Google decided it was not legally required to disclose that vulnerabilities in Google Plus exposed the data of up to 500,000 users. That decision raised eyebrows in light of an internal Google memo which stated that disclosure would invite regulatory scrutiny. As a result, Google decided to shut down its Google Plus service.
Three flaws allowed attackers to break into Facebook accounts–including Mark Zuckerberg’s–and possibly third-party apps that let users login with their Facebook credentials. The breach affected nearly 50 million user accounts and comes at a terrible time for Facebook, which is already facing scrutiny over how it handles user data (see below!).
Researchers have discovered that Facebook is using the contact information that users enter for security purposes (and information users didn’t give it at all but that was entered by friends) for the purpose of targeting users with ads.
Aptible's Defense in Brief is a free security awareness update newsletter for modern, cloud-based teams. Once a month, you will receive a digest of interesting and useful articles on security, compliance, and DevOps. We cover topics like new attacks against web services, users and devices, new social engineering and phishing methods, data breaches, and legal, regulatory and political current events related to privacy and security.