Facebook Suffered a Stunning Attack That Affected 30 Million Users. Check This Facebook Page Now to See If You're One of the Victims

In a way, this is good news, given that when Facebook previously said it thought as many as 50 million users had been affected. 

But Facebook is also describing some of the data that was accessed, and it’s truly exhaustive. Before we get too deep into the weeds of how Facebook says the attack happened and what it’s doing about it now, here’s how to tell if you’re one of the 30 million or so people affected.

On that page, you’ll see a roughly 335-word description of the issue, followed by a light blue box. If everything’s okay, you should see a simple message within the box:

Is my Facebook account impacted by this security issue?

Our investigation is still ongoing, but based on what we’ve learned so far, the attackers did not gain access to information associated with your Facebook account.

If you see anything different, at least you’ll know that there’s something to be concerned about. Facebook says that “in the coming days” it will send: 

customized messages to the 30 million people affected to explain what information the attackers might have accessed, as well as steps they can take to help protect themselves, including from suspicious emails, text messages, or calls.

While you’re doing this, you should also take the time to check your Facebook privacy settings, as I described how to do previously. You might truly be surprised by how much data Facebook has on you.

In the meantime, here’s the overview of what Facebook says happened here:

  1. First, attackers exploited a vulnerability in the site’s code that apparently resulted from three separate bugs, from July 2017 to September 2018. In short, it allowed hackers to generate tokens that allow access to user profiles.
  2. The attackers had access to a limited number of accounts to begin with, and it’s not clear if these were bogus to begin with, but they were connected to other “friends” on the site. Then, they “used an automated technique to move from account to account so they could steal the access tokens of those friends,” and then friends of those friends. Ultimately this got them access to about 400,000 people.
  3. Ultimately, the hack metastasized across the network, accessing about 30 million total profiles.

Not every account was accessed in the same way. Facebook says for 15 million of the compromised accounts, the attackers basically just got names and contact details such as “phone number, email, or both, depending on what people had on their profiles.”

For another 1 million people, the hackers got access, but weren’t able to obtain any information.

The 14 million remaining people had the most information accessed, however, including:

  • names
  • contact information
  • username 
  • gender 
  • locale/language
  • relationship status
  • religion
  • hometown
  • self-reported current city
  • birthdate
  • device types used to access Facebook
  • education
  • work
  • the last 10 places they checked into or were tagged in
  • website
  • people or Pages they follow, and
  • their 15 most recent searches. 

That’s truly a mother lode. I suppose it’s that that there doesn’t seem to be any immediate indication that financial information was accessed.

And Facebook is quick to point out that the attack appears limited to Facebook personal accounts, not Messenger, Instagram, WhatsApp, Oculus, or other Facebook products. But the investigation is clearly ongoing.

“As we look for other ways the people behind this attack used Facebook,” the company said, “as well as the possibility of smaller-scale attacks, we’ll continue to cooperate with the FBI, the US Federal Trade Commission, Irish Data Protection Commission, and other authorities.” 

ST Engineering wins $5.5 million Singapore contract to test smart lamp-posts

SINGAPORE (Reuters) – Singapore Technologies Engineering has won a S$7.5 million ($5.5 million) contract for the trial of a smart lamp-post project in Singapore, which includes fitting sensors and cameras to posts in the city-state, according to the government’s official tender website.

The project is part of a broader “Smart Nation” plan developed by the Singapore government to use cutting-edge technology, designed to improve people’s lives while promising sensitivity to privacy concerns.

However, an aspect of the lamp-post trial to install cameras linked to facial recognition software has raised privacy fears among some security experts and rights groups.

ST Engineering did not immediately respond to a request for comment.

Reporting by Aradhana Aravindan; Editing by Kenneth Maxwell

Tencent Music delays $2 billion U.S. IPO due to weak markets: sources

HONG KONG (Reuters) – Tencent Music Entertainment has delayed its planned U.S. initial public offering (IPO) until at least November as the owner of China’s most popular music apps prefers to wait for global stock markets to stabilize, three sources said.

FILE PHOTO: Visitors use their smartphones underneath the logo of Tencent at the Global Mobile Internet Conference in Beijing May 6, 2014. REUTERS/Kim Kyung-Hoon/File Photo

The music arm of tech giant Tencent Holdings (0700.HK) is expected to raise at least $2 billion and was originally planning to launch its offering as soon as next week, the sources said.

However, Wall Street on Wednesday suffered its worst one-day drop in eight months, with the S&P 500 .SPX down 3.29 per cent. The index dropped a further 2.06 percent on Thursday.

“Are they really going to launch into this window?” asked one source involved in the deal, adding that the company had plenty of cash. “Why try and jam something out now?”

Chinese shares have also fallen, with the CSI 300 index of mainland Chinese blue-chips .CSI300 down 4.8 percent to a 27-month low on Thursday.

“Given the recent challenging market conditions, it won’t be a good idea for the company to go ahead with the listing timetable. It makes more sense to wait till the market recovers a bit,” said another person with knowledge of the matter.

Tencent Music declined to comment. The sources declined to be identified as the information was not public.

At $2 billion, the IPO would be one of the largest by a Chinese company in the United States this year, behind the $2.4 billion raised by video streaming company iQiyi (IQ.O) in March but ahead of the $1.6 billion garnered by online group discounter Pinduoduo (PDD.O) in July.

In total, Chinese companies have raised $7.5 billion from U.S. markets so far this year – the biggest amount since 2014 – according to Refinitiv data.

Tencent Music filed for its IPO earlier this month, setting a placeholder sum of $1 billion for registration purposes.

The company owns streaming apps QQ Music, Kugou and Kuwo as well as karaoke app WeSing, and claims more than 800 million monthly active users.

The number of Tencent Music shares to be sold were not disclosed and potential valuations were unclear. Its Swedish music streaming counterpart Spotify Technology SA (SPOT.N) is currently valued at around $27.1 billion.

The Chinese firm, which has a cross shareholding deal with Spotify, offers more in the way of socially interactive services that makes it profitable, while the Swedish firm is not. Tencent Music reported a 92 percent jump in sales in the first half of this year and net profit of $263 million.

Reporting by Julie Zhu and Julia Fioretti in Hong Kong; Writing by Jennifer Hughes; Editing by Muralikumar Anantharaman

How Open Plan Offices Kill Diversity and Equality

Why are so many companies (i.e. so many top executives) embracing a strategy that’s so obviously unproductive and which employees almost universally dislike? 

I originally assumed the continued growth of open plan offices (now around 70% of all offices in the U.S.) was a victory of biz-blab over science–the corporate equivalent of anti-vaccination and climate change denial. However, since open plan offices are so obviously stupid, I’ve concluded there must be something deeper at work here–a hidden agenda.

What could it be?

A clue to this hidden agenda may lie in the undeniable fact that while executives want their employees to work in these open plan environments, they almost always secure private offices for themselves.

Another clue may lie in the way that the growth in open plan offices matches declines in work-from-home policies, private offices, and cubicle offices, all three of which offer varying levels of privacy for regular employees which open plan offices totally lack.

The unifying theme is that executives want employees to remain physically visible and constantly on display while simultaneously retaining their own right to remain invisible. This desire must be something that’s highly valuable to top management for them to be willing to pay such a huge tax in productivity and morale.

I’m not talking about a conspiracy. Nobody got together, twirled their metaphorical mustaches, and with a “brou-ha-ha-ha” decided to stick it to their employees. No, what’s operating here is something more subconscious, like confirmation bias. It’s a cultural thing and therefore largely unexamined, like most hidden agendas.

So, then, what deep need does the open plan office serve?

One obvious answer is the need to control the behavior of others–a need to which executives (who are often quite insecure about their ability to lead) are particularly susceptible.

However, while it is no doubt easier to control people when you can constantly look over their shoulders, that kind of monitoring can be done electronically. Since employees have no privacy rights, there’s nothing to stop companies from monitoring their behavior online. Big Brother doesn’t need to be physically present to stick his nose in your personal business.

If the deeper need is not a desire to control behavior, what could it be? Put another way, what benefit to executives get from making their employees physically visible while retaining the right to remain themselves invisible?

A well-documented effect of open plan offices is that constant visibility puts women at a disadvantage by forcing them to expend extra energy focusing on their physical appearance. However, it’s not just women who suffer from being forced into a fishbowl. Open plan environments also put at disadvantage those employees who are overweight, disabled, or in any way fail to conform to American standards of conventional attractiveness, i.e.young, thin, and light-skinned.

For example, open plan offices are vehemently hostile to older workers (Gen-X and above) because as one ages, it becomes increasingly difficult to achieve that cultural standard of conventional attractiveness.

Furthermore, some elements of open plan designs–such the ubiquitous workplace playground slide–are specifically intended to humiliate older workers. To a 20-year-old, using playground slide is merely embarrassing; to a 40-year-old it’s actively humiliating; to a 60-year-old, it’s a recipe for chiropractic appointment.

Rather than attracting millennials, open plan offices help top management eliminate or disempower workers who aren’t young, conventionally-attractive, generally light-skinned and male.–the exact demographic from whence sprang the majority of top managers. While such environments also tolerate young, conventionally-attractive females, the fishbowl-like characteristic of open plan offices guarantees that they’ll kept off-balance and “in their place” by being put constantly on display.

Seen this way, the open plan office, far from being a forward-looking vehicle to create collaboration and innovation, are actually only a manifestation of a traditional 20th century business culture which favors the dominance of older, light-skinned males, a dominance that expresses itself in everything from the demographics of Fortune 500 C-suites to the investment choices of venture capitalists.

That open plan offices tend to reinforce the patriarchy seems less surprising when you consider that the original concept of the open plan office dates not from the so-called “information age” but from the early years of 20th century, when companies–to increase paper-pushing efficiency–started arranging office workers’ desks inside large rooms called “bullpens.” 

Far from being a modern invention, open plan offices have been around for nearly 100 years. Within that history, companies have experimented with other workplace designs like private offices, cubicles, and telecommuting. Those experiments, however, fallen out of favor because those experiments gave employees more privacy, which was an assault on the status quo.

Companies have continued to embraced open plan designs not because they make employees more productive (they don’t) and not because employees find them inspiring places to work (they don’t) but because open plan offices reinforce the status quo–the same status quo that’s kept women and minorities out of positions of power, and that favors a younger, cheaper, more malleable workforce that’s less likely to challenge the dominance of the traditional powers-that-be.

Data privacy rules spoiling fintech boom, says industry group

HONG KONG (Reuters) – Data privacy rules in Asia are limiting the spread of financial technology, an industry body said on Thursday, calling on regulators to set out broad principles rather than precise rules.

FILE PHOTO: A photo illustration shows a USB device being plugged into a laptop computer in Berlin July 31, 2014. REUTERS/Thomas Peter/File Photo

Companies around the world want to make better use of the large pools of data they have to both cut costs and offer additional services. But governments and regulators in Asia and elsewhere are tightening rules on how that data is used.

“Governments in Asia say that they support fintech, and they want fintech firms to enter their market, but data privacy rules are a major stumbling block,” Paul Hadzewycz, senior associate at the Asian Securities Industry and Financial Markets Association (Asifma), told Reuters.

In a report on Thursday, Asifma urged regulators to avoid an “exhaustive and prescriptive list” of rules and set principles that allow companies to operate “confidently across borders and enter new markets.”

Some 13 countries in Asia have data protection rules, Stephen Wong, Hong Kong’s commissioner for data privacy, said at the Refinitiv Pan Asian Regulatory Summit in Hong Kong on Tuesday.

Aside from the privacy rules, companies also face varied, and sometimes conflicting, requirements imposed by financial regulators, privacy commissioners and cyber security bodies in Asia, Hadzewycz said.

Another industry concern are rules that prevent a company from storing customers’ data outside their country.

Vietnam has set rules to force global technology companies like Facebook (FB.O) and Alphabet Inc’s (GOOGL.O) Google to store user data in the country, and India is planning similar legislation..

“Regulators who are bringing in data localization rules are painting themselves into a corner and are hurting their attractiveness as a market to fintech firms,” Hadzewycz said.

Reporting by Alun John; editing by Darren Schuettler

4 Ways Taylor Swift Just Proved Herself a Better Leader than 90% of Congress

For years we’ve known more about Taylor Swift’s ex-boyfriends (I’m lookin’ at you, John Mayer!) and posse than her politics. But apparently, the 28-year-old superstar has had enough, because on Sunday she broke her longstanding silence about politics and brought her 112 million Instagram followers along for the ride.

You can check out the precedent-rocking post yourself, but this was the gist: “In the past I’ve been reluctant to publicly voice my political opinions, but due to several events in my life and in the world in the past two years, I feel very differently about that now.” Right-wing backlash was immediate, but Taylor’s career will survive.

The more important response was that more than 65,000 people registered to vote at Vote.org in the 24 hours after the post went live. That’s power. Think what you like about her music and her brand, or about celebrities weighing in on politics for that matter, but Taylor Swift’s action was the mark of a leader.

Real leaders do four things consistently, and Ms. Swift did them all. Here’s how CEOs and entrepreneurs can translate that into actionable leadership:

Real leaders understand the power of their platform.

When you have an audience, you have the power to move people to act. But it’s important to know what your platform can do and what it can’t. Taylor wasn’t going to move middle-aged men around the country to change their vote. But if you’re trying to get hundreds of thousands of young people to go the polls, especially in Tennessee, mission accomplished. Don’t congratulate yourself on how many people you can reach; focus on reaching the right ones with the right message. That applies to your marketing and your internal communications

Real leaders go first.

Taylor had to know she was sticking her neck out and risking a Dixie Chicks-style beatdown (Google it). But she clearly decided that the time had come when the cause was more important than the risk. Leaders take enemy fire so other people don’t have to. If your company is being attacked, step up and take the heat for everybody else. Accept responsibility for the product failure. Call a press conference. Take a controversial position no one else in the organization can.

Real leaders know their moment.

Think it’s a coincidence that Taylor’s post came on the heels of the ugly Brett Kavanaugh hearings? I don’t. Partisan rage was high…and here comes a respected, beloved young woman with a heartfelt call to action. That’s timing. There’s a right time to release a game-changing product or go public with bad news. Learn to read your company, your industry, the market and the press. Got a big, positive story? Hold out for a quiet news day. Need to issue a mea culpa? Wait until somebody else is sucking up all the oxygen.

Real leaders don’t lecture, they share.

Taylor didn’t tell people what to think. She shared her concerns and fears and explained to her fans why she felt compelled to act now…and why she hoped they would do the same. Tens of thousands (and counting) have responded by saying, “We’re with you.” Bury the leader persona. When you’re trying to motivate a team or an entire company, be candid and open. Talk about what you care about–and who. Don’t make speeches. Connect. You’ll be amazed at the results.

Pentagon slow to protect weapon systems from cyber threats: U.S. agency

WASHINGTON (Reuters) – The Pentagon has been slow to protect major weapon systems from cyber attacks and routinely found critical vulnerabilities that hackers could potentially exploit in those systems, a federal government report said on Tuesday.

The U.S. Government Accountability Office (GAO), a watchdog unit of Congress, said in a 50-page report that the Pentagon found “mission-critical cyber vulnerabilities in systems” under development.

“Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications,” the report said.

Some program officials told GAO that the weapon systems were secure and discounted some test results as “unrealistic.”

While the Pentagon plans to spend about $1.66 trillion to develop major weapon systems, the report found, it had only recently taken steps to improve cyber security.

Cyber security has been receiving increasing attention among U.S military and intelligence officials.

Last week, Western countries issued coordinated denunciations of Russia for running what they described as a global hacking campaign, targeting institutions from sports anti-doping bodies to a nuclear power company and the chemical weapons watchdog.

In some of the strongest language aimed at Moscow since the Cold War, Britain said Russia had become a “pariah state.”

The United States said Moscow must be made to pay the price for its actions. Their allies around the world issued stark assessments of what they described as a campaign of hacking by Russia’s GRU military intelligence agency.

“Due to this lack of focus on weapon systems cybersecurity,

(Department of Defense) likely has an entire generation of systems that were designed and built without adequately considering cybersecurity,” the report said.

Reporting by Idrees Ali; Editing by David Gregorio

Microsoft to invest in Southeast Asian ride-hailing firm Grab

SINGAPORE (Reuters) – Microsoft Corp is investing in Southeast Asian ride-hailing firm Grab as part of a partnership that the two companies said will allow them to collaborate on technology projects, including big data and artificial intelligence.

FILE PHOTO: A man walks past a Grab office in Singapore March 26, 2018. REUTERS/Edgar Su/File Photo

The companies did not disclose the deal value.

Grab had earlier said it planned to raise roughly $3 billion by year-end, of which it has already raised $2 billion.

Last week, Reuters reported that existing backer SoftBank Group Corp was closing in on a deal to invest about $500 million in Grab as part of the funding round.

Sources told Reuters that Grab is likely to tap strategic and financial firms for the remainder of the funding.

Before Tuesday’s deal, it raised $2 billion in 2018, led by Toyota Motor Corp and financial firms, including Microsoft co-founder Paul Allen’s Vulcan Capital.

Singapore-headquartered Grab has taken its ride-hailing business to 235 cities in eight countries in Southeast Asia in the past six years.

It is looking to transform itself into a leading consumer technology group, offering services such as food and parcel deliveries, electronic money transfers, micro-loans and mobile payments, besides ride-hailing.

Grab will work with Microsoft to explore mobile facial recognition, image recognition and computer vision technologies to improve the pick-up experience, the companies said in a statement on Tuesday.

For example, passengers will be able to take a photo of their current location and have it translated into an actual address for the driver.

Other areas of the five year-agreement include Grab adopting Microsoft’s Azure as its preferred cloud platform and using it for data analytics and fraud detection services.

Southeast Asia, home to some 640 million people, is shaping up as a battleground for global technology giants such as Alibaba, Tencent Holdings Ltd, JD.com, Alphabet Inc’s Google and SoftBank, particularly in ride-hailing, online payments and e-commerce.

Competition for Grab is heating up with Indonesian rival Go-Jek also expanding in the region.

Reporting by Aradhana Aravindan; Editing by Stephen Coates

There's a Bizarre Hoax Circulating on Facebook. Here's Why it's Spreading Like Wildfire

Are you on Facebook? If you are, you’ve most likely received a repetitive, canned note (or 100) from your friends/family that is driving you into a fit of rage. If you haven’t, consider yourself lucky. However, there’s indeed an irritating hoax going around that has grabbed some serious attention. Here’s what the message says: 

Hi….I actually got another friend request from you yesterday…which I ignored so you may want to check your account. Hold your finger on the message until the forward button appears…then hit forward and all the people you want to forward too….I had to do the people individually. Good Luck! 

Spoiler: there’s no ‘clone’ account. This is just a hoax, so delete the message and be worry-free that an account or second-degree account is compromised. 

We’re all familiar with this level of chain-like-mail, but what makes this time so different? The obvious answer could be any of the following: 

  • It’s coming from friends & family — so you can trust it
  • There’s clear instruction on what to do
  • It doesn’t contain a link
  • You’re doing it through Messenger (it’s more novel), vs. a status update

However, it goes deeper than that.

We need to remember that Facebook has its fair share of ‘bad press’ (yes, there is such a thing) the past couple years, stemming from the Cambridge Analytica scandal which affected 87 million accounts. Then, all 2.2 billion Facebook users received a notice in an effort to inform them on how to protect their information. Add to this that on September 28th, hackers exploited a flaw which resulted in compromised data for 50 million accounts. Yikes. 

And what do you get when you mix that all together?

A user constantly on high-alert due to the endless loop of security & privacy concerns

The decision to forward is almost an irrational one–and an innate reaction to Facebook’s shaky history and hyper-recent exploitation. All of that creates an uncomfortable level of ‘unknown’ when it comes to privacy and, at the end of the day, your friends & family are really just trying to help inform of a potential concern. 

So, the next time you receive one of these messages, maybe take a deep breath and if you feel like a good Samaritan, let them know that they don’t need to forward the message out to anyone else–the clones aren’t here (yet).

Published on: Oct 7, 2018