Connect with us

Business

First American Data Leak: A Data Breach Without A Hacker Is Still A Data Breach

More than 885 million data were exposed online from American First website and a class action suit filed against the company for negligence. Click To Tweet

Published

on

The data included in the breach isn’t merely someone’s email or full name; a hacker can have access to a pool of millions of sensitive information if he knows where exactly to look for it.
More than 885 million data exposed from First American website. Photo: First American Website

More than 885 million data was left unsecured – not even with simple encryption mechanisms like passwords – from insurance giant First American, and only time can tell if someone who has terrible intentions had gained access to the wealth of consumer data that can easily be harvested from the domain.

The data included in the breach isn’t merely someone’s email or full name; a hacker can have access to a pool of millions of sensitive information if he knows where exactly to look for it. Information like bank account numbers, bank statements, mortgage records, tax documents, wire transfer receipts Social Security numbers and photos of driver’s licenses, all of which dated back to 2003, were potentially vulnerable to cybercriminals.

What’s particularly interesting about the case of First American data breach is that there is no indication that there were people who infiltrated their system illegally. What happened is a relatively common website design error called Insecure Direct Object Reference (IDOR), according to Dave Farrow, Senior Director of Information Security at Barracuda Networks.

A link was created to direct to the database in the site’s domain that contains the sensitive information but was only intended to specific users only like staff or partners, for example. However, there is no method to verify the identity of those who visit the link. When you have the link, you have access to millions of sensitive consumer data. Worse, anyone who discovers the link can easily modify it to view other documents.

No hacker, no data breach?

Not necessarily. While hacking is one cause of data breaches around the world, the negligence of the company who owns the database is one of the most common reasons. A recent study suggests that companies consider “employee mistakes” as the most potent cause of a data leak. Validly so, a data leak without a hacker is still a data leak – consumer data is still exposed for anyone’s consumption and can be as devastating as when an intruder took it forcefully.

“No end user compromise is necessary,” Farrow said. “The hacker has simply identified an authorization error in the website and walked through the front door.”

While bypassing some of the IDOR security mechanism requires hard work, the amount and type of data that can be collected from First American is enough incentive for anyone to put all their guns down and do the labor. Besides, the job becomes increasingly comfortable as the data is already mass harvested. Analysts even argued that the data could also be indexed by bots; making manual human labor to access and collect the data more accessible.

Furthermore, even if no one has tried to scoop out data from the site purposefully, a massive chunk of it has also been captured by search engines. A simple search, with the right keyword, can lead anyone to a mammon of sensitive consumer data, even if they did not intend to. According to First American, cached versions of at least 6,000 exposed documents were still readable online.

Class action suit filed against First American

Given the sensitivity of the data left exposed from the company’s website, time only separates the company from a brewing class action – and the time has come. A class action suit has been filed against the insurance giant for its apparent negligence that leads to the exposure of more than 885 million data online. Gibbs Law Group LLP announced today that it is bringing the first nationwide class action lawsuit against the multibillion-dollar corporation.

In a court filing made in California, the class action said that “despite explicitly promising customers robust data security as part of the high cost of title services, First American allowed anyone to access the sensitive files of millions of customers. Nor is this just a theoretical concern –many, if not all, of the documents, were repeatedly accessed before First American was told about the breach.”

“First American made it incredibly easy for the public to access this private information by failing to implement even rudimentary security measures. Suppose that you are a First American customer. The company provides you with a URL to access your documents on its website. That URL might end in “DocumentID= 000000075,” the filing says.

The class action is requesting the court to award American First clients and the affected parties with damages, disgorgement, and any other form of monetary relief provided by law (but not damages under the CLRA). /apr

A consumer tech and cybersecurity journalist who does content marketing while daydreaming about having unlimited coffee for life and getting a pet llama.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

‘Beyond Meat’ Is Introducing Ground Beef In Its Product Line

Beyond Meat is launching a plant-based ground beef alternative that tastes and cooks like your regular pound of ground beef Click To Tweet

Published

on

Source: Beyond Meat

Beyond Meat is launching a new product in its line of vegetarian-friendly meat alternatives, a one-pound package of ground beef meant to target America’s biggest seller in the meat department.

Beyond Meat is a Los Angeles-based producer of plant-based meat substitutes founded in 2009 by Ethan Brown. The company aims to supply people’s needs to consume conventional meat with healthier alternatives that are derived from plants. The company’s products became available across the United States in 2013. In May 2016, it released the first plant-based burger to be sold in the meat section of grocery stores, on an international basis

Ground beef will be Beyond Meat’s line of plant-based meat like burger patties and sausages. Recently, Beyond Meat pulled out its chicken strips for improvement. The plant-based ground beef will be called Beyond Beef and will be available in stores nationwide.

The “meat” is made from a blend of pea, mung bean, and rice proteins, and contains 25 percent less saturated fat than real beef. Aso, Beyond Beef has 20 grams of protein per four-ounce serving with a “fibrous texture” similar to beef. The company also claims that the plant-based ground beef is “versatile enough to be used in any ground beef recipe” and can be used to make your usual meatballs or for toppings in your tacos.

Beyond Beef will be offered at the Whole Foods Market in Boulder, Co., where the first Beyond Meat product was first sold at a grocery store.

“We wanted to get back to our roots and show our appreciation to the place where it all began with a little sneak preview,” the company wrote on Instagram. “…Come be among the first to try this delicious new product that delivers the versatility, meaty texture and juiciness of ground beef with less of the baggage!”

Beyond Meat’s announcement of Beyond Beef comes after the company admitting that it is still working on improving its recipe in terms of appearance, aroma, texture, and taste. The improvements are said to make their products resemble real meat better.

“It’s challenging because we aren’t satisfied with our current products. And so as much as I love to hear and to really do that you know you’ve gone out to buy the product. Part of me cringes because I know that I have a product here that’s so much better than that,” Brown tells The Verge. “We are on this mission to build a perfect piece of meat and that product is imperfect. There are things about it that aren’t exactly like meat and that really bothers us.”

Particularly, Beyond Meat’s original plant-based burger patty now has a meatier taste and texture with marbling that ‘melts and tenderizes like beef.’ The company says that they used coconut oil and cocoa butter to mimic the marbling effect.

Additionally, Beyond Meat is making their patties with more ‘neutral flavor and aroma’, and is a complete protein source from its blend of pea, mung bean, and rice proteins. It remains to be free from GMO, soy, and gluten.

“We believe in a better Beyond. A Beyond that’s always striving for more. That’s, why we created the new, MEATIER Beyond Burger™. With mouthwatering marbling, a meatier chew, and all the juicy, GMO-free deliciousness you loved in the original, this new burger is closer to beef than ever before,” its website reads.

Brown was often asked by his mother: “Why are you so focused on perfectly replicating animal protein? Why don’t you just build a new source of protein for the front of the plate that people get really excited about?” I think we ought to earn that right. We have to prove that we can do this because the only thing that I know with absolute certainty about the consumer is that the consumer loves meat… Most of us do. Around 94 percent of the population here in the United States. And so that’s a really clear target for me,” Brown responds.

Brown, whose company entered the US stock market earlier this year, described the burger as a ‘stop along that way’, telling CNN Business: “It’s certainly not the end game.”

Shares of Beyond Meat were up more than 10% in early trading Monday on news reported by CNN. Now, Beyond Meat shares are up more than 550% since the company’s IPO in early May.

Continue Reading

Business

Uber Elevate Revealed First Glimpse Of Aerial Delivery

Uber Eats is taking food deliveries to the sky as early as this summer over San Diego Click To Tweet

Published

on

Uber Eats Drones | Photo From: Uber

Uber is launching an air version of its Uber Eats service in San Diego alongside its plans of bringing Uber Air for public use through Uber Elevate. And the concept is arriving sooner than expected.

Uber Elevate is the ride-sharing company’s urban air mobility division that supervises all of Uber’s innovations towards taking advantage of the positive impacts and possibilities of aerial delivery.

Conventionally, ground travel has grown to become overly congested and a nuisance that the solution of making deliveries more efficient is by looking up to the sky.

Ride-sharing companies and other mobility services such as food deliveries are dependent on their human drivers to provide and fulfill orders. But with the current rate of driver satisfaction, implementing autonomous or tech-dependent vehicles would help Uber alleviate worries from continued driver decline.

And today, Uber, for the first time, shared a glimpse of its next-generation delivery service via Twitter. Working alongside its partner McDonald’s in making the aerial delivery concept a reality; Uber Elevate tests drones to deliver Mcdonald’s with its specialized box to hold items in place.

Here’s how delivery works:

As much as we want to, drones won’t carry your orders right on your doorstep, at least not yet. Ideally, once a customer confirms an order, the assigned restaurant prepares the meal and then load it into the drone’s specialized box.

The very same drone will then ascend and glide on its journey to its designated drop-off point where an on-ground vehicle awaits to accomplish the last leg of the delivery.

Uber’s Elevate Cloud Systems will track and guide the drone, as well as, notify an Uber Eats delivery driver when and where to pick up the package. The drones will use the QR codes emblazoned on Uber Eats vehicles to determine its designated drop-off point.

In its Uber Elevate Conference 2019, the ride-hailing company pointed out its avoidance of making restaurant-to-home deliveries a reason for an accident on the road. Also, its participation to limit noise pollution caused by a handful of rotors zipping to and fro.

Uber Eats Flight and Delivery Plan
Source: Uber

Regarding pricing rates and fees, Bloomberg reported that the air-involved Uber Eats delivery fee will be “consistent” in the San Diego area ranging up to $8.50.

Uber plans to start making deliveries via drone in San Diego as early as this summer and would wish to expand to neighboring cities like Los Angeles. However, Uber is still awaiting approval from the Federal Aviation Authority (FAA) to proceed.

“We’ve been working closely with the FAA to ensure that we’re meeting requirements and prioritizing safety,” Uber Elevate Head of Flight Operations Luke Fischer said in a statement. “From there, our goal is to expand Uber Eats drone delivery so we can provide more options to more people at the tap of a button. We believe that Uber is uniquely positioned to take on this challenge as we’re able to leverage the Uber Eats network of restaurant partners and delivery partners as well as the aviation experience and technology of Uber Elevate.”

Uber Eats earns the company more than its parent service or ridesharing—which would prove why Uber is so adamant in pushing drone services with Uber Eats be available right away.

Specifically, Eats is on a steady pace of increasing its profits margin compared to Uber. Eats proves to be a revenue driver with gross bookings growth of 108% to $3.07 billion.

For the first quarter of 2019 alone, Eats generated $536 million in revenue for Uber — doubling the revenue generated from its 2018’s first quarter. Meanwhile, Uber’s ride-hailing revenue only went up 9 percent year-over-year.

From a broader perspective, Uber’s first-quarter earnings in 2019 reported a gross bookings growth of 230% for its other bets, while ride-hailing grew 22% compared to the same quarter last year.

Continue Reading

Advertising

The North Face Google Search Campaign Denounced By Wikipedia — Company Blamed Lack Of Communication

The North Face hacked Google's top search results by exploiting Wikipedia. Click To Tweet

Published

on

Screenshot from The North Face video

In The North Face latest video campaign, they proudly announced reaching number 1 in Google’s search results by paying nothing; an impossible feat in the search engine giant’s platform.

“We hacked the results to reach one of the most difficult places: the top of the world’s largest search engine, paying absolutely nothing, just by collaborating with Wikipedia,” says in their video.

The campaign achieved its goal: they were number 1 on Google’s Top Photos. However, the popular American outdoor lifestyle brand found itself in controversy — as Wikipedia and public outcry denounced the campaign.

A Brazilian subsidiary of ad agency Leo Burnett created the video and was behind the effort in April to insert the images on Wikipedia pages.

In the video material shared by AdAge, The North Face explained how they were able to “hack” Google.

The North Face capitalized on the idea that often times, before going on a trip, people turned to Google to make a basic search. Furthermore, those search results often had Wikipedia at the top of the list of search results. In relation, the images attached to these Wikipedia pages are also the top photo results in Google Images.

To exploit this, they hired Leo Burnett’s Brazil team to take photos of models in popularly searched travel locations wearing The North Face jackets, clothes, and equipment — which they eventually used to replace the photos on Wikipedia pages.

At the end of the campaign, there was North Face gear in more than 15 locations including Brazil’s Guarita State Park and the Mampituba lighthouse, as well as, California’s Cabo peninsula, Peru’s Huayna Picchu, and Scotland’s Cuillin mountains.

The result was that The North Face photos that were replaced in Wikipedia ended up to be the top photo results every time someone searched for the popular destinations. Hence, massive publicity boosts and free advertising costs.

Initially, The North Face and Burnett’s team appeared to be clueless about the possible backlash from an ethical standpoint; considering the lines that were said in the video seems to be an accomplishment for the team. The video, shown above, starts with the line, “How can a brand be the first on Google without paying anything for it?” and brags that they “did what no one has done before…we switched the Wikipedia photos for ours” and that they “[paid] absolutely nothing just by collaborating with Wikipedia.”

Hours after uploading the AdAge video campaign, Wikipedia moderators removed 12 images (or, in some cases, simply cropped out the TNF logo), and reported the accounts that had uploaded them for breaches of Terms of Use for undisclosed paid advocacy.

“Adding content that is solely intended to promote a company or its products goes against the spirit, purpose, and policies of Wikipedia to provide neutral, fact-based knowledge to the world,” the Wikimedia Foundation wrote in response. “It exploits a free public learning platform for corporate gain.”

Moreover, Wikipedia said in a tweet, “Yesterday, we were disappointed to learn that @thenorthface and @LeoBurnett unethically manipulated Wikipedia. They have risked your trust in our mission for a short-lived consumer stunt.”

The Wikimedia Foundation, the non-profit behind Wikipedia, has since refuted that there was no collaboration of any sort, saying in a blog that “Wikipedia and the Wikimedia Foundation did not collaborate on this stunt, as The North Face falsely claims.”

“In fact, what they did was akin to defacing public property, which is a surprising direction from The North Face. Their stated mission, ‘unchanged since 1966,’ is to “support the preservation of the outdoors’– a public good held in trust for all of us,” it added.

The North Face has since then apologized on Twitter and said that it has ended the promotion. In an interview with The New York Times, the company pinned the blame on a lack of communication between the company and the local distributor in Brazil — which had approved the campaign.

The North Face said in response to Wikipedia‘s Tweet shown above says, “We believe deeply in @Wikipedia’s mission and apologize for engaging in activity inconsistent with those principles. Effective immediately, we have ended the campaign and moving forward, we’ll commit to ensuring that our teams and vendors are better trained on the site policies.”

Continue Reading

Trending