Netflix will test charging its subscribers an additional fee for account access for users outside the household in an effort to control unauthorized password sharing. The company has for many years ignored the practice of multiple users logging in to the same account from different locations, even though their terms of service say accounts “may not be shared with individuals beyond your household.” One analyst estimates Netflix leaves $6 billion a year on the table due to illicit password sharing. The result is “impacting our ability to invest in great new TV and films for our members,” the company explains. Continue reading Netflix Will Test Converting Password Sharers into Paid Subs

Google says that by the end of 2021 it will automatically enroll about 150 million Google users and 2 million YouTubers in the company’s two-step verification program. Users will be required to not only enter a log-in password, but also to enter a code sent via text or app or security key. Google declined to say how many of its users had voluntarily enabled the extra security step prior to Alphabet’s new mandate. The move comes as a result of what many describe as consumer apathy in the face of heightened digital dangers. Google, Twitter, Facebook and Instagram have all urged users to adopt two-step verification with lackluster results. Continue reading Google Looks to Improve Security with 2SV Auto-Enrollment

MoviePass, which shut its doors in January 2019, just settled with the Federal Trade Commission over allegations that it prevented customers from using the service as advertised and did not protect their data privacy. The company offered users one movie ticket per day for any movie at any theater for $9.95 a month but soon had to raise subscription fees and limit movie tickets. The FTC accused the company of deceptively marketing its services, invalidating customer passwords to prevent users from obtaining tickets, and failing to secure user data. Continue reading MoviePass Settles with FTC Over Fraud, Data Security Issues

Netflix, with 207.6 million global subscribers, still dominates streaming video. But the growing number of rivals, including Disney+, HBO Max, Paramount+, Apple TV+, Amazon Prime Video and Hulu, is beginning to chip away at its position. Netflix reported four million new subscribers in Q1 2021, below the six million it predicted; it expects only one million new customers in the current quarter. It is also cracking down on password-sharing, but co-chief executive Reed Hastings said the process won’t be aggressive. Continue reading Netflix Battles New Rivals, Cracks Down on Password Sharing

Netflix is reportedly considering a move to enforce one of its terms of service: that a customer’s account credentials cannot be shared with individuals beyond the account holder’s household. The company recently introduced a limited test that displays a warning that reads, “if you don’t live with the owner of this account, you need your own account to keep watching.” It next prompts viewers with three options: to get an email or text verification code to authenticate the account, click on a button to verify later, or sign up for a new account. Continue reading Netflix Running Test to Curb Unauthorized Password Sharing

Last month, three alleged hackers were arrested for manipulating Twitter to control 45 accounts of high-profile figures including Jeff Bezos, Joe Biden and Elon Musk. Now, the technique these young malefactors used — dubbed “phone spear phishing” — is being used by so many other bad actors that experts dub it a crime wave. Phone spear phishing, also known as “vishing,” a mashup of “voice phishing,” has been used this last month to attack banks, web hosting companies and cryptocurrency exchanges, said investigators. Continue reading Twitter Hack Technique Is Being Replicated for Other Attacks

Since 2015, Twitter chief executive Jack Dorsey and the company board have been warned annually about internal cybersecurity risks. In fact, there are about 1,500 employees plus contractors with the power to make changes in 186 million daily user accounts, and the company had experienced breaches due to internal sources. Then, on July 15, hackers tricked employees to compromise 130 Twitter accounts, including those of Jeff Bezos, Joe Biden, Barack Obama and Elon Musk, stealing data from eight unidentified accounts. Continue reading Latest Twitter Hack Puts Spotlight on Internal Security Issues

K7 Labs malware researcher Dinesh Devadoss discovered a new form of malware aimed at Mac computers. ThiefQuest (originally dubbed EvilQuest, until researchers discovered that’s the name of a Steam game) isn’t simply ransomware but also contains spyware that allows it to exfiltrate an infected computer’s files, search it for passwords and cryptocurrency wallet data, and nab passwords and credit card numbers. Even after a computer reboots, the spyware lingers as a backdoor that could be used for a second-stage attack. Continue reading ThiefQuest Is New Ransomware and Spyware Aimed at Macs

According to six sources, in response to FBI concerns, Apple dropped the plan to allow iPhone users to encrypt backups in its iCloud service. Although this took place two years ago, it is just now being reported. Stress between Apple’s stance on privacy and law enforcement’s push to have access to its phones re-emerged a few weeks ago when a Saudi Air Force officer killed three Americans at Naval Air Station Pensacola. U.S. attorney general William Barr and President Donald Trump urged Apple to unlock the killer’s two iPhones. Continue reading Apple Drops iCloud Encryption Plan Based on FBI Concerns

HBO, Netflix and major cable companies have joined forces to crack down on password sharing. The group is discussing ways to close that loophole, which, with piracy, is costing them a projected $6.6 billion in lost revenue this year. According to sources, among the potential measures are to require customers to periodically change their passwords, or to text codes to subscribers’ phones that they’d need to enter. Another option would be to make rules on devices that can be used to access a subscription outside the home. Continue reading Pay TV and Cable Companies Aim To Limit Password Sharing

For Cybersecurity Awareness Month, Google is introducing three tools to give users more control over their data when using Google Assistant, Google Maps and YouTube. Maps will roll out “incognito mode” for Android users this month and include iOS users soon. YouTube will feature the “rolling auto-delete” feature available for location and web data history. The company will also build its password checkup into account controls, to make it easier for the user to determine if her logins have been part of a security breach. Continue reading Google Debuts New Tools to Protect Personal Data Privacy

More than 419 million records of Facebook users in the United States, United Kingdom and Vietnam — including Facebook IDs and user phone numbers — were recently found online (although Facebook disputes that number). The exposed server was reportedly not password-protected, which suggests the database was accessible to anyone. The server contained user data across multiple databases that could potentially enable spam calls and SIM-swapping attacks. According to Facebook, the breach involved user data collected prior to the introduction of new security measures. The company has since taken the exposed data set offline.  Continue reading Exposed Database of Facebook User Data Is Found Online

With its Xfinity X1, Comcast has remade the traditional cable box, with a voice-enabled remote that allows search across live TV, on-demand and sources such as Netflix. It combines the multiple apps, passwords and monthly fees of streaming services into one place, with one bill. Perhaps we don’t need to get rid of cable, but rather to improve it. With the advent of ever-more choices from Apple, Amazon, Roku to Verizon and T-Mobile, the major cablecasters have the chance to bring their services into the modern TV age. Continue reading Cable Providers Update Boxes to Retain Fleeing Customers

Security researcher Brian Krebs revealed that up to 600 million passwords of Facebook users were mistakenly stored in plain text and accessible by up to 20,000 Facebook employees. The passwords were reportedly logged and stored without encryption. KrebsOnSecurity explained yesterday that in some cases, passwords were searchable as far back as 2012. Facebook says it has resolved a “glitch” that may be responsible for the problem and will be notifying users of Facebook, Facebook Lite and Instagram. The company said that its internal investigation did not uncover any misuse of the data. Continue reading ‘Glitch’ Exposes Millions of Facebook Passwords Internally

Congress introduced the Internet of Things Cybersecurity Improvement Act yesterday, in an effort to position legislative power behind securing connected devices. Defense Intelligence Agency director Lieutenant General Robert Ashley told lawmakers last year that IoT devices are considered one of the “most important emerging cyberthreats” to national security. Without a national standard for IoT security, we need to rely on steps taken by individual companies. The legislation, which was first introduced in 2017, would require security standards for IoT devices used by the federal government. Continue reading Congress Introduces IoT Bill to Protect Connected Devices