latest
Reddit has been the center of attention during the past few weeks, because it is changing its API rules and adversely affecting third-party apps in the process. A few of the big apps have announced shutdowns, and several major subreddits have gone dark in protest. Now, we are learning of a hacker group threatening to leak 80GB of confidential Reddit data unless the company rolls back the API changes and coughs up a ransom.
Twitch swears no login details were exposed during huge data leak
Streamers will have to request new stream keys out of an abundance of caution
Twitch's huge leak consisting of more than 100GB of source code and payment data came as a surprise to everyone this week, including the company itself. The Amazon subsidiary has since started investigating and is looking into the security implications of the incident. Thankfully, the company hasn't found evidence that any login data has been leaked so far, but out of an abundance of caution, all stream keys have been reset.
Twitch.tv just got leaked in its entirety, here’s what you should do
Source code, payouts, upcoming features, and potentially even passwords can be found in the 125GB dump
Read update
It looks like popular gaming-focused streaming platform Twitch.tv has some troubling days, months, or maybe even years ahead of it. According to Video Games Chronicle, the entirety of the website’s code and internal documents have been leaked online on 4chan as part of a 125GB torrent dump on Wednesday. It’s still unclear if user data is also affected, but given the extent of the leak, we wouldn’t be surprised.
Yet another security camera nightmare allowed users to see cameras that weren't theirs
The issue with Eufy cams reportedly affected only '0.001%' of customers and has since been fixed
Read update
Earlier today, some owners of Eufy security cameras were able to access both live camera feeds and recordings for other Eufy customers — the nightmare scenario for many smart security camera owners. The Anker-owned company blames the security failure on a "software bug" that happened during a server upgrade. In a follow-up email, Eufy tells us only 0.001% of customers were affected. The company claims the issue was fixed by 6:30 AM EST, and customers should reboot their hardware and log out and back in on Eufy apps.
While most of us make do with "normal" consumer networking hardware — like Netgear or ASUS-branded Wi-Fi access points or a modem-integrated router — others have more serious requirements. For them, Ubiquiti's nearly enterprise-grade prosumer hardware usually fits the bill. But unfortunately for Ubiquiti users, the company has just revealed it has suffered a security breach. While there's no indication of "unauthorized activity," the company is still telling customers it might be a good idea to change their passwords.
Chrome 86 will automatically check if your passwords have leaked and help you change them
A release focused on security
These days, we have a plethora of tools at our disposal that help us keep our online accounts safe, but no system is 100% fool-proof. And sometimes, login credentials do get hacked or are leaked. That's why many password managers have built-in breach checkers, and following the desktop version, Google Chrome for Android and iOS has also finally gained that ability. Starting with Chrome 86, the browser will notify you when passwords saved to your Google Account are compromised and help you change them as fast as possible.
Chrome lets you check for compromised passwords in recent Android Canary release
Two features trickle down from the desktop version
Chrome has had its password check feature for a while, but it isn't quite the same across platforms. The Android version of Chrome is starting to approach parity with the desktop version when it comes to password security, though, as a couple of features spotted in testing on a recent Canary release bring the desktop "check passwords" feature and "safety check" to Android.
T-Mobile is notifying some customers it suffered (another) data breach, financial data may be included
Two different notices went out: One claiming financial data wasn't affected, another saying it was
In what sadly seems to be a yearly trend for the company, T-Mobile is announcing that it has suffered another data breach. The company was able to shut down the attack, seemingly while it was in process, and it is sending notifications to customers whose data may have been affected. Unfortunately, it isn't clear what customer information may have been leaked. One notice states that financial information wasn't affected, while another claims that it was.
Slickwraps has been hacked, customer data is compromised (Update: Email notifications)
Poor security has led to multiple breaches into Slickwraps databases
Slickwraps is one of the most well-known sellers of vinyl skins for computers, phones, tablets, game consoles, and other product categories. If you've ever bought something from Slickwraps (without PayPal or another similar service), now is the time to replace your credit card, because the company has suffered multiple data breaches impacting all customer data.
OnePlus's security team has just announced that some of its customer information had been accessed by an unauthorized party. Name, phone, email, and shipping address data for some customers was exposed, and impacted users have been informed by the company of the security breach via email.
Google announced its plans to sunset its Google+ social media network for consumers on a sour note in October. The platform, which has a small but dedicated user-base, decided to shut down following Google's acknowledgement of a data exposure that affected up to 500,000 Google+ profiles. Shortly after, in December, the shutdown timeline was expedited due to another, larger bug that had the potential to reveal private user information and impacted approximately 52.5 million users. Now, the company has detailed its shutdown timeline for the consumer version of Google+ — and it's not wasting any time.
Some T-Mobile customers may be receiving a message in the coming days regarding a security incident which took place on August 20th. According to the notice received by some customers already, "certain information" including names, addresses, account numbers, and account types may have been accessed in the breach before unauthorized access was shut down. Affected customers will allegedly be contacted by SMS, phone, or mail (the last only for business and government accounts, or those with over 100 lines).
According to American sportswear giant Under Armour, user data from its health app MyFitnessPal has been compromised. Data including the usernames, email addresses, and scrambled passwords from approximately 150 million accounts was stolen last month in one of the biggest attacks of its kind.
Opera users who utilized the browser's cloud sync option may have had that synchronized data taken by hackers, according to the company. While the full extent of the breach isn't yet known, Opera fears that passwords saved in the browser's manager may have been exposed.
Just before the weekend, LastPass came across some suspicious activity on its network. It closed off the security breach, but only after the bad guys had made off with some personal information. The incident serves as a reminder of the risks inherent with trusting a company and web service with your security.
The next time you sign into your Twitch account, you're going to have to change your passwords and stream keys. You will also need to reconnect your Twitter and YouTube accounts. Why? The same reason as always. It appears someone may have obtained unauthorized access to some Twitch user account information, and these precautions are for your own good.
Update #1: Skype is investigating the issue, we've been told.