All You Need To Know About The Capital One Data Breach

Capital One bank Hq buildingIn late July, Capital One Bank announced that 106 million of its card holders had their data compromised in a massive breach that stretched over four months. Among the victims, 140,000 customers had their Social Security numbers swiped and approximately 80,000 had their linked checking account numbers stolen. No credit card numbers were reported to have been lifted in the breach.

The company fixed the vulnerability immediately and promised to alert all victims of the breach about their compromised data. The alleged hacker has been apprehended and steps are being taken to ensure a breach of this magnitude doesn’t happen again.
The Capital One issue was hardly the first of its kind to hit the news in recent years. Factors like online data and sophisticated hacking tools have spawned a wave of data breaches that have hit all kinds of businesses and service providers, from police departments to eateries, major retailers and online search engines.

In light of the multiple and wide-reaching data breaches over the past few years, experts recommend that everyone, even those who are not Capital One credit card holders, take the following 5 steps to protect their information from hackers:

Freeze your credit – Placing a freeze on your credit is the first and most crucial step you can take to stop scammers from making use of your information. A credit freeze will not affect your credit score, but does serve as a red flag for lenders and credit companies by alerting them to the fact that you may have been a victim of fraud. Consequently, hackers will not be able to open a new line of credit or apply for a loan in your name.
You can now freeze your credit at no cost at all three of the major credit bureaus, Equifax, TransUnion and Experian. You’ll need to provide some basic information, including your date of birth and your Social Security number. You’ll receive a PIN for the freeze that will need to be used for lifting the freeze should the need arise.

Enable two-factor authentication – If you haven’t already, change all of your logins to two-factor (also called “multi-factor”) authentication. Whenever possible, choose a non-password authentication, like face recognition or thumbprint sign-in. This will provide an extra layer of protection against hackers and scammers trying to access your account.
Sign up for credit monitoring – Capital One is offering free credit monitoring for all victims of the data breach. You can find out more about this offer and general information about the Capital One data breach here.

Even if you’re not a Capital One card holder, you might want to consider signing up for credit monitoring to prevent being a victim of a data breach in the future. The service will immediately notify you about any suspicious activity on your accounts so you can stop potential hackers in their tracks. Credit monitoring will run you $10-$30 a month, but you’ll have the security of knowing that the company is on the lookout for any signs of trouble with your credit.

Use strong, unique passwords – Always choose strong passwords for all your accounts and use different passwords for each login. Your passwords should be at least eight characters long, and use a variety of numbers, letters and symbols. Vary your capitalization use as well, and never use your name, phone number or a common phrase as your password.

If you’ve been using your current passwords for a while, consider changing them up now. You can make this task easier by using a password aggregator like LastPass or Sticky Password.

Strengthen your security and spam settings – Never answer emails asking you to share sensitive data, even when they appear to be from legitimate companies. Make sure your devices are fully updated, and keep your spam settings on their strongest levels. It’s also a good idea to keep your social media accounts as private as possible to keep scammers from finding out personal details about your life which they can use to crack open your passwords.

Hackers never stop trying to get at your data, but with the right protective measures in place, you can keep them from seeing success.

Your Turn:
Have you been affected by the Capital One breach? Tell us about it in the comments.

Learn More:
cbsnews.com

usatoday.com

upi.com

capitalone.com

What’s Up With WhatsApp?

WhatsApp Logo on green backgroundA cybersecurity breach in Facebook’s WhatsApp app last month left users vulnerable to spyware attacks via voice calls. An undetermined number of the 1.5 billion users of the popular messaging app may have had malicious spyware installed on their devices.

Let’s take a closer look at the security breach and the steps you can take to protect yourself, both now and in the future.

What happened?
Security breaches are old news in the app world, but a breach of extremely high magnitude and reach is something new and fairly frightening. The fact that the breach hit WhatsApp is especially alarming. WhatsApp utilizes strong encryption for both voice and text messaging and is used as a communication platform for government and security officials around the world.

Here’s how it went down:
A government-grade intelligence collection tool was employed to target WhatsApp users via voice calls. The spyware has been endowed with the ability to seize control of the affected smartphones and to access any private information stored on the device.

The spyware utilized in the attack was allegedly created by the NSO Group, an Israeli cyber surveillance company that has developed this advanced technology for the express purpose of allowing government agencies to infiltrate terrorist groups and to fight crime. Unfortunately, when the spyware fell into the wrong hands, it helped scammers pull off one of the greatest cybersecurity breaches of all time.

The Financial Times reported that the WhatsApp breach was made possible because of a loophole in the app’s code that allowed hackers to transmit spyware onto smartphones by calling targets through the app. The malicious code could be injected into the device whether the user picked up the call or ignored it.

According to WhatsApp, the cyber breach was first discovered in early May and had been used to target an undisclosed number of WhatsApp users. The Facebook-owned messaging company claimed it briefed human rights organizations about the breach and also asked U.S. law enforcement agencies to assist it in conducting an investigation. When WhatsApp had more definite information, it notified the public about the breach.

Who was affected?
It doesn’t matter what kind of phone you have; the security vulnerability affects both iPhone and Android devices. The good news is that not every version of WhatsApp was affected. To check whether the version you have on your phone was part of those impacted by the breach, check out Facebook’s official advisory confirming the vulnerability, which outlines which versions were affected.

The messaging giant has not confirmed a specific number of targeted victims. Rather, it has only shared that a “select number of users were targeted through this vulnerability by an advanced cyber actor.”

What do I need to do now?
Since the vulnerability that caused the breach lies in the makeup of the app and not in an unsafe or negligent practice in the hands of a user, there is no way you could have prevented your device from being affected. However, now that the facts are on the table, you can take the recommended steps to keep your device safe from this vulnerability.

Since the breach was discovered, WhatsApp engineers have been working hard to close the app’s security vulnerability. The company has started installing a fix to servers and to private customers. It has also created an updated, safer version of the app that it has urged all users to employ on their devices as soon as possible.

Here’s a quick guide for updating your WhatsApp.

  • For iPhone users: Open the App Store, choose updates, select WhatsApp and then click Update.
  • For Android users: Open the Play Store, click the three lines in the upper left-hand corner, choose My Apps & Games, select WhatsApp and then hit Update.

If you haven’t yet updated your device, do it now. It only takes a few seconds of your time to make sure your WhatsApp is operating at its safest level.

You never know when those scammers are going to hit next. Practice safe measures by always using the latest version of any application or operating system, keeping yourself in the know about recent security breaches and never sharing sensitive information online.

Stay safe!

Your Turn:
How do you keep yourself safe from security breaches? Share your tips with us in the comments.

SOURCES:

https://www.iol.co.za/news/south-africa/gauteng/consumerwatch-what-you-should-know-about-whatsapp-breach-23607175

https://www.people.com/human-interest/whatsapp-security-breach-update-app/amp/

https://www.forbes.com/sites/zakdoffman/2019/05/14/whatsapps-cybersecurity-breach-phones-hit-with-israeli-spyware-over-voice-calls/amp/

All You Need To Know About Facebook’s Latest Bug

Young black woman scrolling through an app on her smartphone in a cafeWith its wide range of features, easy-to-use interface and streamlined access, Facebook is the darling of the social media age. It helps people stay connected with family and friends, allows new relationships to blossom and creates a culture of community for new and established businesses alike.

However, in December, Facebook announced its internal team found a photo API bug in its platform which may have exposed the unshared photos of 6.8 million users. As the latest in a stream of publicized security issues, this breach has the public confused and worried about their privacy.

Read on for all you need to know about the recent Facebook bug.

What happened because of the photo bug?
According to Facebook’s policy, apps linked to Facebook are only allowed to access photos that users give them permission to view, such as those posted on their Facebook timeline. The recent bug, however, may have allowed third-party apps to access loads of other pictures without their user’s knowledge and permission.

An estimated 1,500 apps built by 876 developers were affected by the bug. All of these apps are approved by Facebook, and were authorized by users to access their photos.

The photos breached include those shared on Facebook Stories or Marketplace as well as photos that had been uploaded but weren’t yet posted on Facebook.

The bug was active from Sept. 13 to Sept. 25, 2018. Although, Facebook waited to come clean about the breach in mid-December, 2018.

What steps has Facebook taken to fix the bug?
Facebook fixed the bug as early as Sept. 25 and has openly apologized for the breach. They have promised to let app developers know which of their users have been affected by the bug so they can take steps on their own. Facebook has also claimed to be working on strengthening their platform’s privacy to prevent future photo leaks and security breaches.

When asked why the social media giant did not inform the public about the bug immediately, a Facebook representative told CNN Business, “We have been investigating the issue since it was discovered to try and understand its impact so that we could ensure we are contacting the right developers and people affected by the bug. It then took us some time to build a meaningful way to notify people, and get translations done.”

Despite the statement, the jury remains out on whether Facebook has really taken the responsible course of action after the bug was discovered.

What does the bug mean for impacted Facebook users?
Having your unshared photos posted on public forums can lead to a host of safety issues. Thankfully, no crimes have been linked to the photo leak to date, but crooks can use revealing photos to stage a home robbery or worse. For reasons such as this, it’s always best to use the strongest privacy settings on your social media platforms and to be super-careful about which apps you allow to access your photos.

To be extra careful and keep yourself safe in the event of security breaches like Facebook’s recent photo bug, never post pictures that are too revealing about your personal life and your financial situation.

How can I check if my photos were leaked?
Facebook has issued an official alert to all affected users with clear steps for protecting their photos. The alert directs users to a Help Center Page where they can check if they’ve used any apps affected by the bug and get instructions on how to proceed from there.

Facebook also advises users to log into any apps they use to share photos and check which ones are accessible. If you’re worried about an app’s privacy, log into Facebook’s Manage Your Apps page and contact the app developer directly to inquire about the accessibility of your photos.

Facebook’s latest security breach may have impacted millions of users, but with the proper reactive steps and an eye toward a more secure future, it can help the social media giant and all its users practice stronger security measures and protect their privacy against potential breaches.

Your Turn:
Have you been impacted by Facebook’s latest breach? Share your experience with us in the comments below.

SOURCES:
https://betanews.com/2018/12/16/facebook-photo-api-bug/

https://www.google.com/amp/s/amp.cnn.com/cnn/2018/12/14/tech/facebook-private-photos-exposed-bug/index.html

https://www.geek.com/tech/facebook-photo-bug-how-to-check-if-you-were-impacted-1766300/

https://www.google.com/amp/s/www.cnbc.com/amp/2018/12/14/facebook-bug-exposed-photos-from-up-to-6point8-million-users.html