In this issue:
- Facebook ads targeting teens based on emotional state
- Hackers hit French President-elect Marcon in massive document dump
- Over 1 billion user logins and passwords leaked in Anti Public and Exploit.In dumps
Facebook ads targeting teens based on emotional state
Last week a report surfaced that Facebook told advertisers it could deliver highly targeted ad impressions to teenagers based on their emotional state. Advertisers were told they could hit teens with just the right ad when they were at their most vulnerable state, including feeling “worthless” or “insecure”. After initially responding to the piece with a standard issue “we’re sorry we’ll look into it”, Facebook released a second statement dismissing the article as misleading and denying the allegations.
Enter, Antonio Garcia-Martinez, a former Facebook marketing exec and author of the Silicon Valley tell-all “Chaos Monkeys”, who penned a follow up piece saying in effect “Facebook is full of it”. While unfamiliar with the exact documents being leaked, and saying that he was unaware of Facebook targeting specifically on “psychological state”, Garcia-Martinez did write that Facebook “does offer ‘psychometric’-type targeting, where the goal is to define a subset of the marketing audience that an advertiser thinks is particularly susceptible to their message” .
Original Report: https://www.theguardian.com/technology/2017/may/01/facebook-advertising-data-insecure-teens
The Garcia-Martinez article: https://www.theguardian.com/technology/2017/may/02/facebook-executive-advertising-data-comment
Hackers hit French President-elect Marcon in massive document dump
In the home stretch up to the second-round run-off election in France this past weekend, hackers dumped over 9GB of private files of Emmanuel Macron, including documentation of entities in offshore tax-havens Nevis and The Cayman Islands. Oh dear. The French Government moved swiftly to place a ban on republishing the material imposing criminal penalties for doing so. Even so, the documents are widely available now and can be downloaded via bit torrent.
What makes this episode even more interesting are details emerging that Marcon, not willing to be sunk by inconvenient data leaks unlike a certain other earlier election, quickly mobilized a counterintelligence operation by first: casting doubt on the authenticity of the documents and then by possibly seeding the leaked documents with fakes and forgeries in an effort to cast doubt on the entire set. A response perhaps bourne out by going on to win round 2 with 65% of the vote. Some fascinating analysis on this second part of the story by Israeli security researcher Gadi Evron and The Daily Beast.
Read: http://www.reuters.com/article/us-france-election-macron-leaks-idUSKBN1812AZ
and: https://hackernoon.com/analyzing-a-counter-intelligence-cyber-operation-how-macron-just-changed-cyber-security-forever-22553abb038b
Over 1 billion user logins and passwords leaked in Anti Public and Exploit.In dumps
Over the weekend I got not one, but two notices from HaveIBeenPwned that my email address came up in some rather large credential dumps. Yours too, probably. Both the “Anti Public” combo dump from December 2016 and the more recent “Exploit.In” dump each contain over 500 million email addresses and plain text passwords.
Remember what we’ve written previously about this issue, you could have the strongest password in the world and if you use it with some vendor who i) stores it in plaintext and then ii) gets hacked, then it’s officially burned. Well now we’ve got over 1 billion burned passwords and their corresponding email addresses floating around the internet in two dumps.
When we analyzed a previous credential leak (the 000Webhost dump), we found an intersection with 2,390 easyDNS members, of which 248 (over 10%) were using the same password that was leaked from 000Webhost with their easyDNS account (we could tell by comparing the encrypted hashes, we don’t store your passwords in the clear.)
This week we’ll be running a similar analysis on these two dumps and resetting any of your passwords if we find them in these two leaks. But if you’re reusing passwords, please don’t wait for or rely on us to find it, reset your easyDNS password today – and stop reusing passwords. Use a password manager like LastPass, or Keepass or Password Safe combined with a canary email address domain so you can tell from which any leaked credentials originate.
Consider resetting your easyDNS password!
Read: https://www.troyhunt.com/password-reuse-credential-stuffing-and-another-1-billion-records-in-have-i-been-pwned/
Also: https://axisofeasy.com/blog/2015/12/09/you-may-only-be-as-secure-as-your-weakest-vendor/
Mark: ff you keep using click tracking links for your content, I’ll stop reading it. I don’t have sufficient inclination to disentangle each link. (Note: my psychometric state after noticing those is “kinda pissed off because I expected better”.) Regards, G.