Welcome back to ‘This Week in Getting Hacked’—the world’s greatest cybersecurity-related link dump! Each week, we bring you the best news stories from the cybersecurity field, letting you know who’s getting hacked, who’s hacking, what data is leaking, and about what you should take with caution. So strap in, change your password, and let’s find out who’s getting hacked this week!
On to the links…
Smartphone Company OnePlus got absolutely wrecked. News of this hack came out late last week and we didn’t have many details, but it’s bad. Over 40,000 users are subjected to credit card fraud via a script placed on OnePlus’s payment page. Oh, and it went unnoticed for two months!
The good news is that if you used PayPal or a saved, previously-used credit card you weren’t affected. OnePlus says they are “working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit.” Here’s hoping they won’t find anything else!
If you use Gmail, chances are you still aren’t using two-factor authentication. That’s right, Google has stated that over 90 percent of their users still aren’t using two-factor authentication. I, unfortunately, am one of these people despite posting this weekly blog. Perhaps I should get on that.
Google software engineer, Grzegorz Milka, posits that this is because:
“It’s about how many people would we drive out if we force them to sue additional security.”
It’s a strange thought, at the surface, but let’s think about it. Most people want security, right? But they don’t really want to work for it, right? So, really, there’s no win-win except for the super-duper paranoid. Anyways, this wasn’t really a hack, just a statistic that says you’re more susceptible to a hack.
Go change your Google password, people.
Speaking of two-factor authentication, let’s talk about how Uber doesn’t care that their two-factor system is basically useless. There’s a bug in Uber’s two-factor authentication that’s rendering the security practically useless.
Uber, being the upstanding company that it is, ignored the issue for a few months, but they did eventually fix it. Good lord, people.
That’s it for this week! Stay safe out there and change your passwords for f*&k’s sake!