Connect with us

Technology

Cybersecurity 101: Changing Your Facebook And Instagram Passwords Amid The Facebook Password Leak

Published

on

Cybersecurity 101

Facebook confirms Thursday last week that hundred and millions of user passwords were being stored in a “readable form” that allows thousands of its employees to access and understand it. While Facebook has already notified the users affected by the password leak, the California-based tech company has assured that none of its employees violated any privacy protocols in handling the exposed database.

Facebook’s Pedro Canahuati, vice president of engineering for security and privacy, initially referred to “some” user passwords that were accessible to Facebook employees. A paragraph later, he revealed that “hundreds of millions of Facebook Lite users, millions of Facebook users, and tens of thousands of Instagram users” would be notified.

Facebook said that the issue is an internal one. “To be clear, these passwords were never visible to anyone outside of Facebook, and we have found no evidence to date that anyone internally abused or improperly accessed them,” Canahuati wrote.

There is nothing more important to us than protecting people’s information, and we will continue making improvements as part of our ongoing security efforts at Facebook,” he added.

Those who were affected by the said data leak are advised to change their passwords. And if you are one of those with an exposed password, you should do it now.

HOW TO CHANGE FACEBOOK PASSWORD

To change your password on Facebook if you’re already logged in:

  1. Click account settings in the top right corner of any Facebook page and select Settings.
  2. Click Security and Login.
  3. Click Edit next to Change Password.
  4. Enter your current password and new password.
  5. Click Save Changes.

If you’re logged in but have forgotten your password, follow the steps under Change Your Password then click “Forgot your password?” and follow the steps to reset it. Keep in mind that you’ll need access to the email associated with your account.

To reset your password if you’re not logged in to Facebook:

  1. Go to the Find Your Account Page.
  2. Type the email, mobile phone number, full name or username associated with your account, then click Search.
  3. Follow the on-screen instructions.

If you’re still having trouble resetting or changing your password, it’s better to contact Facebook support for help.

Furthermore, the leak also affected Instagram users. If you have been messaged by Facebook to notify you that your Instagram account was one of those with exposed passwords, you should also change your password as soon as possible.

HOW TO CHANGE YOUR INSTAGRAM PASSWORD

If you’re able to log into your account and know your current password, you can change it from your Settings:

  1. Go to your profile and tap the button in the top right.
  2. Tap Settings > Privacy and Security > Password.
  3. Enter your current password and then enter your new password.
  4. Tap Save or the check button in the top right.

Instagram also urges people to use strong passwords by using a combination of at least six numbers, letters and punctuation marks (like! and %).

While the concept of a “strong password” is clear to some, there are still people who create passwords that are relatively weak. The password strength indicator that some services have is not even accurate. If you’re one of those who is struggling to create a strong password, here’s a few tips.

HOW TO CREATE STRONG PASSWORDS

According to Chris Hofman, the following are the best practices to make sure that your passwords are strong:

Has 12 Characters, Minimum: You need to choose a password that’s long enough. There’s no minimum password length everyone agrees on, but you should generally go for passwords that are a minimum of 12 to 14 characters in length. A longer password would be even better.

Includes Numbers, Symbols, Capital Letters, and Lower-Case Letters: Use a mix of different types of characters to make the password harder to crack.

Isn’t a Dictionary Word or Combination of Dictionary Words: Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red house” is also very bad.

Doesn’t Rely on Obvious Substitutions: Don’t use common substitutions, either — for example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious.

Conclusion:

If you have been notified by Facebook that your account password was included in the data breach, change it as soon as possible. Also, even if you’re not part of that breach, it’s also advisable to change your passwords as well (for an added layer of protection). All you have to remember is to make sure that your new password is stronger than your previous one. /apr

A consumer tech and cybersecurity journalist who does content marketing while daydreaming about having unlimited coffee for life and getting a pet llama.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Technology

This Apple Patent Secures 360-Degree Rotatable Camera For Its Watch Series

Published

on

Photo by Luke Chesser on Unsplash

The U.S. Patent and Trademark Office granted a patent for Apple that allows it to include a rotatable camera on its Apple Watch products—a revolutionary innovation to the smartwatch market.

Other brands have teased about introducing a built-in camera on their smartwatches before. However, that entails maneuvering the user’s wrist in a challenging position — proving that the technology is far from ready for launch.

Apple secured a patent that would solve the problem. The Apple Watch patent comes along with 63 newly granted patents for Apple Inc.

Apple Watch Rotatable Camera
Source: 9to5mac

The new patent opens the possibility of future Apple Watches with the ability to capture images and video via a rotatable, pull-out camera.

The patent describes the invention as similar to an extension of the Apple Watch band, where the built-in camera can be pulled out to expose and use it. Primarily, this will enable the Apple Watch user to avoid the tricky wrist-maneuvering.

“Such functionality can replace or at least meaningfully augment a user’s existing camera-enabled iPhone.”

Notably, cameras on smartwatches were initially introduced with similarities to the conventional smartphones where it is stationary on the screen. The patent describes it to have a pull-out functionality where a user can point towards the desired direction.

Furthermore, the built-in camera can even be rotated at a 360-degree angle. Meaning, a single camera can function both as a front and back camera, allowing Apple to save more space, as it is compacted on a very small device.

As described, the camera is placed on the tip of an extendable band where “an optical sensor [is] attached to or integrated within the distal end portion of the camera watch band […] and a data connection between the optical sensor and the watch body.”

The band, where the camera will be placed, is told to be flexible enough that users can manipulate it into any form via twisting and bending. A combination of a “malleable metal core” with “magnetorheological fluid,” and “mechanical links” will comprise the band to help maintain its form. This combination may also help prop the camera end to a fixed position such as bending towards the user to make FaceTime calls.

Users can take photos or record videos by pinching the camera watch band, asking Siri to do it, or by clicking on the Apple Watch screen.

2 Apple Watch with camera in band
Apple Watch Rotatable Camera
Source: Patently Apple

The latest report comes along with Apple’s plans of marketing the Apple Watch Series, as a more independent device from the rest of the company’s products such as an iPhone.

“A smartwatch with the capability of capturing images or videos may enable a user to forego carrying a smartphone when doing some activities, especially activities or environments where it would be difficult to take a smartphone (e.g., hiking, running, swimming, surfing, snowboarding, and any number of other situations),” says in its patent report.

Furthermore, Apple recently announced in its Worldwide Developer Conference that the Apple Watch is getting its own App Store with its own set of dedicated applications mainly focused on its Health functionalities.

Notably, the recent release remains to be a patent. There is no guarantee when we’re exactly going to see the built-in camera function in the Apple Watch or if we are ever going to witness it (at all).

It could yield similar results to Apple’s infamous AirPower—a wireless charging pad that can simultaneously power three devices without the need to place it in specific areas to work. The product never went into production as it proved to be challenging after all.

The future still holds the answer whether or not Apple will be able to make the camera feature with up-to-par quality. Questions regarding the camera’s quality, its strength, and durability of the camera band remain as a mystery.

On the other hand, if Apple does decide to push through with the invention and follow Apple’s standard with product quality, it could easily win over the current market, which is already dominating.

As of 2018, Apple’s Apple Watch Series still takes first place on the market for smartwatches with a total of 51% global market share. It is selling like hot pancakes as Apple’s shipments increased by 1.4 million units compared to the same quarter in the previous year, for a total of 9.2 million units shipped in Q4 2018.

Continue Reading

Politics

‘Youtube’ Removes ‘Project Veritas’ Leak Exposing The Bias Of ‘Google’ Against Trump

Is Google the only one who can prevent a “next Trump situation?” A Google exec thinks so.

Published

on

Jen Gennai said that Google is the only one that can stop Trump victory. Photo: Carlos Luna | Flickr | CC BY 2.0

As the election season approaches, Google’s video-streaming service, Youtube, took down a video that exposed the California-based technological superpower of being politically biased against the President and his bid for the next election.

The video, which has since been removed from the platform by Youtube, shows a senior employee at the company appearing to admit that the company plans to interfere in the next presidential election to stop Donald Trump.

The video is part of the Project Veritas, that has exposed numerous scandals corruption, dishonesty, self-dealing, waste, fraud, and other misconduct by private individuals, corporations, politicians and government agencies. It was founded by James O’Keefe and claimed that it aims to “further the common good and general welfare of the citizens of the United States by conducting investigations into waste, fraud, abuse, corruption, dishonesty, self-dealing and other misconduct for the purpose of educating the public, stakeholders, policymakers, and communities in order to create a more ethical and transparent society.”

Only Google can prevent “next Trump situation”

The said video is still available in the Project Veritas website and featured undercover footage of a top Google employee, Jen Gennai, who preaches that the company, Google, should not be broken up because they still need to stop the reelection of the President and only they can prevent “next Trump situation.”

“Elizabeth Warren is saying we should break up Google. And like, I love her but she’s very misguided, like that will not make it better it will make it worse, because all these smaller companies who don’t have the same resources that we do will be charged with preventing the next Trump situation, it’s like a small company cannot do that,” the video revealed appearing to be said by Gennai.

In the same video, Gennai appears also to declare that Trump’s victory in the 2016 elections “screwed us (Google).”

“We all got screwed over in 2016; again it wasn’t just us, it was, the people got screwed over, the news media got screwed over, like, everybody got screwed over, so we’re rapidly like, happened there and how do we prevent it from happening again,” she added.

“We’re also training our algorithms, like, if 2016 happened again, would we have, would the outcome be different?”

They need to change the law to force Google to change

Gennai is also strong in its stance that government pressure and intervention could not force Google to change its ways. She said that if the lawmakers want to change how Google behaves, they have to change the law.

“We got called in front of Congress multiple times, so we’ve not shown up because we know that they’re just going to attack us. We’re not going to change our; we’re not going to change our mind. There’s no use sitting there being attacked over something we know we’re not going to change. They can pressure us, but we’re not changing. But we also have to be aware of what they’re doing and what they’re accusing us of,” she said in the video.

Gennai works on “responsible innovation” in the Global Affairs division of Google — the same division run by Kent Walker, the Google VP who has declared his intention to make the populist-nationalist movement represented by Donald Trump a “blip” or “hiccup” in history, which he said, “bends towards progress.”

This rhetoric coincides and corroborated earlier leaks that exposed other top managers and officials from Google to have made similar statements involving the same sentiments.

Similar sentiments from other Google execs

Earlier this year, a Google engineer, Mike Wacker, published an email showing an official from the tech superpower telling his subordinates that the Trump election victory motivated the company’s stand on fake news.

“Also, I posted a comment on a meme regarding fake news on Search, and someone reported it to [Human Resources]. I didn’t say I was in favor or against, just cautioned that we need to be car[e]ful. My manager brought it up in our 1:1 last week. Made me feel very uncomfortable for having an opposing view. He said we need to stop hate [speech] and fake news because that’s how Trump won the election,” Wacker wrote in his post.

“I obviously didn’t say anything and just wanted it to end. I [redacted] would like to see all managers be required to take political bias training.”

Continue Reading

Technology

‘Operation Soft Cell’ Linked To State-Sponsored Chinese Hacking Group

Operation Soft Cell has been operating since 2012.

Published

on

The operation is called Operation Soft Cell. Photo: The Preiser Project | Flickr | CC BY 2.0

A Chinese-linked operation has been found to be stealing sensitive call data, including identifiable information by breaching into telecommunication network in order to gain espionage intelligence on high-value targets, a report reveals.

The operation, called Operation Soft Cell, was discovered by the cybersecurity research firm Cybereason and was said to have been operating since 2012 – which makes a total of seven years of hacking into telecom systems and networks from different countries around the world. Furthermore, researchers have also found evidence that the operations have been attacking cell networks a few years before 2012.

A state-sponsored operation

Researchers have linked the operation to a China-based hacking group APT10 as the tools, and TTPs used in the attacks are commonly associated with the Chinese threat actor. They also believed that the said attacks are state-sponsored and highly coordinated.

“We’ve concluded with a high level of certainty that the threat actor is affiliated with China and is likely state-sponsored. The tools and techniques used throughout these attacks are consistent with several Chinese threat actors, specifically with APT10, a threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS),” the researchers said in the report.

The attacks, as per the tech experts, were aimed to obtain CDR records of a large telecommunications provider. The threat actor was attempting to steal all data stored in the active directory, compromising every single username and password in the organization, along with other personally identifiable information, billing data, call detail records, credentials, email servers, geo-location of users, and more.

Modifying attacks wave after wave to prevent being linked

And the attackers have been evolving, changing their techniques now and then to prevent the attacks from being linked to each other.

“During the persistent attack, the attackers worked in waves- abandoning one thread of attack when it was detected and stopped, only to return months later with new tools and techniques.”

The attack began with a web shell running on a vulnerable, publicly-facing server, from which the attackers gathered information about the network and propagated across the network. The hackers attempted to compromise critical assets, such as database servers, billing servers, and the active directory. As the malicious activity was detected and remediated against, the threat actor stopped the attack.

The threat actor changed activity every quarter. Photo: Cybereason

The second wave of the attack hit several months later with similar infiltration attempts, along with a modified version of the web shell and surveillance activities. This cycle is said to continue, with the attackers and white hats play a game of cat and mouse. Every time white hats corner the attackers, they stop and return with a modified attack a few more times in the next four months.

Espionage is the primary motivation

According to the researchers, they can pinpoint several motives behind this massive cyberspace intrusion. They said that as hacking operations become one of the newest frontiers of global power struggle, institutions that store a vast amount of data started to become the target. And telecommunication corporations became one of the most vulnerable sectors.

“Due to their wide availability and the fundamental service they bring, telecommunications providers have become critical infrastructure for the majority of world powers,” they wrote in the report.

“Threat actors, especially those at the level of nation state, are seeking opportunities to attack these organizations, conducting elaborate, advanced operations to gain leverage, seize strategic assets, and collect information. When successful, these attacks often have huge implications.”

Furthermore, the researchers said that when an attack as big as this and with state support, the motive is usually not financial but instead, they aim to collect data like intellectual property and sensitive information about their clients.

One of the most valuable pieces of data that telecommunications providers hold is Call Detail Records (CDRs). CDRs are a large subset of metadata that contains all details about calls, including Source, Destination, and Duration of a Call, Device Details, Physical Location, Device Vendor, and Version.

This information is invaluable for threat actors as they give them intimate knowledge of any individuals they wish to target on that network. Having this information becomes particularly valuable when nation-state threat actors are targeting foreign intelligence agents, politicians, opposition candidates in an election, or even law enforcement.

“Beyond targeting individual users, this attack is also alarming because of the threat posed by the control of a telecommunications provider. Telecommunications has become critical infrastructure for the majority of world powers. A threat actor with total access to a telecommunications provider, as is the case here, can attack however they want passively and also actively work to sabotage the network,” they added.

Continue Reading

Trending