Even years later, Twitter doesn’t delete your direct messages

From techcrunch.com

Twitter Illustrations Ahead Of Earnings Release

When does “delete” really mean delete? Not always, or even at all, if you’re Twitter .

Twitter retains direct messages for years, including messages you and others have deleted, but also data sent to and from accounts that have been deactivated and suspended, according to security researcher Karan Saini.

Saini found years-old messages in a file from an archive of his data obtained through the website from accounts that were no longer on Twitter. He also reported a similar bug, found a year earlier but not disclosed until now, that allowed him to use a since-deprecated API to retrieve direct messages even after a message was deleted from both the sender and the recipient — though, the bug wasn’t able to retrieve messages from suspended accounts.

Saini told TechCrunch that he had “concerns” that the data was retained by Twitter for so long.

Read more…

Hacker Who Stole 620 Million Records has Stolen Another 127 Million Records from Another 8 Websites

From gbhackers.com

127 million

A new report reveals that the hacker who stoles 620 million user data from 16 popular websites have stolen another 127 million data from another 8 websites.

The hacker listed the data on the dark web market place, according to analysts the data appears to be purchased from infamous Dream Market.

According to the TechCrunch report, the hacker has posted another set of data exfiltrated the 8 popular websites after the original post pulled off.

Here are the listings

  • 18 million records from travel booking site Ixigo
  • Live-video streaming site YouNow had 40 million records stolen
  • Houzz, which recently disclosed a data breach, is listed with 57 million records stolen
  • Ge.tt had 1.8 million accounts stolen
  • 450,000 records from cryptocurrency site Coinmama.
  • Roll20, a gaming site, had 4 million records listed
  • Stronghold Kingdoms, a multiplayer online game, had 5 million records listed
  • 1 million records from pet care delivery service PetFlow

Read more…

Apple Requiring 2-Factor Authentication on Developer Account Holders

From bleepingcomputer.com

Apple Lock

Users who are part of the Apple Developer program have started receiving emails that state they need to add 2-factor authentication to their accounts by February 27th, 2019. Otherwise, they will be locked out of their Developer accounts and be unable to access their Certificates, Identifiers, and Profiles.

The emails being sent have a subject line “Two-Factor Authentication Required Soon” and state that they are requiring two-factor authentication in order to provide an extra layer of protection for a developer’s Apple ID and to make only they have access to their account.

Read more…

How to Keep Your Mobile Safe from Cyber Threats

From gbhackers.com

mobile security

Before smartphones were popular, people didn’t take mobile security much seriously. After all, we used to have a few contacts, some classic games, and some blurred wallpapers, what was actually stored on our old mobile phones?

However, now that everything has changed, a lot of people are using Smartphone’s to perform a lot of tasks from logging into their bank account to company dashboard for their job purpose, mobile security has become more and more important than ever.

However, the statistics show that only 22% of mobile users take regular security measures, while most just do when it’s convenient. But, as Smartphone users we need to make Smartphone security as our primary priority to keep our mobile safe as possible to avoid any nasty situation later.

Once your mobile gets hacked, you are in major financial trouble and as well as your private information. We store everything on our phones which is very handy at the same time it is a concern.

Read more…

18,000 Android Apps Track Users by Violating Advertising ID Policies

From bleepingcomputer.com

18,000 Android Apps Track Users by Violating Advertising ID Policies

18,000 Android apps with tens or hundreds of millions of installs on the Google Play Store have been found to violate Google’s Play Store Advertising ID policy guidance by collecting persistent device identifiers such as serial numbers, IMEI, WiFi MAC addresses, SIM card serial numbers, and sending them to mobile advertising related domains alongside ad IDs.

The issue here is that, while some of the companies behind these apps will most probably say that they’re not actually using persistent device identifiers for ad targeting, they are still violating the Google Play Store Advertising ID policy guidance.

Sending non-resettable identifiers besides the ad ID is especially worrisome considering that it effectively removes “the privacy-preserving properties of the ad ID” as explained in a report published by AppCensus.

To further illustrate why this is an issue, Appcensus’ Serge Egelman says that “in 2017, it was major news that Uber’s app had violated iOS App Store privacy guidelines by collecting non-resettable persistent identifiers. Tim Cook personally threatened to have the Uber app removed from the store.”

Read more…

Facebook uses its apps to track users it thinks could threaten employees and offices

From cnbc.com

  • Facebook maintains a list of individuals that its security guards must “be on lookout” for that is comprised of users who’ve made threatening statements against the company on its social network as well as numerous former employees.
  • The company’s information security team is capable of tracking these individuals’ whereabouts using the location data they provide through Facebook’s apps and websites.
  • More than a dozen former Facebook security employees described the company’s tactics to CNBC, with several questioning the ethics of the company’s practices.

In early 2018, a Facebook user made a public threat on the social network against one of the company’s offices in Europe.

Facebook picked up the threat, pulled the user’s data and determined he was in the same country as the office he was targeting. The company informed the authorities about the threat and directed its security officers to be on the lookout for the user.

“He made a veiled threat that ‘Tomorrow everyone is going to pay’ or something to that effect,” a former Facebook security employee told CNBC.

The incident is representative of the steps Facebook takes to keep its offices, executives and employees protected, according to more than a dozen former Facebook employees who spoke with CNBC. The company mines its social network for threatening comments, and in some cases uses its products to track the location of people it believes present a credible threat.

Read more…

Chinese facial recognition database exposes 2.5m people

From nakedsecurity.sophos.com

A company operating a facial recognition system in China has exposed millions of residents’ personal information online.

Shenzen-based SenseNets is an artificial intelligence company that uses a network of tracking cameras to spot people and log their movements in its database. Unfortunately, the company exposed that information publicly online allowing anyone to access the information in plain text, it emerged this week.

Dutch cybersecurity researcher Victor Givors found the vulnerable database online and tweeted about it.

Read more…