TechCrunch: Gearbest security lapse exposed millions of shopping orders. “Gearbest, a Chinese online shopping giant, has exposed millions of user profiles and shopping orders, security researchers have found. Security researcher Noam Rotem found an Elasticsearch server leaking millions of records each week, including customer data, orders and payment records. The server wasn’t protected with a password, allowing anyone to search the data.”
MakeUseOf: The Best Password Managers for Every Occasion. “Everyone should attempt to store their passwords securely. Along with two-factor authentication, it’s one of the best practices for locking down your precious online accounts. But which password manager is right for you? Today we’ll try to answer that question.” There are some additional suggestions in the comments.
ABC 12: MSP database contains millions of photos of Michigan residents. “You might expect the police to have access to your driver’s license photo, but what about your social media photos as well? It’s called the Statewide Network of Agency Photos or Snap. Michigan State Police’s database of photos. Millions of them, possibly of you, me and a whole lot of other people in the state of Michigan. Photos you had no idea law enforcement had access to.”
New Scientist: Home DNA-testing firm will let users block FBI access to their data. “One of the biggest home DNA-testing companies seems to have bowed to a backlash over its decision to allow the FBI access to its database, by announcing a new way for customers to stop law-enforcement agencies accessing their data.”
TechCrunch: ICE has a huge license plate database targeting immigrants, documents reveal. “Newly released documents reveal Immigration and Customs Enforcement is tracking and targeting immigrants through a massive license plate reader database supplied with data from local police departments — in some cases violating sanctuary laws.”
Schneier on Security : Judging Facebook’s Privacy Shift. “There is ample reason to question Zuckerberg’s pronouncement: The company has made — and broken — many privacy promises over the years. And if you read his 3,000-word post carefully, Zuckerberg says nothing about changing Facebook’s surveillance capitalism business model. All the post discusses is making private chats more central to the company, which seems to be a play for increased market dominance and to counter the Chinese company WeChat. In security and privacy, the devil is always in the details — and Zuckerberg’s post provides none. But we’ll take him at his word and try to fill in some of the details here. What follows is a list of changes we should expect if Facebook is serious about changing its business model and improving user privacy.”
BetaNews: Researchers find two Android malware campaigns with over 250 million downloads. “Check Point Research has uncovered two massive mobile adware and data stealing campaigns, which have already had a combined total of over 250 million downloads globally. Both target mobiles using Android, and exploit the mobile app development supply chain to infect devices and perform malicious actions.”