In this week’s Cyber Blurbs Roundup, we take a look at Facebook’s massive data leak, Snapchat suspiciously working on an anti-Apple technology they’ll allegedly never use, the indictment of a Kansas man who is accused trying to sabotage his town’s water supply, and an unfortunate leak from one of the more trusted networking brands out there.
Here goes:
Facebook Leak Exposes Data For 500 Million Users
OK, so a bit of an admission here — this part of the blog was originally devoted to some positive news coming out of Facebook HQ… but then the weekend hit.
News broke late last week of a massive data breach concerning more than half a billion Facebook users spanning 106 countries. The data leaked online includes phone numbers, birthdates, full names, email addresses, and locations for 533 million users — including 33 million users from the United States.
Word of the data leak first surfaced in January, when the information was made available to individuals for a price. Months later, the data was leaked on the web for free.
The latest Facebook leak is likely to result in a slew of phishing attempts. Most of us have become adept at dodging phishing actors, but it may be worth giving some of your older, more Facebook-appreciating loved ones some advice.
For those concerned about potentially being part of the latest breach, feel free to visit the good folks over at CyberNews. You’ll not only be able to determine if you’re part of the latest Facebook breach, but also see a detailed history of all the other times your email address has been found in data leaks.
Snapchat Owner Develops Workaround for Apple Tracking… Because Reasons
Another week, another company developing a workaround to Apple’s App Tracking Transparency requirements. This week’s entry comes from the folks over at Snap, the company that owns — you guessed it — Snapchat.
Snap has developed a technique that can identify individual users with a 95% success rate, a method that could potentially circumvent Apple’s upcoming App Tracking Transparency requirement. Per the Financial Times (h/t 9to5Mac), Snap has admitted to developing the new technique, but says it will stop all testing and tracking once Apple’s shift officially takes place later this spring.
As discussed in previous blog posts, Apple is shifting its focus toward user privacy and tracking transparency. With the release of iOS 14.5, application developers will soon have to actively ask users for permission to track their usage across different apps — a night-and-day difference from the long-standing era of tracking without permission that allowed mobile advertisers to flourish.
Snap’s technique comes just a few weeks after TikTok parent company ByteDance was said to be working on a tool to circumvent Apple’s new policy as well.
Man Indicted Over Hacking Kansas Water Supplier
Now for some regional albeit pretty concerning news. A 22-year-old Kansas man was indicted earlier this month by the Justice Department for hacking a public water system about two years ago. Wyatt Travnichek of Ellsworth County, Kansas, is accused of hacking into a protected computer linked to the Ellsworth County public water system, before allegedly shutting down “the processes at the facility which affect the facilities cleaning and disinfecting procedures with the intention of harming” the people in the area.
“By illegally tampering with a public drinking water system, the defendant threatened the safety and health of an entire community,” said Lance Ehrig, Special Agent in Charge of EPA’s Criminal Investigation Division in Kansas. “EPA and its law enforcement partners are committed to upholding the laws designed to protect our drinking water systems from harm or threat of harm. Today’s indictment sends a clear message that individuals who intentionally violate these laws will be vigorously prosecuted.”
Travnichek faces up to 25 years in prison and a fine of up to $500,000 for his alleged crimes.
Ubiquiti Breach Way Worse Than Company Let On
Networking hardware company Ubiquiti reached out to its customers in January with a message that has unfortunately become fairly standard over the last couple of years: The company suffered a data breach. Fortunately for customers, Ubiquiti at the time claimed the breach had no impact on user data.
Fast forward a few months and the story has changed quite a bit, according to a source who spoke on the condition of anonymity.
“It was catastrophically worse than reported, and legal silenced and overruled efforts to decisively protect customers,” the source said (h/t KrebsonSecurity). “The breach was massive, customer data was at risk, access to customers’ devices deployed in corporations and homes around the world was at risk.”
The source says Ubiquiti can technically claim that there is no evidence of customer data being breached, though that’s largely due to Ubiquiti failing to keep records of which accounts were accessing user data.
Ubiquiti went on to release another statement following the report from Krebs, although it didn’t go out of its way to deny the claims made by the anonymous source. You can read the full statement here.
Dive a bit deeper into the breach by reading the original story from Krebs here.