for the good guys’. In theory, each iPhone’s encryption method is unique, and Apple argue that there should be no possible method for accessing a given user’s data.

On Tuesday however a Federal Judge ordered Apple to disable Farook Malik’s suspected phone setting which enforces usage delays or wipes the iPhone in the event of multiple incorrect password attempts, giving the FBI the opportunity to automatically test millions of possible passwords without penalty.

Both companies’ actions are being driven by the issue of reputation: giving law enforcement authorities the ability to access an individual’s data would utterly undermine smartphone manufacturers’ advertisement of user security.

With neither side willing to back down, expect the dispute to go to the courts, with the key issue being whether Apple can control permitted access to this iPhone, and this iPhone only.

 

For specialist IT Support, contact Lineal today: 01271 375999 or email: [email protected]


Apple invests in LearnSprout for Education

 

Education tracking software LearnSprout has been bought by Apple, in a purchase expected to extend the computing giant’s reach into the education sector.

American software platform LearnSprout, already used across 42 states in over 2500 schools, is an analytics dashboard that allows teachers to monitor pupil’s performance and results, attendance, student health and more.

LearnSprout’s developers argue that by aggregating data, schools can help study trends for promoting better teaching, improving readiness for higher education and ensure a more efficient use of resources.

This is the second announcement in recent weeks about Apple investing heavily in technology for the education sector, following the January launch of Apple’s Education package and iPad modifications designed for classroom use. It’s unlikely to be the last.

 

For education sector IT support – talk to Lineal today: 01271 375999


The Windows 10 update you didn’t notice

 

Windows 10.1 updates security

With ‘Windows 10.1’ now barely a month old, and the Microsoft operating system already running on over 12 million business PCs, how fares Microsoft’s free updates strategy?

Windows 10.1 update was released with relatively little fanfare (be honest, you didn’t notice) adds features that, understandably with hindsight, might have been a distraction at the main Windows 10 release back in July.

Packaged within were mainly performance and security upgrades – Windows 10.1 will now boot almost 30% faster than an old Windows 7 system on the same device, the Cortana virtual assistant has some new handwriting recognition skills and there are new enterprise tools for mobile devices. Microsoft Edge runs smoother too, offering previews of tabs before viewing and syncing favourites across devices.

Most importantly, after recent corporate data breaches in the news, Microsoft have added a range of new security safeguards. These including ‘Windows Hello’, supporting enterprise grade biometrics including fingerprint and facial recognition – sadly currently only available for US users.

Aside from controversy surrounding user privacy then (if you didn’t notice your Windows 10.1 update, that’s maybe because Microsoft installed it automatically on your device without asking you) the first free update went ahead with relevant additions and limited fuss.

Starting free updates officially moves Microsoft into line with Apple’s OS X business model that has become the industry standard. Yet limited promotion of Windows 10’s ongoing development risks downplaying Microsoft’s progress.

Which would be unfair, because Microsoft is plainly taking extra care to develop the business security of their product range, including the excellent Office365, Microsoft Azure and now Windows 10.1. Microsoft is clearly listening to business’ fears, and businesses should welcome it.

 

For help and support with Microsoft enterprise IT, contact Lineal today.


Bloxx announces discontinuation of products

bloxx

Bloxx to become part of Akamai Technologies

Web filtering provider Bloxx have announced that they will be ceasing support for their products and services, following a shock email from the company’s Chief Executive.

The move comes as part of a cash deal takeover bid by cloud services firm Akamai Technologies, announced on 2nd November 2015, and will see an end to the sale of all Bloxx products.

Bloxx has a good reputation in the UK and beyond for delivering a strong feature set in their appliances that are used to filter online content delivered in sensitive environments. Their products are commonly implemented by educators, healthcare providers, local authorities and businesses.

Although existing contracts will be honoured, those who have invested in physical Bloxx hardware may well find the lifespans are now limited, with little indication of whether Akamai will offer suitable replacements.

Bloxx’s impressive record has drawn the attention of national media before, with the Edinburgh based-company receiving hate mail from teenagers unable to access restricted websites on school computers even with a range of proxies.

With online security stories dominating the news in recent weeks, wider awareness of the need for web, social media and email monitoring is likely to only increase demand for such products. It remains to be seen whether interested parties will consider a cloud-based offering from Akamai to be sufficient, especially when it comes to security and bandwidth management.

Need help with online content filtering and network security for your organisation? Speak to Lineal today: call 01271 375999 or email [email protected]


Cyber Crime hits the headlines

16844922351_ec30a1b111_z

Cyber crime is finally set to become the UK’s most common crime type, following inclusion in the latest crime figures from the Office for National Statistics (ONS).

This re-classification comes only days after news headlines emerged that an Eastern European crime group successfully used ‘Dridex’ malware to steal over £20m from UK bank accounts via thousands of infected PCs in the UK.

Cyber criminals are increasingly mounting more organised attacks on businesses, small and large – last year even U.S banking giant J.P Morgan suffered unfortunate press and a sudden plunge in its share price when digital thieves stole the personal information and contact details of more than 76 million customers.

The 2015 National Strategic Assessment from the National Crime Agency estimates that losses due to cyber crime in the UK now amount to a staggering £16 billion annually. The NCA also asserted that the theft of large amounts of private companies’ data still faces ‘considerable under reporting.’

Nowhere is this more threatening than for those in the financial services industry, where both reputations for reliability and access to funds make IT security of paramount importance, requiring compliance with the strictest procedures for identity validation, network safety and fraud detection.

All businesses need to be prepared for the future, where cyber crime is likely to become more sophisticated and UK companies may be expected to demonstrate greater data protection measures. This week Microsoft promoted it’s Financial Services Compliance program in connection with Office 365 – making assurances (aimed squarely at businesses in the financial sector) of direct access to staff and resources to ensure that Microsoft Office cloud services comply with financial security regulations.

Greater awareness of cyber crime amongst Government figures, the media and the public can only be a good thing, but ultimately it still remains very much up to the individual to ensure their IT systems are secure – before the worst happens.

 

More than 70% of businesses fail after significant data loss. Lineal can install a range of security measures to safeguard your business IT systems and data – enquire today via: http://www.lineal.co.uk/contact/

 

More from Lineal News

Flickr: GotCredit