Hackers are becoming more and more creative every day. There is now a way for them to access your Facebook login credentials with little effort. Victims are lead to malicious websites that mimic real websites, such as Airbnb, where a fake screen appears that will ask you to login using Facebook. When users input their username and password, they are then alerted that their information has been compromised. This then leads them to a screen where they can “fix the bug” essentially, giving hackers the access they need to steal your information. Read more about this phishing technique, and how to identify when something is potentially dangerous.
In a ‘major privacy incident’, FEMA mistakenly released the personal information of approximately 2.3 million disaster survivors to a contractor they were working with. This happened when FEMA personnel were transferring records to the contractor, but accidentally included the survivors’ personal data such as their addresses and credit card information. While the name of the contractor has not been released, FEMA representatives stated that they were able to do a thorough check of the contractor’s information system, as well as removing any data that remained on their system after the mishap. FEMA also had the staff of the contracting company to complete a privacy training program to reduce the risk of similar mistakes being made.
Hackers recently got ahold of some user’s credit card information in a recent breach to MyPillow and AmeriSleep’s websites. It was reported that the hackers, named Magecart, had access to the sites months before the data was compromised. The way they got in was through a domain named “mypiltow.com”, which blended in just enough for MyPillow’s security team to overlook it for multiple days. Magecart’s specialty is placing skimmers in these websites that record user’s credit card data when they are making a purchase on the site. Situations like these are why it is always important to be aware of a site’s security and their privacy policies when making a purchase online.
In an attempt to place regulations on new technology, U.S. Congress has put forth a new bill: The Internet of Things Cybersecurity Improvement Act. This will address a major concern that many IoT (Internet of Things) devices will not have sufficient security built into them, leaving users at risk. This legislation would only affect IoT devices that will be sold to the U.S. government, so further regulations may still need to be put in place for the general public’s safety. If this bill were passed, it would require that the National Institute of Standards and Technology to give guidance on what the best approach would be for this to go smoothly. Details about the bill can be found here.
Avid users of Facebook are typically familiar with the intriguing “personality quizzes” that float around on their news feeds. They may seem harmless, as most are, but there was recently a lawsuit filed against a few “quiz” providers. “Supertest,” “Megatest” and “FQuiz,” were among those in question. The lawsuit, filed by Facebook on March 8th, 2019, detailed that the quizzes scraped data from the user’s Facebook accounts without the permission or knowledge of the user. This is just one example of an easy way for hackers to get ahold of your information. Unless you are positive that these quizzes are secure, it is best to steer clear of them altogether.