Technology
EU fines Facebook over misleading WhatsApp data
The European Union (EU) on Thursday announced it will fine Facebook 110 million euros ($122 million) for providing incorrect or misleading information in connection with the 2014 purchase of mobile messaging service WhatsApp.
 
At the time of the acquisition, Facebook told European Commission (EC) competition monitors that it was not technically possible to automatically link WhatsApp user data with Facebook profiles but this later transpired to be incorrect information that Facebook staff had knowingly handed over, Efe news reported.
 
"Today's decision sends a clear signal to companies that they must comply with all aspects of EU merger rules, including the obligation to provide correct information," European Commissioner Margrethe Vestager, in charge of competition policy, said in a statement.
 
"And it imposes a proportionate and deterrent fine on Facebook. The Commission must be able to take decisions about mergers' effects on competition in full knowledge of accurate facts," she said.
 
In order to review mergers efficiently and in a timely manner, the EC said, companies were obliged to provide accurate information.
 
During the $19 billion takeover of WhatsApp in 2014, Facebook staff told the EC, both in an official form and in response to an information request, that it would not be able to match WhatsApp and Facebook user identities.
 
However in 2016, WhatsApp updated its terms of use, implementing changes with the possibility of linking profiles, prompting the EC to lodge a statement of objections in December of that year.
 
The Commissioners found that not only was it technically possible to fuse user profiles in 2014, but that Facebook staff had been aware of this at the time.
 
According to EU merger regulation, the EC can impose a fine totalling 1 per cent of a company's aggregated turnover if it has provided misleading or incorrect information.
 
A Facebook spokesperson said: "The errors we made in our 2014 filings were not intentional and the Commission has confirmed that they did not impact the outcome of the merger review. Today's announcement brings the matter to a close".
 
Disclaimer: Information, facts or opinions expressed in this news article are presented as sourced from IANS and do not reflect views of Moneylife and hence Moneylife is not responsible or liable for the same. As a source and news provider, IANS is responsible for accuracy, completeness, suitability and validity of any information in this article.

User

Nearly 17 mn Zomato users' stolen data now being sold online
With the popular online food delivery service Zomato admitting on Wednesday that nearly 17 million records of its registered users were stolen from its database which include email addresses and hashed passwords, the data is now being sold on a popular Dark Web marketplace.
 
According to information shared on Hackeread.com, a user by the name of "nclay" claimed to have hacked Zomato.
 
"The database includes emails and password hashes of registered Zomato users while the price set for the whole package is USD 1,001.43 (BTC 0.5587). The vendor also shared a trove of sample data to prove that the data is legit," the report said.
 
"The data was stolen this month and this year, May 2017," hacker told HackRead.
 
Zomato, that has over 120 million users, however said that all the payment records were safe.
 
"No payment information or credit card data has been stolen/leaked. Payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault," the company wrote in a blog post.
 
"So far, it looks like an internal (human) security breach -- some employee's development account got compromised," the post said.
 
Zomato said it has reset the passwords for all affected users and logged them out of the app and website. 
 
"The hashed password cannot be converted/decrypted back to plain text -- so the sanctity of password is intact in case users' use the same password for other services," the blog post read.
 
But users who have a habit to apply the same password at many places are at major risk as hackers can also get into other accounts like on social media or emails, experts warned.
 
In general, when someone hacks and copies the data of a website, he copies much more than just the email and the password as in most cases, it's the same database that is used to store other personal identifiable information (PII) of a user. 
 
"It is a good thing to see that Zomato was following a good practice of hashing the passwords before storing it on their database, but saying "The hashed password cannot be converted/decrypted back to plain text" is misleading," Saket Modi, CEO and Co-founder of Delhi-based IT risk assessments provider Lucideus, told IANS. 
 
"Technically what they are saying is correct, i.e. a hashed password cannot be decrypted, but what they aren't saying is -- it is technically possible to break the hashing algorithm to guess the passwords. This has happened in the past," Modi informed.
 
Over 170 million LinkedIn accounts that were hacked were actually hashed and stored, however, the hashing function used there was the weak Secure Hash Algorithm 1 (SHA1) without the usage of any modification (salting). 
 
Hence, almost all the hacked and hashed accounts were broken. 
 
"In fact, this is the probable reason why Facebook CEO Mark Zuckerberg's Twitter and Pinterest account was also compromised in 2016 as he apparently was using the same password as his LinkedIn account whose password became public after the hack," Modi told IANS. 
 
"Zomato must tell its users the hashing algorithm it was using before the hack happened," the cyber security expert suggested.
 
According to Zomato, the team was actively scanning all possible breach vectors and closing any gaps.
 
"Over the next couple of days and weeks, the company will further enhance security measures for all user information stored within our database and will add a layer of authorisation for internal teams having access to this data to avoid the possibility of any human breach," Zomato said.
 
This is not the first time that Zomato has been hacked. 
 
In 2015, the company was hacked by a white hat hacker who reported the details back to the company which later addressed the weaknesses.
 
This time, the details have gone online.
 
Disclaimer: Information, facts or opinions expressed in this news article are presented as sourced from IANS and do not reflect views of Moneylife and hence Moneylife is not responsible or liable for the same. As a source and news provider, IANS is responsible for accuracy, completeness, suitability and validity of any information in this article.

User

Nearly 17 mn Zomato usernames, passwords stolen
About 17 million Zomato user records were stolen from their database which includes email addresses and hashed passwords, the company said on Thursday.
 
"No payment information or credit card data has been stolen/leaked. Payment related information on Zomato is stored separately from this (stolen) data in a highly secure PCI Data Security Standard (DSS) compliant vault," Zomato said in a blog post on Thursday. 
 
So far, it looks like an internal (human) security breach -- some employee's development account got compromised, the post added. 
 
As a precaution, the company has reset the passwords for all affected users and logged them out of the app and website. 
 
The team at Zomato was actively scanning all possible breach vectors and closing any gaps.
 
The hashed password cannot be converted/decrypted back to plain text -- so the sanctity of password is intact in case users' use the same password for other services. 
 
"But if you are paranoid about security like us, we encourage you to change your password for any other services where you are using the same password," the post read. 
 
"Over the next couple of days and weeks, tha company will further enhance security measures for all user information stored within our database and will add a layer of authorisation for internal teams having access to this data to avoid the possibility of any human breach," Zomato said.
 
This is not the first time that Zomato has been hacked. 
 
In 2015, the company was hacked by a white hat hacker who reported the details back to the company which later addressed the weaknesses.
 
This time, the details may be sold online.
 
Disclaimer: Information, facts or opinions expressed in this news article are presented as sourced from IANS and do not reflect views of Moneylife and hence Moneylife is not responsible or liable for the same. As a source and news provider, IANS is responsible for accuracy, completeness, suitability and validity of any information in this article.

User

COMMENTS

Hayath MS

1 week ago

Credit cards has two factor authentication in India, if same credit card details are inserted in foreign merchants site, no authentication,

We are listening!

Solve the equation and enter in the Captcha field.
  Loading...
Close

To continue


Please
Sign Up or Sign In
with

Email
Close

To continue


Please
Sign Up or Sign In
with

Email

BUY NOW

The Scam
24 Year Of The Scam: The Perennial Bestseller, reads like a Thriller!
Moneylife Magazine
Fiercely independent and pro-consumer information on personal finance
Stockletters in 3 Flavours
Outstanding research that beats mutual funds year after year
MAS: Complete Online Financial Advisory
(Includes Moneylife Magazine and Lion Stockletter)