password manager
Auto Added by WPeMatico
Auto Added by WPeMatico
WildWorks, the gaming company that makes the popular kids game Animal Jam, has confirmed a data breach.
Animal Jam is one of the most popular games for kids, ranking in the top five games in the 9-11 age category in Apple’s App Store in the U.S., according to data provided by App Annie. But while no data breach is ever good news, WildWorks has been more forthcoming about the incident than most companies would be, making it easier for parents to protect both their information and their kids’ data.
Here’s what we know.
WildWorks said in a detailed statement that a hacker stole 46 million Animal Jam records in early October but that it only learned of the breach in November.
The company said someone broke into one of its systems that the company uses for employees to communicate with each other, and accessed a secret key that allowed the hacker to break into the company’s user database. The bad news is that the stolen data is known to be circulating on at least one cybercrime forum, WildWorks said, meaning that malicious hackers may use (or be using) the stolen information.
The stolen data dates back to over the past 10 years, the company said, so former users may still be affected.
Much of the stolen data wasn’t highly sensitive, but the company warned that 32 million of those stolen records had the player’s username, 23.9 million records had the player’s gender, 14.8 million records contained the player’s birth year and 5.7 million records had the player’s full date of birth.
But, the company did say that the hacker also took 7 million parent email addresses used to manage their kids’ accounts. It also said that 12,653 parent accounts had a parent’s full name and billing address, and 16,131 parent accounts had a parent’s name but no billing address.
Besides the billing address, the company said no other billing data — such as financial information — was stolen.
WildWorks also said that the hacker stole players’ passwords, prompting the company to reset every player’s password. (If you can’t log in, that’s probably why. Check your email for a link to reset your password.) WildWorks didn’t say how it scrambled passwords, which leaves open the possibility that they could be unscrambled and potentially used to break into other accounts that have the same password as used on Animal Jam. That’s why it’s so important to use unique passwords for each site or service you use, and use a password manager to store your passwords safely.
The company said it was sharing information about the breach with the FBI and other law enforcement agencies.
So what can parents do?
Powered by WPeMatico
As any startup grows, getting new products out the door and securing that next round of funding are always top priorities.
But security, all too often, falls by the wayside. After all, why would you invest money in something that you hope never happens when you could be funneling cash back into the business?
Fostering a corporate culture that embraces cybersecurity best practices keeps customer data safe and your company’s reputation intact. But security isn’t something you can easily tack on later. It must be ingrained in your company’s culture, and it’s so much easier to start in the early days of your company than scrambling in the aftermath of a data breach.
But how do you get there?
At TechCrunch Early Stage, we asked Casey Ellis, founder, chairman and chief technology officer at Bugcrowd, to share his ideas for how startups can improve their security posture.
Bugcrowd helps companies dip into a huge pool of cybersecurity talent — including hackers and security researchers — to find vulnerabilities. By helping companies identify flaws, they can shore up their defenses before malicious hackers break in. Few know better than Ellis — who’s run Bugcrowd for close to a decade — which policies, procedures and protections companies have put in place to get there.
Extra Crunch subscribers can log in and watch the video below.
Powered by WPeMatico
Google today announced a new autofill experience for Chrome on mobile that will use biometric authentication for credit card transactions, as well as an updated built-in password manager that will make signing in to a site a bit more straightforward.
Chrome already uses the W3C WebAuthn standard for biometric authentication on Windows and Mac. With this update, this feature is now also coming to Android .
If you’ve ever bought something through the browser on your Android phone, you know that Chrome always asks you to enter the CVC code from your credit card to ensure that it’s really you — even if you have the credit card number stored on your phone. That was always a bit of a hassle, especially when your credit card wasn’t close to you.
Now, you can use your phone’s biometric authentication to buy those new sneakers with just your fingerprint — no CVC needed. Or you can opt out, too, as you’re not required to enroll in this new system.
As for the password manager, the update here is the new touch-to-fill feature that shows you your saved accounts for a given site through a standard Android dialog. That’s something you’re probably used to from your desktop-based password manager already, but it’s definitely a major new built-in convenience feature for Chrome — and the more people opt to use password managers, the safer the web will be. This new feature is coming to Chrome on Android in the next few weeks, but Google says that “is only the start.”
Powered by WPeMatico
After a series of developer previews, Google today released the first beta of Android 11, and with that, it is also making these pre-release versions available for over-the-air updates. This time around, the list of supported devices only includes the Pixel 2, 3, 3a and 4.
If you’re brave enough to try this early version (and I wouldn’t do so on your daily driver until a few more people have tested it), you can now enroll here. Like always, Google is also making OS images available for download and an updated emulator is available, too.
Google says the beta focuses on three key themes: people, controls and privacy.
Like in previous updates, Google once again worked on improving notifications — in this case, conversation notifications, which now appear in a dedicated section at the top of the pull-down shade. From there, you will be able to take actions right from inside the notification or ask the OS to remind you of this conversation at a later time. Also new is built-in support in the notification system for what are essentially chat bubbles, which messaging apps can now use to notify you even as you are working (or playing) in another app.
Another new feature is consolidated keyboard suggestions. With these, Autofill apps and Input Method Editors (think password managers and third-party keyboards), can now securely offer context-specific entries in the suggestion strip. Until now, enabling autofill for a password manager, for example, often involved delving into multiple settings and the whole experience often felt like a bit of a hack.
For those users who rely on voice to control their phones, Android now uses a new on-device system that aims to understand what is on the screen and then automatically generates labels and access points for voice commands.
As for controls, Google is now letting you long-press the power button to bring up controls for your smart home devices (though companies that want to appear in this new menu need to make use of Google’s new API for this). In one of the next beta releases, Google will also enable media controls that will make it easier to switch the output device for their audio and video content.
In terms of privacy, Google is adding one-time permissions so that an app only gets access to your microphone, camera or location once, as well as auto-resets for permissions when you haven’t used an app for a while.
A few months ago, Google said that developers would need to get a user’s approval to access background location. That caused a bit of a stir among developers and now Google will keep its current policies in place until 2021 to give developers more time to update their apps.
In addition to these user-facing features, Google is also launching a series of updates aimed at Android developers. You can read more about them here.
Powered by WPeMatico
Google says a small number of its enterprise customers mistakenly had their passwords stored on its systems in plaintext.
The search giant disclosed the exposure Tuesday but declined to say exactly how many enterprise customers were affected. “We recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed,” said Google vice president of engineering Suzanne Frey.
Passwords are typically scrambled using a hashing algorithm to prevent them from being read by humans. G Suite administrators are able to manually upload, set and recover new user passwords for company users, which helps in situations where new employees are on-boarded. But Google said it discovered in April that the way it implemented password setting and recovery for its enterprise offering in 2005 was faulty and improperly stored a copy of the password in plaintext.
Google has since removed the feature.
No consumer Gmail accounts were affected by the security lapse, said Frey.
“To be clear, these passwords remained in our secure encrypted infrastructure,” said Frey. “This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords.”
Google has more than 5 million enterprise customers using G Suite.
Google said it also discovered a second security lapse earlier this month as it was troubleshooting new G Suite customer sign-ups. The company said since January it was improperly storing “a subset” of unhashed G Suite passwords on its internal systems for up to two weeks. Those systems, Google said, were only accessible to a limited number of authorized Google staff, the company said.
“This issue has been fixed and, again, we have seen no evidence of improper access to or misuse of the affected passwords,” said Frey.
Google said it’s notified G Suite administrators to warn of the password security lapse, and will reset account passwords for those who have yet to change.
A spokesperson confirmed Google has informed data protection regulators of the exposure.
Google becomes the latest company to have admitted storing sensitive data in plaintext in the past year. Facebook said in March that “hundreds of millions” of Facebook and Instagram passwords were stored in plaintext. Twitter and GitHub also admitted similar security lapses last year.
Read more:
Powered by WPeMatico
If you travel a lot, especially internationally, a new worry being added to the pile is the threat of being forced to unlock your phone for a customs agent. 1Password has a handy solution for this in the form of Travel Mode, which temporarily deauthorizes a device to access your passwords and accounts. Read More
Powered by WPeMatico