Last night, I received an email from EyeEm about a “data security incident.” 22 million accounts have been compromised, exposing the users’ names, email addresses, and encrypted versions of passwords. However, EyeEm wasn’t the only victim of this data breach. It’s the same one that hit 500px, and it also affected 25 million users of Animoto.
This morning, I received an email from 500px requiring that I change my password after they became aware of a “security issue” on the site on Friday 8th February. This might sound like 500px is jumping on the issue quickly, however, the breach actually happened way back on July 5th, 2018.
After detecting the breach, 500px says that they “immediately launched a comprehensive review of our systems” to figure out exactly what happened and what the impact was. They say that have been working with third-party security experts and are coordinating with law enforcement authorities.
A man from East Jordan, Michigan has recently captured a photo that shows an angel hovering above his truck. Well, at least he claims it’s an angel. The photo went viral and brought him lots of attention and interviews for different publications. But of course, not everyone is convinced that the photo truly is a miracle. Some would say that it’s nothing but a moth.
This morning, along with roughly 330 million other people, I received an email from Twitter strongly suggesting that I change my password. They’re also advising that I change it on any other website I’ve ever used that password. The reason is that Twitter appears to be accidentally storing passwords in plain text. And they seem to have no idea how long it’s been happening.
On Thursday afternoon, a TV crew was arrested at Newark Liberty International Airport for trying to sneak a fake bomb in their carry-on luggage. They are reportedly working for CNBC and they wanted to pull a prank to film it for a show. However, they were quickly busted and they are now facing charges and up to $13,000 in fines.
It seems that crowdsourcing is not beyond intelligence agencies. At least, according to a leaked memo from U.S. Immigration and Customs Enforcement (ICE). In it, they say that the Special Agent in Charge Intelligence Program (SIP) Los Angeles have “moderate confidence” that DJI is providing critical infrastructure and law enforcement data to China.
They also say that they have “high confidence” that they are “selectively targeting government and privately owned entities within these sectors to expand its ability to collect and exploit sensitive U.S. data”. It all sounds a bit James Bond to me, but this isn’t the first time DJI’s been in the middle of security controversy. Nor even the first time this year.
If you happen to be locked out of your Facebook account, you may soon need to upload a selfie to prove your identity and be able to log back in. As a matter of fact, it seems that Facebook has already started implementing this captcha. In case they notice suspicious activity on your account, you will be asked to “upload a photo of yourself that clearly shows your face.” After it’s verified, you will be allowed to log back in.
Well, I guess now we know why the US Army pulled all of its DJI products from service. DJI have removed the JPush plugin from the DJI Go and DJI Go 4 apps. It turns out that it had been collecting user data without its knowledge. Not without the user’s knowledge, without DJI’s knowledge. DJI blame the third party developer who created the JPush plugin.
The Verge reports that JPush wouldn’t have needed to collect a lot of data to do its job. But DJI say the app actually collected personal information, including a list of apps installed on the user’s Android device. In addition to this update, they’ve also announced a bug bounty programme rewarding up to $30,000 for those who can find exploits in their systems.
I don’t know whether to laugh or cry at this one. The HMS Queen Elizabeth (Ro8) is the Royal Navy’s largest warship. It’s brand new. It cost £3 billion ($3.9 billion) to build. It was only officially named last month, and it’s not even been formally commissioned yet.
The HMS Queen Elizabeth began sea trials on June 26th. During a recent visit to Scotland as part of this tour, a gentleman who is not being named managed to land his drone on it. And he did it completely unnoticed.
Well, it looks like the US Army aren’t too happy with DJI, after releasing a memo stating their discontinued use of DJI products. They quote “cyber vulnerabilities” as the reason, although they don’t say specifically what those vulnerabilities are.
What’s interesting is that it doesn’t seem to target a specific drone. In fact, while it does mention “DJI Unmanned Aircraft Systems”, the ban doesn’t seem to be restricted to just drones, at all. The memo specifically states that the Army must “halt use of all DJI products”.