Posts Tagged: millions

23andMe hackers accessed ancestry information on millions of customers using a feature that matches relatives

An SEC filing has revealed more details on a data breach affecting 23andMe users that was disclosed earlier this fall. The company says its investigation found hackers were able to access the accounts of roughly 0.1 percent of its userbase, or about 14,000 of its 14 million total customers, TechCrunch notes. On top of that, the attackers were able to exploit 23andMe’s opt-in DNA Relatives (DNAR) feature, which matches users with their genetic relatives, to access information about millions of other users. A 23andMe spokesperson told Engadget that hackers accessed the DNAR profiles of roughly 5.5 million customers this way, plus Family Tree profile information from 1.4 million DNA Relative participants.

DNAR Profiles contain sensitive details including self-reported information like display names and locations, as well as shared DNA percentages for DNA Relatives matches, family names, predicted relationships and ancestry reports. Family Tree profiles contain display names and relationship labels, plus other information that a user may choose to add, including birth year and location. When the breach was first revealed in October, the company said its investigation “found that no genetic testing results have been leaked.” 

According to the new filing, the data “generally included ancestry information, and, for a subset of those accounts, health-related information based upon the user’s genetics.” All of this was obtained through a credential-stuffing attack, in which hackers used login information from other, previously compromised websites to access those users’ accounts on other sites. In doing this, the filing says, “the threat actor also accessed a significant number of files containing profile information about other users’ ancestry that such users chose to share when opting in to 23andMe’s DNA Relatives feature and posted certain information online.”

Following the discovery of the breach, 23andMe instructed affected users to change their passwords and later rolled out two-factor authentication for all of its customers. In another update on Friday, 23andMe said it had completed the investigation and is notifying everyone who was affected. The company also wrote in the filing that it “believes that the threat actor activity is contained,” and is working to have the publicly-posted information taken down.

Update, December 2 2023, 7:03PM ET: This story has been updated to include information provided by a 23andMe spokesperson on the scope of the breach and the number of DNA Relative participants affected.

This article originally appeared on Engadget at https://www.engadget.com/23andme-hackers-accessed-ancestry-information-from-thousands-of-customers-and-their-dna-relatives-205758731.html?src=rss
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

Twitter is making millions of dollars from previously banned accounts, report says

Twitter is making millions of dollars from just a handful of some of its most infamous users, according to a new report. New research from the Center for Countering Digital Hate (CCDH) estimates that Twitter “will generate up to $ 19 million a year in advertising revenue” from just 10 accounts that were once banned from the platform.

The report looked at the current engagement with 10 accounts that were previously banned for “ for “publishing hateful content and dangerous conspiracies.” The accounts were reinstated after Elon Musk’s takeover of Twitter. The group includes a number of high-profile accounts associated with extremism and conspiracy theories, including those belonging to influencer Andrew Tate, Daily Stormer founder Andrew Anglin, prominent antivaxxer Robert Malone and the Gateway Pundit.

In order to estimate their reach and engagement, CCDH analyzed nearly 10,000 tweets from these accounts during a 47-day period in December and January. According to their analysis, “on an average day, tweets from the ten accounts received a combined total of 54 million impressions,” they write. “Projecting this average across 365 days, the accounts can be expected to reach nearly 20 billion impressions over the course of a year.”

In order to determine how much ad revenue those impressions might generate for Twitter, CCDH says it created three new Twitter accounts that followed only the 10 users named in the report. The authors found that ads appeared about once every 6.7 tweets. Then, using data from analytics firm Brandwatch, which estimates that “Twitter ads cost an average of $ 6.46 per 1,000 impressions,” CCDH came up with “a total figure of up to $ 19 million in estimated annual ad revenues across the accounts.”

While the estimates aren’t a precise accounting of how much Twitter might be making from these users, it demonstrates how valuable a small number of highly polarizing accounts can be for the platform. It also underscores how much more Twitter stands to gain by bringing back even more controversial users.

All of the accounts named in the report were once permanently banned from twitter, but were reinstated after Musk said he would offer “general amnesty” to users who hadn’t broken the law. Twitter also recently announced plans to allow even more previously banned users to appeal their suspensions.

At the same time, Twitter’s advertising business has taken a major hit since Musk’s takeover. A number of high profile advertisers have pulled back from the platform, and revenue is down as much as 40 percent, according to reporting fromPlatformer.

The report also points out several instances when ads from prominent advertisers appeared adjacent to offensive and inflammatory posts from these users. For example, a Prime Video ad directly underneath a tweet from Andrew Anglin that states “the only career a woman is actually capable of on merit is prostitution.” The report also highlights an ad from the NFL, which appeared directly underneath a tweet misinformation about COVID-19 vaccines.

“This work confirms that Twitter has been displaying ads next to every one of the toxic accounts we have investigated, despite the fact that the individuals behind them are known to promote hateful views and falsehoods,” CCDH writes.

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

Whistleblower says Microsoft spent millions on bribes abroad

In an essay published Friday on the whistleblower platform Lioness, former Microsoft manager Yasser Elabd alleged that Microsoft fired him after he alerted leadership to a workplace where employees, subcontractors and government operators regularly engaged in bribery. He further alleges that attempts to escalate his concerns resulted in retaliation within Microsoft by managers, and eventual termination from his role.

Elabd claims in his essay that he worked for Microsoft between 1998 and 2018, and had oversight into a "business investment fund " — essentially a slush fund to "cement longer-term deals" in the Mid-East and Africa. But he grew suspicious of unusual payments to seemingly unqualified partners. After examining several independent audits, he discovered what he believes is a common practice: After setting up a large sale to entities in the region, a "discount" would be baked in, only for the difference between the full-freight cost and discounted fee to be skimmed off and divided between the deal-makers.

“This decision maker on the customer side would send an email to Microsoft requesting a discount, which would be granted, but the end customer would pay the full fee anyway. The amount of the discount would then be distributed among the parties in cahoots: the Microsoft employee(s) involved in the scheme, the partner, and the decision maker at the purchasing entity—often a government official,” Elabd alleged.

The former Microsoft manager gave several examples of suspicious transactions and red flags he witnessed over his two decades working for the company abroad. In one audit, Microsoft gave the Saudi Ministry of the Interior a $ 13.6 million discount which never reached the agency’s doors. In 2015, a Nigerian official complained that the government paid $ 5.5 million for licenses "for hardware they did not possess."

In another example, Qatar’s Ministry of Education paid $ 9.5 million, over a period of seven years, for Microsoft Office and Windows licenses that went unused. Auditors later discovered that employees at that agency didn’t even have access to computers.

“We are committed to doing business in a responsible way and always encourage anyone to report anything they see that may violate the law, our policies, or our ethical standards,” Becky Lenaburg, a VP at Microsoft and deputy general counsel for compliance and ethics, wrote in a statement to The Verge. “We believe we’ve previously investigated these allegations, which are many years old, and addressed them. We cooperated with government agencies to resolve any concerns.”

Elabd claims his attempts to alert managers resulted in his being shouted at by one manager, iced out of certain deals and told by an executive that he had effectively set himself up to be let go after attempting to involve CEO Satya Nadella. After being terminated, Elabd wrote that he brought his documentation before the Securities and Exchange Commission and Department of Justice. He claims the DoJ refused to take up his case. According to Protocol, the SEC dropped the case earlier this month due to a lack of resources.

“As I alleged in my complaint to the SEC, Microsoft is violating the Foreign Corrupt Practices Act, and continues to do so brazenly. And why wouldn’t they?" wrote Elabd. "By declining to investigate these allegations and the evidence I’ve given them, the SEC and DOJ have given Microsoft the green light.”

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

Millions of WordPress sites receive forced patch for critical plugin flaw

Millions of WordPress sites have received a forced patch over the past few days, Ars Technica has reported. The reason is a vulnerability in UpdraftPlus, a popular plugin that allows users to create and restore website backups. UpdraftPlus developers requested the mandatory patch, as the vulnerability would allow anyone with an account to download a website's entire database. 

The bug was discovered by Jetpack security researcher Marc Montpas during a security audit of the plugin. "This bug is pretty easy to exploit, with some very bad outcomes if it does get exploited," he told Ars Technica. "It made it possible for low-privilege users to download a site's backups, which include raw database backups." 

He told UpdraftPlus developers about the bug on Tuesday last week, they fixed it a day later and started force-installing the patch shortly after that. 1.7 million sites had received it as of Thursday, out of 3 million-plus users.

The main flaw was that UpdraftPlus didn't correctly implement WordPress's "hearbeat' function by properly checking to see if users had administrative privileges. Another issue was a variable used to validate admins that could be modified by untrusted users. Jetpack provided more details about how a hack could work in a blog post.

WordPress was previously breached earlier this year, but it was done indirectly via a GoDaddy hack that exposed 1.2 million accounts. If you're running WordPress with the UpdraftPlus plugin, you should definitely confirm that the plugin updated automatically to 1.22.4 or later on the free version, or 2.22.4 and up on the premium app. 

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

Nigerians face US charges over online fraud worth ‘hundreds of millions’

US law enforcement is cracking down on a pair of alleged online fraudsters that appear to have been wildly successful. The United Arab Emirates has sent the US two Nigerian nationals, Ramon Olorunwa Abbas and Olakean Jacob Ponle, to face charges rela…
Engadget RSS Feed

Tumblr deletes millions of reblogs for promoting hate speech

Tumblr has started a mass reblog deletion meant to purge traces of hate speech from suspended blogs on its platform. In a post announcing the move, the company said it’s in the midst of removing 4.47 million posts reblogging content from nearly a tho…
Engadget RSS Feed

Supercomputer creates millions of virtual universes

How do you understand the development of galaxies when even the younger examples are frequently billions of years old? Simulate as many universes as you can, apparently. Researchers at the University of Arizona have used the school's Ocelote superc…
Engadget RSS Feed

YouTube brings the sights and sounds of Lollapalooza 2019 to millions of music fans around the world with official live stream

YouTube will exclusively bring the biggest performances from Grant Park, Chicago to millions of music fans all over the world with the official live stream of Lollapalooza 2019, August 1 to 4. Iconic music moments from artists including twenty one pilots, The Revivalists, Janelle Monae, Rüfüs Du Sol and more will also be available via the live stream within the YouTube Music app.

In addition to curated performances throughout the four-day festival, YouTube Originals is partnering with Lollapalooza to produce original creative content, including backstage moments and exclusive artist moments just before they take the stage to be featured in and around the live stream. YouTube Music will amplify the Lollapalooza experience by presenting Lollapalooza themed playlists, The Lineup and Emerging Artists, to give fans another way to find all the music they love in one place.

YouTube’s live streams bring the festival experience into the hands and homes of millions of fans around the world. There is no other platform of its kind that allows artists to connect with a global audience and share their creativity in both visual and audio formats with billions of viewers around the globe, making the world smaller and music more expansive. The 2019 Lollapalooza live stream is presented by COVERGIRL, Warner Bros. Pictures (for the film “Blinded by the Light”), and T-Mobile.

Subscribe to Lollapalooza’s YouTube Channel for up-to-date information on when your favorite artists are streaming live, and follow @youtubemusic on Instagram and Twitter for behind-the-scenes moments all weekend long. There, you can watch the latest videos and relive past moments.


YouTube Blog

Amazon’s Textract AI can read millions of pages in a few hours

Amazon has launched a new offering called Textract for its Web Services customers, and it's like optical character recognition on steroids. It more than just extracts text from documents like its name implies — Amazon says it can actually identify d…
Engadget RSS Feed

Three teams will compete for millions in DARPA’s rocket launch challenge

Despite all of the advancements in space travel, rocket launches are still hindered by the fact that they take months, if not years, to plan and execute. Because that could slow vital military operations, DARPA created the Launch Challenge: a call fo…
Engadget RSS Feed

YouTube delivers Coachella 2019 to millions of global music fans with official two-weekend live stream

For the ninth year in a row, YouTube continues to take the magic of Coachella beyond the Indio desert and into the homes and phones of millions of people around the world with the exclusive two-weekend live stream of Coachella 2019. YouTube is providing a global stage for artists and fans to connect with live stream performances from headliners to some of the biggest artists on the rise, including Childish Gambino, Ariana Grande, Tame Impala, Kacey Musgraves, Billie Eilish, BLACKPINK, Juice WRLD, Kid Cudi, Wiz Khalifa, Gryffin, Maggie Rogers, Chvrches Little Zimz, Cola Boyy and many more.

YouTube Music is turning it up a notch at Coachella 2019, making sure music fans — no matter where they are — can enjoy the world’s preeminent music festival in convenient and immersive new ways.

Weekend 1 Live Stream (April 12-14)

YouTube’s Weekend 1 live stream, presented by T-Mobile in the U.S., and Garnier and Coca-Cola in Canada, will give music fans around the world the best seats in the desert for groundbreaking performances from their favorite artists when they tune into Coachella’s YouTube Channel on any screen (desktop, mobile and living room) and within the YouTube Music app.

Fans tuning in will have their choice of three live stream feeds with different artists performing simultaneously. Programming starts at 4 p.m. PT on Friday, April 12, and runs through the weekend. To ensure you don’t miss your favorite performance, personalized viewing schedules can be created and live stream channels will automatically change to artists selected by fans.

Highlights from the weekend will be available through a video-on-demand hub, with co-hosts Nadeska Alexis, Valerie Lee, and special guests to bring fans interviews with artists and creators from throughout the festival.

First-Ever Weekend 2 Coachella Curated Live Stream (April 19-21)

For the first time ever, YouTube Music and Coachella will keep the cameras rolling on weekend 2, with a carefully curated live stream sponsored by Pantene and CALVIN KLEIN in the U.S., and Garnier and Coca-Cola in Canada. Coachella Curated, hosted by Jason Bentley from KCRW, will take a deep dive into the festival experience and deliver fans a slate of original content—encore and live performances, artist commentary, mini-docs, animated adventures and more—to accompany the best bits of live music and in-studio interviews with Coachella performers.

Coachella Curated sets its sights on artists from across the line-up and captures them on-site and off, spanning the globe to share stories from the homes of headliner performers, festival favorites and newly discovered talent. These traveling tales—filmed on six continents with Coachella’s Paul Tollett—offer a unique look at the multinational energy that comes together on the Empire Polo Grounds before beaming back out via YouTube.

Confirmed artists appearing in the Coachella Curated live stream display the diversity of talent taking the stage in Indio. Weekend 2 programming and live stream schedule will be available soon.

Experience Coachella Through the YouTube Music App

The YouTube Music app (iOS, Android) will be home to this year’s most complete Coachella music experience with the launch of live streaming. Whether you’re at home on the couch or at the pool in Indio, you can enjoy playlists based on this year’s lineup, such as The Lineup, Hip-Hop, and Latin. Watch or listen in audio-only mode to the live stream both weekends, and check out performance clips after the festival is over.

Live from New York City’s Times Square

YouTube will make history with a first-ever broadcast of a festival live stream on New York City’s iconic Times Square big screen, giving East Coast music fans a chance to gather together and share in the Coachella experience. YouTube will stream BLACKPINK’s highly anticipated performance on The Beast screen in Times Square at 11:50 p.m. ET on Friday, April 12, 2019.

Miquela Interviews Performers at Coachella 2019!

2019 will go down as Lil Miquela’s first-ever appearance at Coachella and first time hosting on video! The 19-year-old robot is teaming up with YouTube Music to host artist interviews with 2019 Coachella performers, including J Balvin, King Princess, and more. Check out her interviews during the webcast on Coachella’s YouTube Channel and across @youtubemusic and @youtube on social media.

Subscribe to Coachella’s YouTube channel for up-to-date information on when your favorite artists are streaming live, and follow @youtubemusic on Instagram and Twitter to watch the latest videos and relive past moments.


YouTube Blog

22 apps on the Google Play Store had a massive security problem and millions of downloads

Google typically removes malicious apps from the Play Store, and that’s not anything new or notable. It’s their digital storefront so they should stay on top of keeping it clean from potentially dangerous apps. However, after their last round of nixing 22 apps from the Play Store, it turns out that maybe Google let some […]

Come comment on this article: 22 apps on the Google Play Store had a massive security problem and millions of downloads

Visit TalkAndroid


TalkAndroid

Millions of dollars stolen in huge ad scam using Android apps

Hundreds of millions of dollars have been stolen through a fraudulent advertising network comprised of over 125 Android apps and websites. A report from BuzzFeed exposed the scheme in which scammers from “We Purchase Apps” took possession of established apps from developers and transferred them to front and shell companies in Cyprus, Malta, British Virgin Islands, […]

Come comment on this article: Millions of dollars stolen in huge ad scam using Android apps

Visit TalkAndroid


TalkAndroid

Cryptocurrency mining site hijacked millions of Android phones

Smartphone users are just as vulnerable to cryptocurrency mining hijacks as their PC counterparts, and sometimes on a dramatic scale. Malwarebytes has detailed a "drive-by" mining campaign that redirected millions of Android users to a website that…
Engadget RSS Feed

Report: Facebook to pay Hollywood millions for original shows

Facebook is very serious about its original programming ambitions — $ 3 million per episode serious. According to a Wall Street Journal report, the tech giant is courting Hollywood agencies for original scripted TV shows, in some cases offering up to…
Engadget RSS Feed

False smartphone alert of major quake leaves millions in Japan sweating

Millions of smartphones across Tokyo started beeping in unison on Monday after a quake-alert app warned them that a huge tremor was about to strike. It was, however, sent in error, sparking unnecessary panic among those expecting the worst.

The post False smartphone alert of major quake leaves millions in Japan sweating appeared first on Digital Trends.

Mobile–Digital Trends

Wu-Tang Clan sells its one-of-a-kind ‘Shaolin’ album for millions

Remember Wu-Tang Clan's Once Upon a Time In Shaolin album? The group spent nine years recording 31 tracks for a special LP, then decided to sell just one copy of it — for a very high price, of course. It was finally purchased by a private American c…
Engadget RSS Feed