Technology Language learning app reveals users' sensitive information, research finds
Facebook starts prompting US users to fill out a COVID-19 survey to help track the virus
Starting today, some U.S. Facebook users will see a new pop-up on the app asking them to fill-out a survey about COVID-19. The survey, from Carnegie Mellon University's Delphi epidemiological research center, is one of many new symptom mapping projects that seek to anticipate where the next wave of the virus will hit as COVID-19 sweeps through populations the world over. As if often the case in research, the challenge for these symptom mapping efforts is attracting a large enough sample of respondents to paint a statistically meaningful picture.
8Belts, a maker of , researchers said in a report Friday. The information included national identity numbers, as well as names, email addresses and phone numbers., leaked sensitive personal information on hundreds of thousands of users around the world from an
The database was accessible to anyone who had the right IP address, since at least April 15 when researchers Noam Rotem and Ran Locar encountered it online as part of a project that discovers database exposures on the internet. The researcherswith vpnMentor, a website that reviews virtual private networks and earns commissions when readers click its links and purchase products. The earliest records in the 8Belts database, which has since been taken offline, were from 2017.
Facebook warns users who 'interacted' with COVID-19 misinformation
As part of Facebook’s ongoing fight against COVID-19 misinformation, it is going to begin alerting users if they have liked, reacted to or commented on misinformation that has since been removed. The alerts will appear in News Feed, and they’ll include links to COVID-19 myths debunked by the World Health Organization (WHO). You can expect to see the alerts in the coming weeks. Facebook has taken similar steps in the past. A couple years ago, it began notifying users if they liked or followed bogus pages created by the Internet Research Agency -- the Russian troll farm responsible for meddling in the 2016 election.
The company has customers around the world, and the researchers found information from users in almost every country, they said. The 8Belts website lists many major companies as clients, including mobile communications giant Huawei, sporting goods retailer Decathlon, and multinational auditing firm PricewaterhouseCoopers. Most of the entries in the database came from Spanish-speaking countries, the researchers said.
8Belts, which is based in Spain and offers courses in English, French, German and Chinese, didn't respond to multiple requests for comment.
The discovery is among many made by security researchers of data exposed in the cloud. Other poorly secured databases have revealed information on treatments received by in the US, the of moviegoers in Peru, and before-and-after photos of from clinics around the world.
Up to 160,000 Nintendo Accounts Compromised in Recent Hack
After over 160,000 player accounts were hacked in early April, Nintendo has stopped allowing users to sign into its network services using a Nintendo Network ID. Compromised account information included dates of birth, player's home country and region, gender and email addresses. Nintendo U.K. said in a statement that the breach didn't extend to other areas of its global gaming network. "While we continue to investigate, we would like to reassure users that there is currently no evidence pointing towards a breach of Nintendo's databases, servers or services," Nintendo said.
Exposed data creates a risk of identity theft, as criminals use information stolen from companies to open up new lines of credit. It can also be abused by marketing companies or fraudsters, who may contact people using emails and phone numbers found exposed online. It's unclear whether anyone other than the researchers accessed the 8Belts data.
As more companies move customer information into the cloud, they often lack the expertise to do so securely. Cloud providers like Amazon have tried to make it easier to set up databases securely by default, and cloud software makers like MongoDB have built products to even when it's in the cloud. Still, the problem persists, security researchers have found. A , some professional and some hobbyists, scan the internet for exposed data and try to get it secured.
The 8Belts database was hosted by Amazon Web Services, or AWS. Cloud providers don't set up the databases, and it's a company's responsibility to store customer data securely once it's on the cloud. By default, AWS makes data on a cloud storage system called S3 buckets viewable only to account owners. A company would have to turn this feature off in order to leave data exposed.
A database manager might do this intentionally to make things easier for people who need access to the data. It could also be done unintentionally. Coding guides that aim to help novices set up cloud databases provide templates that database managers can copy and paste. Those templates often turn off password protection, a problem that MongoDB security principal Kenn White told CNET erodes database security.
The exposed 8Belts data also appeared to contain information on users' course histories and performance in the language learning courses, as well as information about 8Belts' computer systems that could have been valuable to hackers looking to compromise the company, the researchers said.
Facebook will tell you when you're about to share old news .
Facebook will soon let you know if a link you’re about to post is old news. It's rolling out a notification worldwide starting today, which will pop up when you go to share something more than 90 days old. It should prompt users to think about whether what they want to share with their friends is still relevant before they pop it on their feed. "Over the past several months, our internal research found that the timeliness of an article is an important piece of context that helps people decide what to read, trust and share," John Hegeman, vice-president of Feed and Stories, wrote. He added that the issue has given news publishers cause for concern.