Archive for Social Media

US Visa Applicants Now Asked For Social Media Details and More

New rules from the US State Department will mean that US visa applicants will have to submit social media names and five years’ worth of email addresses and phone numbers.

Extended To All

Under the new rules, first proposed by the Trump administration back in February 2017, whereas previously the only visa applicants who had needed such vetting were those from parts of the world known to be controlled by terrorist groups, all applicants travelling to the US to work or to study will now be required to give those details to the immigration authorities. The only exemptions will be for some diplomatic and official visa applicants.

Delivering on Election Immigration Message

The new stringent rules follow on from the proposed crackdown on immigration that was an important part of now US President Donald Trump’s message during the 2016 election campaign.

Back in July 2016, the Federal Register of the U.S. government published a proposed change to travel and entry forms which indicated that the studying of social media accounts of those travelling to the U.S. would be added to the vetting process for entry to the country. It was suggested that the proposed change would apply to the I-94 travel form, and to the Electronic System for Travel Authorisation (ESTA) visa. The reason(s) given at the time was that the “social identifiers” would be: “used for vetting purposes, as well as applicant contact information. Collecting social media data will enhance the existing investigative process and provide DHS greater clarity and visibility to possible nefarious activity and connections by providing an additional toolset which analysts and investigators may use to better analyse and investigate the case.”

There had already been reports that some U.S. border officials had actually been asking travellers to voluntarily surrender social media information since December 2016.

2017

In February 2017, the Trump administration indicated that it was about to introduce an immigration policy that would require foreign travellers to the U.S. to divulge their social media profiles, contacts and browsing history and that visitors could be denied entry if they refused to comply. At that time, the administration had already barred citizens of seven Muslim-majority countries from entering the US.

Criticism

Critics of the idea that social media details should be obtained from entrants to the US include civil rights group the American Civil Liberties Union which pointed out that there is no evidence it would be effective and that it could lead to self-censorship online.  Also, back in 2017, Jim Killock, executive director of the Open Rights Group was quoted online media as describing the proposed as “excessive and insulting”.

What Does This Mean For Your Business?

Although they may sound a little extreme, these rules have now become a reality and need to be considered by those needing a US visa.  Given the opposition to President Trump and his some of his thoughts and policies and the resulting large volume of Trump-related content that is shared and reacted to by many people, these new rules could be a real source of concern for those needing to work or to study in the US.  It is really unknown what content, and what social media activity could cause problems at immigration for travellers, and what the full consequences could be.

People may also be very uncomfortable being asked to give such personal and private details as social media names and a massive five years’ worth of email addresses and phone numbers, and about how those personal details will be stored and safeguarded (and how long for), and by whom they will be scrutinised and even shared.  The measure may, along with other reported policies and announcements from the Trump administration even discourage some people from travelling to, let alone working or studying in the US at this time. This could have a knock-on negative effect on the economy of the US, and for those companies wanting to get into the US marketplace with products or services.

Surveillance Attack on WhatsApp

It has been reported that it was a surveillance attack on Facebook’s WhatsApp messaging app that caused the company to urge all of its 1.5bn users to update their apps as an extra precaution recently.

What Kind of Attack?

Technical commentators have identified the attack on WhatsApp as a ‘zero-day’ exploit that is used to load spyware onto the victim’s phone.  Once the victim’s WhatsApp has been hijacked and the spyware loaded onto the phone, it can, for example, access encrypted chats, access photos, contacts and other information, as well as being able to eavesdrop on calls, and even turn on the microphone and camera.  It has been reported that the exploit can also alter the call logs and hide the method of infection.

How?

The attack is reported to be able to use the WhatsApp’s voice calling function to ring a target’s device. Even if the target person doesn’t pick the call up the surveillance software can be installed, and the call can be wiped from the device’s call log.  The exploit can happen by using a buffer overflow weakness in the WhatsApp VOIP stack which enables an overwriting of other parts of the app’s memory.

It has been reported that the vulnerability is present in the Google Android, Apple iOS, and Microsoft Windows Phone builds of WhatsApp.

Who?

According to reports in the Financial Times which broke the story of the WhatsApp attack (which was first discovered earlier this month), Facebook had identified the likely attackers as a private Israeli company, The NSO Group, that is part-owned by the London-based private equity firm Novalpina Capital.  According to reports, The NSO Group are known to work with governments to deliver spyware, and one of their main products called Pegasus can collect intimate data from a targeted device.  This can include capturing data through the microphone and camera and also gathering location data.

Denial

The NSO Group have denied responsibility.  NSO has said that their technology is only licensed to authorised government intelligence and law enforcement agencies for the sole purpose of fighting crime and terror, and that NSO wouldn’t or couldn’t use the technology in its own right to target any person or organisation.

Past Problems

WhatsApp has been in the news before for less than positive reasons.  For example, back in November 2017, WhatsApp was used by ‘phishing’ fraudsters to circulate convincing links for supermarket vouchers in order to obtain bank details.

Fix?

As a result of the attack, as well as urging all of its 1.5bn users to update their apps, engineers at Facebook have created a patch for the vulnerability (CVE-2019-3568).

What Does This Mean For Your Business?

Many of us think of WhatsApp as being an encrypted message app, and therefore somehow more secure. This story shows that WhatsApp vulnerabilities are likely to have existed for some time.  Although it is not clear how many users have been affected by this attack, many tech and security commentators think that it may have been a focused attack, perhaps of a select group of people.

It is interesting that we are now hearing about the dangers of many attacks being perhaps linked in some way to states and state-sponsored groups rather than individual actors, and the pressure is now on big tech companies to be able to find ways to guard against these more sophisticated and evolving kinds of attacks and threats that are potentially on a large scale.  It is also interesting how individuals could be targeted by malware loaded in a call that the recipient doesn’t even pick up, and it perhaps opens up the potential for new kinds of industrial espionage and surveillance.

Slack Builds Email Bridge

Chat App and collaborative working tool Slack appears to have given up the fight to eliminate email by allowing the introduction of new tools that enable Slack collaboration features inside Gmail and Outlook, thereby building a more inclusive ‘email bridge’.

What Is Slack?

Slack, launched ‘way back’ in 2013, is a cloud-based set of proprietary team collaboration tools and services. It provides mobile apps for iOS, Android, Windows Phone, and is available for the Apple Watch, enabling users to send direct messages, see mentions, and send replies.

Slack teams enable users (communities, groups, or teams) to join through a URL or invitation sent by a team admin or owner. It was intended as an organisational communication tool, but it has gradually been morphing into a community platform i.e. it is a business technology that has crossed-over into personal use.

Email Bridge

After having a five-year battle against email, Slack is building an “email bridge” into its platform that will allow those who only have email to communicate with Slack users.

Aim

The change is aimed at getting those members of an organisation on board who have signed up to the Slack app but are not willing to switch entirely from email to Slack. The acceptance that not everyone wants to give up using their email altogether has made way for a belief by Slack that something at least needs to be built-in to the app to allow companies and organisations to be able to leverage the strengths of all their workers, and at least allow those organisation and team members who are separated because of their Slack vs email situation to be connected to the important conversations within Slack. It will also now mean that companies and organisations have time to make the transition in working practices at their own pace (or not ) i.e. migrate (or not migrate) entirely to Slack.

How?

The change supports Slack’s current Outlook and Gmail functionality, which enables users to forward emails into a channel where members can view and discuss the content and plan responses from inside Slack. It also allows anything set within the Outlook or Gmail Calendar to be automatically synced to Slack.

The new changes will allow team members who have email but have not committed to Slack to receive an email notification when they’re mentioned by their username in channels or are sent a direct message.

What Does This Mean For Your Business?

Slack appears to have listened to Slack users who’d like a way to keep connected with their e-mail only / waiting to receive credentials colleagues, and the email bridge is likely to meet with their approval in this respect.  For Slack, it also presents the opportunity gently for those people who are more resistant to change into eventually making the move to Slack.

This change is one of several announced by Slack, such as the ‘Actions’ feature last year, and the two new toolkits (announced in February this year) that will allow non-coders to build apps within Slack.

Slack knows that there are open source and other alternatives in the market, and the addition of more features and more alliances will help Slack to provide more valuable tools to users, thereby helping it to gain and retain loyalty and compete in a rapidly evolving market.

‘ManyChat’ Raises $18 million Funding For Facebook Messenger Bot

California-based startup ‘ManyChat’ has raised $18 million Series A funding for its Facebook Messenger marketing bot.

ManyChat

ManyChat Inc. is now the leading messenger marketing product, reportedly powering over 100,000 bots on Facebook Messenger.

ManyChat lets you use visual drag`n`drop interface to create a free Facebook Messenger bot for marketing, sales and support.  The bot is essentially a Facebook Page that sends out messages and responds to users automatically.

The ManyChat bot allows you to welcome new users, send them content, schedule posts, set up keyword auto-responses (text, pictures, menus), automatically broadcast your RSS feed and more.

The bot, which is a blend of automation and personal outreach also incorporates Live Chat that notifies you when a conversation is needed with a subscriber.

Facebook Messenger

ManyChat says it has focused on Facebook Messenger because it is the #1 app in the US and Canada with over 1 billion active users, and it is the most engaging channel with average 80% open rates and 4 to 10 times higher CTRs compared to email.

The Funding

The $18 million funding for ManyChat was led by Bessemer Venture Partners, with participation from Flint Capital, and means that Bessemer’s Ethan Kurzweil will be joining the board of directors, and Bessemer’s Alex Ferrara becomes a board observer.

1+ Million Accounts Created

ManyChat reports that more than 1 million accounts have been created on the platform already by customers in many different industry sectors.  The platform has also reported that these 1+ million customers have managed to enlist 350 million Messenger subscribers and that there are now a staggering 7 billion messages sent on the platform each month.

What Does This Mean For Your Business?

Bots provide a way for businesses to reduce costs, make better use of resources and communicate with customers and enquirers 24/7.

As ManyChat points out, it’s becoming increasingly difficult for businesses to effectively reach their audience because people open less email and social media is ‘noisy’ to the point where messages become lost in the crowd.  A key advantage of ManyChat, therefore, is that it uses Facebook Messenger as a private channel of communication with each user, it’s instant and interactive, no message is ever lost, and Messenger has huge user numbers. Other advantages that businesses will appreciate is that it’s free and easy to set up the bot (no coding skills are required), and it offers the best of both worlds of automated communications, and the option to jump in with Live Chat when it is needed.

This kind of bot could enable businesses and organisations to make their marketing more effective while maximising efficiency.

ManyChat is also good news for Facebook which owns Messenger as it appears to be boosting user numbers by finding an improved, business-focused use for the app.

For ManyChat, its Facebook Messenger bot appears to be only the beginning (hence the funding), with investors looking at platforms like Instagram, WhatsApp, RCS, and more to further expand bot marketing services in the future.

New UK ‘Duty of Care’ Rules To AppNew UK ‘Duty of Care’ Rules To Apply To Social Media Companiesly To Social Media Companies

The new ‘Online Harms’ whitepaper marks a world first as the UK government plans to introduce regulation to hold social media and other tech companies to account for the nature of the content they display, backed by the policing power of an independent regulator and the threat of fines or a ban.

Duty of Care

The proposed new legal framework from the Department for Digital, Culture, Media and Sport (DCMS) and the Home Office aims to give social media and tech companies a duty of care to protect users from threats, harm, and other damaging content relating to cyberbullying, terrorism, disinformation, child sexual exploitation and encouragement of behaviours that could be damaging.

The need for such regulation has been recognised for some time and was brought into sharper focus recently by the death in the UK of 14-year-old Molly Russell, who was reported to have viewed online material on depression and suicide, and in March this year, the live streaming on one of Facebook’s platforms of the mass shooting at a mosque in New Zealand which led Australia to suggest fines for social media and web-hosting companies and imprisonment of executives if violent content is not removed.

The Proposed Measures

The proposed measures by the UK government in its white paper include:

  • Imposing a new statutory “duty of care” that will hold companies accountable for the safety of their users, as well as a commitment to tackle the harm caused by their services.
  • Tougher requirements on tech companies to stop the dissemination of child abuse and terrorist content online.
  • The appointment of an independent regulator with the power to force social media platforms and tech companies to publish transparency reports on the amount of harmful content on their platforms and what they are doing to address the issue.
  • Forcing companies to respond to users’ complaints, and act quickly to address them.
  • The introduction of codes of practice by the regulator which will include requirements to minimise the spread of misleading and harmful disinformation using dedicated fact checkers (at election time).
  • The introduction of a “safety by design” framework that could help companies to incorporate the necessary online safety features in their new apps and platforms at the development stage.

GDPR-Style Fines (Or A Ban)

Culture, Media and Sport Secretary Jeremy Wright has said that tech companies that don’t do everything reasonably practicable to stop harmful content on their platforms could face fines comparable with those imposed for serious GDPR breaches e.g. 4% of a company’s turnover.

It has also been suggested that under the new rules to be policed by an independent regulator, bosses could be held personally accountable for not stopping harmful content on their platforms. It has also been suggested that in the most serious cases, companies could be banned from operating in Britain if they do not do everything reasonably practical to stop harmful content being spread via their platforms.

Balance

Although there is a general recognition that regulation to protect, particularly young people, from harmful/damaging content is a good thing, a proportionate and predictable balance needs to be struck between protecting society and supporting innovation and free speech.

Facebook is reported to have said that it is looking forward to working with the government to ensure new regulations were effective and have a standard approach across platforms.

Criticism

The government’s proposals will now have a 12-week consultation, but the main criticism to date has been that parts of the government’s approach in the proposals are too vague and that regulations alone can’t solve all the problems.

What Does This Mean For Your Business?

Clearly, the UK government believes that self-regulation among social media and tech companies does not work.  The tech industry has generally given a positive response to the government’s proposals and to an approach that is risk-based and proportionate rather than one size fits all.  The hope is that the vaguer elements of the proposals can be clarified and improved over the next 3 months of consultation. 

To ensure the maximum protection for UK citizens, any regulations should be complemented by ongoing education for children, young people and adults to make sure that they have the skills and awareness to navigate the digital world safely and securely.

Facebook Rolls Out ‘Why Am I Seeing This Post?’ Tool

In an attempt to be more transparent and give more control to its users, Facebook is about to roll-out a new “Why am I seeing this post?” tool, which will give users insights into their newsfeed algorithm.

Algorithm Explained

The new tool essentially goes some way to explaining how the algorithm that decides what appears where in a user’s Facebook newsfeed works.  The tool will give a view of the inputs used by the social network to rank stories, photos and video, and in doing so will enable users to access the actions that they may want to take if they want to change what they see in their newsfeed.

How?

The new tool, which was developed using research groups in New York, Denver, Paris and Berlin, will show users the data that connects them to a certain type of post e.g. they may be friends with the poster, or they’ve liked  a person’s  posts more than others, they’ve frequently commented on that type of post before, or that the post has proved to be popular with users who have the same interests.

Although the tool will enable users to see how the key aspects of the algorithm work, in the interests of convenience, simplicity, speed and security, users will not be shown all the many thousands of inputs that influence the decision.

Additional Details

Facebook is also updating its existing “Why Am I Seeing this Ad?” feature with additional details such as explaining how ads work that target customers using email lists.

Newsfeed Strategy Shift

Early last year, Facebook changed its newsfeed strategy so that posts from family and friends were given greater priority, and non-advertising content from publishers and brands was downgraded.

Bad Times

Facebook’s reputation has reached several low points in recent times in matters relating to the data security and privacy of its users, and how the company has responded to calls for it to clean up content such as hate speech, certain types of video, and political messages from other states.

Most famously, Facebook was fined £500,000 for data breaches relating to the harvesting of the personal details of 87 million Facebook users without their explicit consent, and the sharing of that personal data with London-based political Consulting Firm Cambridge Analytica, which is alleged to have used that data to target political messages and advertising in the last US presidential election campaign. Also, harvested Facebook user data was shared with Aggregate IQ, a Data Company which worked with the ‘Vote Leave’ campaign in the run-up to the Brexit Referendum.

In September last year, Facebook engineers discovered that hackers had used a vulnerability in Facebook’s “View As” feature to compromise an estimated 50 million user accounts.

Additionally, last February the governor of New York, Andrew Cuomo, ordered an investigation into reports that Facebook Inc may have been using apps on users’ smartphones to collect personal information about them.

What Does This Mean For Your Business?

After a series of high profile privacy scandals, Facebook has been making efforts to regain the trust of its users, not just out of a sense of responsibility, but to protect its brand and pave the way for the roll-out a single messaging service which combines Facebook messenger, WhatsApp and Instagram that could make Facebook even more central to users’ communications. Facebook bought Instagram as a way to retain users who were moving away from Facebook, but these users jumped straight onto WhatsApp.  This new service will be a way for Facebook to join all these pieces together, make the best use of what it has, and maximise the value and appeal to users.

The new “Why am I seeing this post?” tool does sound as though it will cover both bases of giving users more control and improving transparency, and it is one of many things that Facebook has been trying to do (and to be seen to do) in order to make the headlines for the right reasons.  Other measures have included announcing the introduction of new rules for political ad transparency in the UK, working with London-based fact-checking charity ‘Full Fact’ to review stories, images and videos, in an attempt to tackle misinformation, and even developing its own secure blockchain-based cryptocurrency that will enable its users to have a PayPal-like experience when purchasing advertised products, as well as providing authentication and an audit trail.

Facebook boss Mark Zuckerberg has also recently written an opinion piece in the Washington Post offering proposals to address the issues of harmful content, election protection, privacy and data protection, and data portability in his own platform and the wider social media and Internet environment.

New York’s Governor Orders Investigation Into Facebook Over App Concerns

The Governor of New York, Andrew Cuomo, has ordered an investigation into reports that Facebook Inc may be using apps on users’ smartphones to collect personal information about them.

Alerted By Wall Street Journal

The Wall Street Journal prompted the Governor to order New York’s Department of State and Department of Financial Services (DFS) to investigate Facebook when the paper reported that Facebook may have more access than it should to data from certain apps, sometimes even when a person isn’t even signed in to Facebook.

Health Data

It has been reported that the kind of data that some apps allegedly share with Facebook includes health-related information such as weight, blood pressure and ovulation status.

The alleged sharing of this kind of sensitive and personal data, whether or not a person is logged-in Facebook, prompted Governor Cuomo to call such practice an “outrageous abuse of privacy.”

Defence

Facebook’s defence against these allegations, which appears to have prompted a short-lived but noticeable fall in Facebook’s share value, was to point out that WSJ’s report focused on how other apps use people’s data to create ads.

Facebook added that it requires other app developers to be clear with their users about the information they are sharing with Facebook and that it prohibits app developers from sending sensitive data to Facebook.

The social media giant also stressed that it tries to detect and remove any data that should not be shared with it.

Lawsuits Pending

This appears to be just one of several legal fronts where Facebook will need to defend itself.  For example, Facebook is still facing a U.S. Federal Trade Commission investigation into the alleged inappropriate sharing of information belonging to 87 million Facebook users with now-defunct political consulting firm Cambridge Analytica.

Apple Also Accused By Governor Over FaceTime Bug

New York’s Governor Cuomo and New York Attorney General Letitia James have also announced an investigation into Apple Inc’s alleged failure to warn customers about a bug in its FaceTime app that could inadvertently allow eavesdropping as iPhones users were able to listen to conversations of others who have not yet accepted a video call.

DFS Involvement

The Department of Financial Services (DFS), which is one of the two agencies that have been ordered to investigate this latest Facebook app sharing matter has only recently begun to get more involved in digital matters, particularly by producing the country’s first cybersecurity rules governing state-regulated financial institutions such as banks, insurers and credit monitors.

Some commentators have expressed concern, however, about the DFS saying last month that DFS life insurers could use social media posts in underwriting their policies, on the condition that they did not discriminate based on race, colour, national origin, sexual orientation or other protected classes.

What Does This Mean For Your Business?

You could be forgiven for thinking that after the scandal over Facebook’s unauthorised sharing of the personal details of 87 million users with Cambridge Analytica, that Facebook may have learned its lesson about the sharing of personal data and may have tried harder to uncover and plug any loopholes that could allow this to happen. The tech giant still has several lawsuits and regulatory inquiries over privacy issues pending, and this latest revelation about the sharing very personal health information certainly won’t help its cause. Clearly, as the involvement of the FDS shows, there needs to be more oversight of (and investigation into) apps that share their data with Facebook, and possibly the need for more legislation and regulation of the smart app / smart tech ecosystem.

There are ways to stop Facebook from sharing your data with other apps via your phone settings and by disabling Facebook’s data sharing platform.  You can find instructions here: https://www.techbout.com/stop-facebook-from-sharing-your-personal-data-with-other-apps-37307/

Fake News Fact Checkers Working With Facebook

London-based, registered charity ‘Full Fact’ will now be working for Facebook, reviewing stories, images and videos, in an attempt to tackle misinformation that could “damage people’s health or safety or undermine democratic processes”.

Why?

The UK Brexit referendum, the 2017 UK general election, and the U.S. presidential election were both found to have suffered interference in the form of so-called ‘fake news’ / misinformation spread via Facebook which appears to have affected the outcomes by influencing voters.

For example, back in 2018, it was revealed that London-based data analytics company, Cambridge Analytica, which was once headed by Trump’s key adviser Steve Bannon, had illegally harvested 50 million Facebook profiles in early 2014 in order to build a software program that was used to predict and generate personalised political adverts to influence choices at the ballot box in the last U.S. election. Russia was also implicated in trying to influence voters via Facebook.

Chief executive of Facebook, Mark Zuckerberg, was made to appear before the U.S. Congress in April to talk about how Facebook is tackling false reports, and even recently a video that was shared via Facebook (which had 4 million views before being taken down) falsely suggested that smart meters emit radiation levels that are harmful to health. The information in the video was believed by many even though it was false.

Scoring System

Back in August 2018, it was revealed that for 2 years Facebook had been trying to manage some misinformation issues by using a system (operated by its own ‘misinformation team’) that allocated a trustworthiness score to some members.  Facebook is reported to be already working with fact-checkers in more than 20 countries. Facebook is also reported to have had a working relationship with Full Fact since 2016.

Full Fact’s System

This new system from third-party Full Fact will now focus on Facebook in the UK.  When users flag up to Facebook what they suspect may be false content, the Full Fact team will identify and review public pictures, videos or stories and use a rating system that will categorise them as true, false or a mixture of accurate and inaccurate content.  Users will then be told if the story they’ve shared, or are about to share, has been checked by Full Fact, and they’ll be given the option to read more about the claim’s source, but will not be stopped from sharing anything.

Also, the false rating system should mean that false content will appear lower in news feeds, so it reaches fewer people. Satire from a page or domain that is a known satire publication will not be penalised.

Like other Facebook third-party fact-checkers, Full Fact will be able to act against pages and domains that repeatedly share false-rated content e.g. by reducing by their distribution and by reducing their ability to monetise and advertise.  Also, Full Fact should be able to stop repeat offenders from registering as a news page on Facebook.

Assurances

Full Fact has published assurances that among other things, they won’t be given access to Facebook users’ private data for any reason, Facebook will have no control over what they choose to check, and they will operate in a way that is independent, impartial and open.

Political Ad Transparency – New Rules

In October last year, Facebook also announced that a new rule for the UK now means that anyone who wishes a place an advert relating to a live political issue or promoting a UK political candidate, referencing political figures, political parties, elections, legislation before Parliament and past referenda that are the subject of national debate, will need to prove their identity, and prove that they are based in the UK. The adverts they post will also have to carry a “Paid for by” disclaimer to enable Facebook users to see who they are engaging with when viewing the ad.

What Does This Mean For Your Business?

As users of social networks, we don’t want to see false news, and false news that influences the outcome of important issues (e.g. elections and referendums) have a knock-on effect to the economic and trade environment which, in turn, affects businesses.

Facebook appears to have lost a lot of trust over the Cambridge Analytica (SCL Elections) scandal, findings that Facebook was used to distribute posts of Russian origin to influence opinion in the U.S. election, and that the platform was also used by parties wishing to influence the outcome of the UK Referendum. Facebook, therefore, must show that it is taking the kind of action that doesn’t stifle free speech but does go some way to tackling the spread of misinformation via its platform.

There remains, however, some criticism in this case that Facebook may still be acting too slowly and not decisively enough, given the speed by which some false content can amass millions of views.

Reddit Locks Out Users Over Security Concerns

Online community Reddit shut some users out of their accounts and forced password resets due to “unusual activity” which may have been a ‘credential stuffing’ attempt by hackers.

Reddit

California-based Reddit, founded in 2005, is a kind social network / online community.  Reddit, which is the fifth most popular site in the United States (Alexa figures), is split into over a million communities called “subreddits,” each one covering a different topic.  Reddit allows registered members to submit content to the site, and that content is voted up and down by other members.

What Happened With The Lockdown?

According to Reddit’s own reports, a large group of accounts had to be locked down due to a security concern which took the form of account activity that resembled someone using very simple passwords or the reuse of credentials across multiple websites or services – in other words, a credential-stuffing attempt.

Reddit’s admin known as “u/Sporkicide” reported that it appeared likely that a list of usernames and passwords, possibly taken from another compromised site, were being tried against other popular sites, including Reddit, to see if they work e.g. if a user had used the same username and password for multiple websites.

Reddit advised customers, those with locked accounts would be allowed to reset their passwords and thereby unlock and restore their accounts. Reddit said that the notification to do so would be a notification to the account (affected customers could still log in to get it) and/or an email to any support ticket raised by affected users.

Not The First Time

Back in August 2018 Reddit reported that between a June 14th and June 18, an attacker compromised some employee accounts through their cloud and source code hosting providers and was able to access some user data, including email addresses and a complete 2007 database backup containing old passwords and early Reddit user data from the site’s launch in 2005 through May 2007.

Advice

As well as announcing that it was conducting a “painstaking investigation” of the incident, Reddit advised users to make sure that they choose strong passwords that are unique to Reddit, update their email addresses to enable automated password resets, and add two-factor authentication their accounts to make them more secure.

What Does This Mean For Your Business?

This story highlights the importance of not using the same username and password across many websites.  The danger is that, if hackers can steal login credentials in a hack on one website, they or other attackers who have purchased / acquired the stolen data may well try to use that login data on many other popular websites to try and gain access.

Also, where other security measures such as two-factor authentication are available, it is worth using it as an extra obstacle to the kind of simple, opportunistic credential-stuffing attempts that are all-too-frequent.

Businesses / organisations should always encourage users to use login details that are unique to their website, give visual guidance on password strength on set-up, and specify a certain number of required characters for passwords e.g. including a capital letter, numbers, other special characters, and making the password a certain length.  As well as being a bit more secure, this can also help to stop people from using exactly the same password between multiple sites.

Blurring of Personal and Business Technology Cause For Concern

A report by CCS Insight showing how three-quarters of employees are forced to install work software on their personal mobile devices has highlighted how the increased blurring of personal and business technology is causing concern.

Objections

The report, which took into account the views of 672 employees across the US and Western Europe about digital technology, revealed how, among many other concerns, workers object to the practice of having to download work-based applications onto their personal mobile devices just so that they can carry out their jobs. As well as the understandable objection to feeling forced to blur work and home life by having to install intrusive work software on a personal device, employees also objected to the practice out of fear that their employers could use the software to track them.

Poor Connectivity

Another major annoyance indicated by workers who took part in the survey was poor connectivity in the digital workplace.

WhatsApp Popularity

Despite highlighting poor connectivity at work as a major grumble for workers, it appears that it hasn’t stopped them from using always-on, connected apps. For example, the report revealed that WhatsApp is now the most widely used mobile app in businesses, even beating out Microsoft Office 365. WhatsApp, however, is likely to be something that workers will have on their phone anyway, and its end-to-end encryption means that workers don’t have to fear any kind of tracking by the boss through its use.

Other Concerns

Other employee concerns highlighted by the report include:

  • The fear that their job may be lost to AI. This concern was expressed despite half of the employees surveyed saying that they expect digital assistants such as Google Assistant to help them in their job.
  • Only two-thirds of employees saying that they trust their employers with their privacy.
  • A mistrust of tech giant companies, although Microsoft was shown to be more trusted than most.

What Does This Mean For Your Business?

The fact that many employees have high spec mobile devices and access to apps that could be used by the company, and the fact that ‘Bring Your Own Device’ (BYOD) schemes are commonplace, doesn’t appear to make employees feel comfortable about having to download work-based apps. Employees may be justified in feeling that they shouldn’t feel pressured into having to employ their personal devices for work tasks, and that employers shouldn’t rely so heavily upon the personal devices of employees instead of providing their own, and that respecting the barrier between work and home life is important. By the same token, employers who allow workers to use their own devices at work may also expect employees to be respectful in terms of how much time they spend dealing with personal matters during work time on their devices.

Workers may be justified in worrying about the impact of AI on their jobs in the future, and connectivity problems are a known source of work stress, particularly in the case of mobile workers.

When it comes to the mistrust of tech giants, this seems reasonable considering the number of high profile reports of data breaches and unauthorised data sharing in recent times (e.g. Facebook and Cambridge Analytica).