Snowflake’s security problems following a recent spate of customer data thefts are, for want of a better word, snowballing.
TechCrunch earlier this week found online hundreds of Snowflake customer credentials stolen by password-stealing malware that infected the computers of employees who have access to their employer’s Snowflake environment.
It’s not yet known how many Snowflake customers are affected, or if Snowflake knows yet.
Snowflake said it has to date notified a “limited number of Snowflake customers” who the company believes may have been affected.
Snowflake declined to say what role, if any, the then-Snowflake employee’s demo account has on the recent customer breaches.
An important step toward a more interoperable “fediverse” — the broader network of decentralized social media apps like Mastodon, Bluesky and others — has been achieved.
Though both Mastodon and Bluesky are decentralized social media efforts, they rely on different underlying protocols.
That could shift in the future, however, to becoming opt-out for Bluesky users only.
So if my Bluesky account is @sarahp@bsky.social, then my bridged account is @sarahp.bsky.social@bsky.brid.gy.
Anything from your Bluesky account that interacts with fediverse users will be bridged, including replies, @-mentions, likes, reports, and, if you have fediverse followers, your own Bluesky posts.
Streaming giant Roku has confirmed a second security incident in as many months, with hackers this time able to compromise more than half a million Roku user accounts.
In a statement Friday, the company said about 576,000 user accounts were accessed using a technique known as credential stuffing, where malicious hackers use usernames and passwords stolen from other data breaches and reuse the logins on other sites.
Roku said in fewer than 400 account breaches, the malicious hackers made fraudulent purchases of Roku hardware and streaming subscriptions using the payment data stored in those users’ accounts.
Two-factor authentication prevents credential stuffing attacks by adding an additional layer of security to online accounts.
By prompting a user to enter a time-sensitive code along with their username and password, malicious hackers cannot break into a user’s account with just a stolen password.
X, formerly Twitter, is rolling out support for passkeys, a new and more secure login method compared with traditional passwords, to all iOS users globally.
In an update to the X @Safety account on Monday, the company shared that passkeys are now available as a login option for global iOS users.
Update: Passkeys is now available as a login option for everyone globally on iOS!
Try it out.https://t.co/v1LyN0l8wF — Safety (@Safety) April 8, 2024Passkey technology was initiated by Google, Apple, Microsoft, and the FIDO Alliance, alongside the World Wide Web Consortium.
Donald Trump Jr.’s X account was also hacked to post a fake message saying that Donald Trump had passed away.
Heya, folks, welcome to Week in Review (WiR), TechCrunch’s newsletter recapping the noteworthy happenings in tech over the past several days (and change).
Famed startup accelerator Y Combinator had its Demo Days, and the venture desk took it all in with an appropriately skeptical eye.
Also this week, Microsoft and Quantinuum, a quantum computing startup, made a scientific breakthrough — or so they claim.
NewsCanoo paid for its CEO’s jet: Kirsten reports that EV startup Canoo paid the rent for the CEO’s private jet — $1.7 million— in 2023.
Bonus roundNSFW on X: The social media company has confirmed that authorized users on the platform can create NSFW communities, ahead of a change that’ll see all NSFW content on X filtered by default.
The cross-border payments market is forecasted to reach over $250 trillion by 2027, according to the Bank of England.
So it’s no surprise that one of the trends among Y Combinator’s Winter 2024 batch of nearly 30 fintech startups is how to more easily move money globally.
Users get a U.S. bank account and access to low-cost local payment rails.
InfinityWhat it does: Cross-border banking for small businesses in IndiaWe heard from a lot of childhood friends during the past two days, so it was refreshing to see two siblings form a company.
Businesses in India account for $700 billion in cross-border trades per year, and Infinity makes 1% from those transactions.
OpenAI is making its flagship conversational AI accessible to everyone, even people who haven’t bothered making an account.
Instead, you’ll be dropped right into conversation with ChatGPT, which will use the same model as logged-in users.
You can chat to your heart’s content, but be aware you’re not getting quite the same set of features that folks with accounts are.
You won’t be able to save or share chats, use custom instructions, or other stuff that generally has to be associated with a persistent account.
OpenAI offers this helpful gif:More importantly, this extra-free version of ChatGPT will have “slightly more restrictive content policies.” What does that mean?
AT&T resets account passcodes after millions of customer records leak online US telco giant takes action after 2019 data breachPhone giant AT&T is reseting customer account passcodes after a huge cache of data containing millions of customer records was dumped online earlier this month, TechCrunch has exclusively learned.
A security researcher who analyzed the leaked data told TechCrunch that the encrypted account passcodes are easy to decipher.
TechCrunch held the publication of this story until AT&T could begin reseting customer account passcodes.
The leaked data includes AT&T customer names, home addresses, phone numbers, dates of birth and Social Security numbers.
The researcher double-checked their findings by looking up records in the leaked data against AT&T account passcodes known only to them.
Users of the popular site Glassdoor, which lets anyone anonymously sign up to review companies they have worked for, say Glassdoor collected and added their names to their user profiles without their consent.
It also means this information can be obtained by legal process, such as a lawsuit or police demanding access to Glassdoor user data.
As Monica explained, Glassdoor will add a user’s real name (and potentially other information) to the user’s account without their permission if Glassdoor learns it.
As part of the acquisition deal, Glassdoor signed every user up for a Fishbowl account, meaning Glassdoor would have to change its terms of service so that every Glassdoor user could also be verified.
Mackey previously defended an anonymous Glassdoor user in court whose employer tried to unmask and identify their identity.
The Pokemon Company said it detected hacking attempts against some of its users and reset those user account passwords.
A spokesperson for the company said there was no breach, just a series of hacking attempts against some users.
To protect our customers we have reset some passwords which prompted the message,” said Daniel Benkwitt, a Pokemon Company spokesperson.
The description of the Pokemon account breaches sounds like credential stuffing, where malicious hackers use usernames and passwords stolen from other breaches and reuse them on other sites.
For its part, the Pokemon Company does not allow its users to enable two-factor on their accounts, when TechCrunch checked.
