Cybersecurity roundup: April 15 to 21, 2018
Facebook confirmed it collected data beyond its actual Facebook users on sites you visit, while technology firms are pledging to not help cyberattackers in their deeds.
Meanwhile, a former Cambridge Analytica executive claimed the firm used other quiz apps to harvest personal data from Facebook users.
Here's your weekly cybersecurity roundup!
Facebook confirms it collect non-user data
Facebook confirmed it was engaged in a reportedly common practice of collecting user information from people beyond their social network use.
"When you visit a site or app that uses our services, we receive information even if you're logged out or don't have a Facebook account," product management director David Baser said in a post on the social network's blog.
"This is because other apps and sites don't know who is using Facebook," he added, noting Facebook was also following up with Congress on a few dozen questions Zuckerberg was unable to answer at the time of the hearings. He added Google and Twitter, among others, also engage in the practice.
Former Cambridge Analytica employee admits other quiz apps were also harvested for data
Brittany Kaiser, a former Cambridge Analytica (CA) employee, testified in front of a UK committee investigating the scandal and claimed the research firm used other quiz apps to harvest personal data from Facebook users.
“I should emphasise that the Kogan/GSR datasets and questionnaires were not the only Facebook-connected questionnaires and datasets which Cambridge Analytica (CA) used,” she wrote in her testimony. She added "a wide range of surveys" done by CA or its partners, usually with a Facebook login, were used for this purpose.
Profile of a hacker who stole data on 168 million people for spam operation
The Daily Beast has a profile on a hacker involved in a number of bulk data thefts affecting some 168 million users of popular websites.
The hacker, 28-year-old Kyle Milliken. worked with colleagues to steal email addresses and account passwords to feed a spam operation that ran from 2010 to 2014.
Tech firms pledge to refrain from helping cyberattacks
Thirty-four global technology companies and organizations signed a pact calling for a stronger defense against cyberattacks in any form and pledging to refrain from helping governments attack "innocent" civilians or enterprises.
"The devastating attacks from the past year demonstrate that cybersecurity is not just about what any single company can do but also about what we can all do together," said Brad Smith, president of Microsoft, in a statement endorsed by US firms including Facebook, Oracle and global giants including Telefonica, Nokia and BT.
The announcement comes after a year marked by devastating attacks including ransomware and news of Russian-led efforts to infiltrate systems controlling critical infrastructure.
Tech expert points to face authentication as 'awful tool'
Jebb Lewis, a tech expert from Android security solutions provider Redmorph, says facial authentication tech may be more trouble than its worth for end-users.
At a presentation titled "The Dark Side of Digital: Capitalism in Crises" at the DTS 2018: Fintech and Blockchain Innovation Summit in Taguig, Lewis explained that biometric information isn't something one can easily change, and using that data means giving it up for app developers to use.