Cyber Security News Update 4/19/2019

Facebook has admitted that it stored “millions” of Instagram passwords in plaintext instead of hashing them or protecting them in any way. The problem goes all the way back to March 2012, where certain Facebook passwords would be stored in plaintext, and while they’re locked away behind the rest of Facebook’s security measures Facebook has had several large breaches in 2019 alone. The passwords were available internally to 20,000 employees and Facebook is currently claiming that no external or internal actor ever saw the passwords. Facebook does not currently recommended that you change your passwords either. In our opinion, out of an abundance of caution, you should change your passwords however as Facebook doesn’t have a stellar track record when it comes to data security.
Source: Facebook stored millions of Instagram passwords in plain text

Facebook has another issue in that it’s been tapping into its user’s email contacts without their permission. When a user was asked to verify their email account, Facebook would also record all of the entirety of their email contact list as well without the user being told or giving their consent. Facebook is currently claiming that taking the email contacts was an “unexpected issue” and that they have not been sold to anyone. They’re now in the process of removing the email addresses. Facebook will supposedly notify any users whose email addresses it harvested in the coming days, though the method of notification has not been clarified.
Source: Facebook admits harvesting 1.5 million people’s email contacts without consent

RELATED:  Cyber Security News Update 02/08/2019

Blackberry has pivoted away from cellphones designed for business users towards Cybersecurity, with the acquisition of several security technology firms such as Cylance, Good Technology, and QNX Technologies. These companies provide Blackberry with a broad suite of security options such as endpoint detection, behavioural anomaly analysis, hardware/cryptographic key generation, and cryptographic forensics. Blackberry aims to provide these services to mobile device companies as Blackberry has a history of experience with those types of devices before it divested itself from the market.
Source: How BlackBerry Has Become a Cyber-Security Player

Marcus Hutchins, the cyber professional who helped stop the WannaCry attacks has been charged with and plead guilty to ten charges, for which his plea deal will only see him actually being charged 2. These two charges carry a maximum of $500,000 in restitution and 10 years in prison. The plea agreement from Milwaukee notes that has been charged for violating Title 18, United States Code, Sections 2 which are offences against the United States specifically fraud using a computer. Mr. Hutchins was arrested last year by the FBI when he attended a hacking convention in Las Vegas known as Black Hat and Def Con. Mr. Hutchins specifically was promoting and selling malware as well as attempting to intercept electronic communications without the sender or receiver being made aware of the intercept. Mr. Hutchins is claiming that he made the mistake of selling malware when he was less wise and has since moved to more ethical hacking, such as his efforts against WannaCry.
Source: British cybersecurity researcher who helped to stop WannaCry attack pleads guilty in hacking case