Facebook bug hits 14M users, and 3 more things in cybersecurity this week
We hope everyone's having a safe day!
This week's roundup of cybersecurity news features Facebook prominently. Not only did it have to work to resolve a software glitch affecting 14 million users statuses, it also confirmed it granted Chinese electronic firms access to user data, though at least one company – Huawei – said they didn't collect or store that data for themselves.
Facebook bug set some private posts to public, afftecting 14 million users
Facebook said a software glitch changed the settings of some 14 million users, potentially making some posts public even if they were intended to be private.
The news marked the latest in a series of privacy embarrassments for the world's biggest social network, which has faced a firestorm over the hijacking of personal data on tens of millions of users and more recently, for disclosures on data-sharing deals with smartphone makers.
Facebook granted Chinese electronics firms access to user data, Huawei denies collection of data
Facebook confirmed this week that at least 4 Chinese electronics firms were granted private access to user data. The data-sharing partnerships were with device makers Lenovo, Oppo, TCL, and Huawei. The partnerships, which date back to 2010, gave Facebook an opportunity to promote its platform to mobile users by having the device makers integrate features including address books, buttons, and status updates.
Huawei, for its part, denied collecting data from Facebook users. The company said its cooperation with Facebook was to improve user services, and it said it didn't collect or store user data.
MyHeritage data breach leaks over 92 million account details
DNA testing and genealogy service MyHeritage has announced that it suffered a data breach in October 2017, with the details of 92,283,889 users found on a private server. The breach "included all the email addresses of users who signed up to MyHeritage up to October 26, 2017, and their hashed passwords."
Valve patches 10-year-old remote code execution bug in Steam platform
Tom Court, a senior researcher at cybersecurity firm Context, said popular game distribution platform Steam had a 10-year old bug that would have left its users vulnerable to remote code execution attacks.
Valve, Steam's developers, found out about the bug when Court reported it to them last February. The bug was resolved in the beta branch in less than 12 hours, with a fix pushed to the stable branch and rolled out as a patch last March. Court said this was likely caused by an oversight and reminds developers to constantly review old code even if they are still functional to ensure they are bug-free.