SUMMARY
This is AI generated summarization, which may have errors. For context, always refer to the full article.
Another Facebook quiz app exposed the data of 3 million users due to lax security protocols, while bugs and hackers invade cellphone tracking sites and services.
Meanwhile, the US Securities and Exchange Commission is teaching people about cryptocurrency investment scams by setting up a scam of its own.
This and more on this week’s Cybersecurity Roundup!
3 million users exposed through another Facebook quiz app data leak
Another quiz application – the myPersonality quiz app – may have exposed the personal data of over 3 million Facebook users, this time thanks to lax security measures in the dataset sharing system set up by researchers.
The data was meant to be restricted; users had to register as a collaborator to the project. A username-password combination, however, was floating around the internet, providing access to the dataset if one searched hard enough.
Bug in cellphone tracking firm site leaks location of millions of U.S. cellphone users
A Krebs on Security report said a bug in the website of cellular phone tracking firm LocationSmart allowed anyone to see where another cellphone user was located in the US and Canada – some 200 million users – without any user consent.
LocationSmart normally requires explicit consent from users before their location data can be used – this is checked via a one-time text message to the user. However, in the trial page, a bug allows users to skip the consent portion and track a person without them knowing.
Hackers breach US company Securus, which tracks phones for authorities
A hacker breached Securus, a company providing US law enforcement with the means to track phones in the country. Securus is said to have used a weak algorithm for hashing its passwords, which made the information easier to crack.
Operator of Scan4You malware testing service convicted
According to the US Department of Justice, a federal jury convicted Ruslans Bondars, the operator of the Scan4You online counter-antivirus testing service, with conspiracy to violate the Computer Fraud and Abuse Act, conspiracy to commit wire fraud, and computer intrusion with intent to cause damage. Bondars’ sentencing is scheduled for September 21.
The Scan4You service helped hackers to check if their malware or viruses would be detected by antivirus software. Wired added Scan4You was shut down in May 2017 following the arrests and extradition from Latvia of Bondars and Jurijs Martisevs, who pled guilty to charges of conspiracy and aiding and abetting computer intrusion.
US SEC teaches about cryptocurrency scams by setting one up
The US Securities and Exchange Commission (SEC) launched howeycoins.com, a scam cryptocurrency “sale” website which teaches people about cryptocurrency scams by dressing itself up as a legitimate investment site.
The site, however, will lead unsuspecting users who try to buy into it towards educational sites warning against giving money to dubious investments and without doing thorough research. – Rappler.com
Add a comment
How does this make you feel?
![[WATCH] Try This: Empanada Salteña from Argentina](https://www.rappler.com/tachyon/2023/04/try-this-empanada-saltena-argentina.jpg?resize=257%2C257&crop=765px%2C0px%2C1037px%2C1037px)
There are no comments yet. Add your comment to start the conversation.