Security researcher Brian Krebs writes: New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans' Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today. In April, a cybercriminal named USDoD began selling data stolen from NPD. In July, someone leaked what was taken, including the names, addresses, phone numbers and in some cases email addresses for more than 272 million people (including many who are now deceased). NPD acknowledged the intrusion on Aug. 12, saying it dates back to a security incident in December 2023. In an interview last week, USDoD blamed the July data leak on another malicious hacker who also had access to the company's database, which they claimed has been floating around the underground since December 2023.

Following last week's story on the breadth of the NPD breach, a reader alerted KrebsOnSecurity that a sister NPD property -- the background search service recordscheck.net -- was hosting an archive that included the usernames and password for the site's administrator. A review of that archive, which was available from the Records Check website until just before publication this morning (August 19), shows it includes the source code and plain text usernames and passwords for different components of recordscheck.net, which is visually similar to nationalpublicdata.com and features identical login pages. The exposed archive, which was named "members.zip," indicates RecordsCheck users were all initially assigned the same six-character password and instructed to change it, but many did not. According to the breach tracking service Constella Intelligence, the passwords included in the source code archive are identical to credentials exposed in previous data breaches that involved email accounts belonging to NPD's founder, an actor and retired sheriff's deputy from Florida named Salvatore "Sal" Verini.

Reached via email, Mr. Verini said the exposed archive (a .zip file) containing recordscheck.net credentials has been removed from the company's website, and that the site is slated to cease operations "in the next week or so." "Regarding the zip, it has been removed but was an old version of the site with non-working code and passwords," Verini told KrebsOnSecurity. "Regarding your question, it is an active investigation, in which we cannot comment on at this point. But once we can, we will [be] with you, as we follow your blog. Very informative." The leaked recordscheck.net source code indicates the website was created by a web development firm based in Lahore, Pakistan called creationnext.com, which did not return messages seeking comment. CreationNext.com's homepage features a positive testimonial from Sal Verini.

BleepingComputer's Ionut Ilascu reports: Background check service National Public Data confirms that hackers breached its systems after threat actors leaked a stolen database with millions of social security numbers and other sensitive personal information. The company states that the breached data may include names, email addresses, phone numbers, social security numbers (SSNs), and postal addresses.

In the statement disclosing the security incident, National Public Data says that "the information that was suspected of being breached contained name, email address, phone number, social security number, and mailing address(es)." The company acknowledges the "leaks of certain data in April 2024 and summer 2024" and believes the breach is associated with a threat actor "that was trying to hack into data in late December 2023." NPD says they investigated the incident, cooperated with law enforcement, and reviewed the potentially affected records. If significant developments occur, the company "will try to notify" the impacted individuals.

Jimmy Miller, programmer and co-host of the future of coding podcast, writes in a blog: When I started programming as a kid, I didn't know people were paid to program. Even as I graduated high school, I assumed that the world of "professional development" looked quite different from the code I wrote in my spare time. When I lucked my way into my first software job, I quickly learned just how wrong and how right I had been. My first job was a trial by fire, to this day, that codebase remains the worst and the best codebase I ever had the pleasure of working in. While the codebase will forever remain locked by proprietary walls of that particular company, I hope I can share with you some of its most fun and scary stories.

[...] Every morning at 7:15 the employees table was dropped. All the data completely gone. Then a csv from adp was uploaded into the table. During this time you couldn't login to the system. Sometimes this process failed. But this wasn't the end of the process. The data needed to be replicated to headquarters. So an email was sent to a man, who every day would push a button to copy the data.

[...] But what is a database without a codebase. And what a magnificent codebase it was. When I joined everything was in Team Foundation Server. If you aren't familiar, this was a Microsoft-made centralized source control system. The main codebase I worked in was half VB, half C#. It ran on IIS and used session state for everything. What did this mean in practice? If you navigated to a page via Path A or Path B you'd see very different things on that page. But to describe this codebase as merely half VB, half C# would be to do it a disservice. Every javascript framework that existed at the time was checked into this repository. Typically, with some custom changes the author believed needed to be made. Most notably, knockout, backbone, and marionette. But of course, there was a smattering of jquery and jquery plugins.

Eric Schmidt, ex-CEO and executive chairman at Google, walked back remarks in which he said his former company was losing the AI race because of its remote-work policies. From a report: "I misspoke about Google and their work hours," Schmidt said Wednesday in an email to The Wall Street Journal. "I regret my error." Schmidt, who left Google parent Alphabet's board more than five years ago, spoke earlier at a wide-ranging discussion at Stanford University. He criticized Google's remote-work policies in response to a question about Google competing with OpenAI. "Google decided that work-life balance and going home early and working from home was more important than winning," Schmidt said at Stanford. "The reason startups work is because the people work like hell."

Video of Schmidt's talk was posted on YouTube this week by Stanford Online, a division of the university that offers online courses. The video, which had more than 40,000 views as of Wednesday afternoon, has since been set to private. Schmidt said he asked for the video to be taken down.

An anonymous reader quotes a report from SFGATE: Cisco Systems is laying off 7% of its workforce, the company announced in a filing with the Securities and Exchange Commission on Wednesday. It's the San Jose tech giant's second time slashing thousands of jobs this year. The networking and telecommunications company is vast, reporting to have 84,900 employees in July 2023 before it chopped at least 4,000 in February. That means the new 7% cut will likely affect at least 5,500 workers. Cisco spokesperson Robyn Blum said in an email to SFGATE that the layoff is meant to allow the company to invest in "key growth opportunities and drive more efficiency in our business." [...]

More hints about the layoff's potential reasoning showed up in a Wednesday blog post from CEO Chuck Robbins. The executive wrote that Cisco plans to consolidate its networking, security and collaboration teams into one organization and said the company is still integrating Splunk; Cisco closed its $28 billion acquisition of San Francisco-based data security and management company in March. Cisco also announced its earnings for its last fiscal year on Wednesday. Total revenue was slightly down year over year, to $53.8 billion, but the company still reported a $10.3 billion profit during the same period.

Paramount Global will lay off 15% of its U.S. workforce, close Paramount Television Studios, and transfer its projects to CBS Studios as part of a massive restructuring plan. According to Reuters, the media company "aims to reduce annual costs by $500 million and return to profitable growth ahead of its merger with David Ellison's Skydance Media." From the report: In an internal memo, Paramount's co-CEOs stated that the company is at an "inflection point" where changes are necessary to strengthen the business. The layoffs, which were announced during a post-earnings call last week, are expected to affect roughly 2,000 people. They will continue through the end of 2024, with 90% of the cuts expected to be completed by the end of September. Paramount Television Studios (PTVS) will also be shut down as part of the company's broader restructuring plans, President Nicole Clemens said in an email to employees.

George Cheeks, Paramount Global's co-CEO, said the move to close down the studio by the end of the week is the result of major shifts in the television and streaming industry and a need to streamline the company. All current PTVS series and development projects will be transferred to CBS Studios, Cheeks said, adding that members of CBS teams will also be leaving the company.

An anonymous reader quotes a report from The Guardian: When "I can has cheezburger?" became one of the first internet memes to blow our minds, it's unlikely that anyone worried about how much energy it would use up. But research has now found that the vast majority of data stored in the cloud is "dark data", meaning it is used once then never visited again. That means that all the memes and jokes and films that we love to share with friends and family -- from "All your base are belong to us", through Ryan Gosling saying "Hey Girl", to Tim Walz with a piglet -- are out there somewhere, sitting in a datacenter, using up energy. By 2030, the National Grid anticipates that datacenters will account for just under 6% of the UK's total electricity consumption, so tackling junk data is an important part of tackling the climate crisis.

Ian Hodgkinson, a professor of strategy at Loughborough University has been studying the climate impact of dark data and how it can be reduced. "I really started a couple of years ago, it was about trying to understand the negative environmental impact that digital data might have," he said. "And at the top of it might be quite an easy question to answer, but it turns out actually, it's a whole lot more complex. But absolutely, data does have a negative environmental impact." He discovered that 68% of data used by companies is never used again, and estimates that personal data tells the same story. [...] One funny meme isn't going to destroy the planet, of course, but the millions stored, unused, in people's camera rolls does have an impact, he explained: "The one picture isn't going to make a drastic impact. But of course, if you maybe go into your own phone and you look at all the legacy pictures that you have, cumulatively, that creates quite a big impression in terms of energy consumption." Since we're paying to store data in the cloud, cloud operators and tech companies have a financial incentive to keep people from deleting junk data, says Hodgkinson. He recommends people send fewer pointless emails and avoid the "dreaded 'reply all' button."

"One [figure] that often does the rounds is that for every standard email, that equates to about 4g of carbon. If we then think about the amount of what we mainly call 'legacy data' that we hold, so if we think about all the digital photos that we have, for instance, there will be a cumulative impact."

Apple has threatened to remove crowdfunding app Patreon from the App Store if creators continue to use unsupported third-party billing options or disable transactions on iOS, instead of using Apple's own in-app purchasing system. From a report: In a blog post and email to Patreon creators about upcoming changes to membership in the iOS app, the company says it's begun a 16-month-long migration process to move all creators to Apple's subscription billing by November 2025. Patreon also informed creators it will switch them over to subscription billing as of November 2024, but they will be able to decide whether to price their memberships at a higher fee to cover Apple's commission or decide if they want to absorb the fee themselves. In addition, creators can opt to delay the migration in their Patreon settings to November 2025, the company said. However, if creators choose the latter option, they won't be able to offer memberships in the iOS app until they adopt Apple's subscription billing, as Apple rules will apply as of this November.

A co-founder of transparency activism organization Distributed of Denial of Secrets (DDoSecrets) was a dark web drug kingpin who ran the successor to the infamous Silk Road marketplace and was later convicted of child abuse imagery crimes. From a report: The co-founder was Thomas White, who was prosecuted for administering the Silk Road 2.0 drug marketplace and for possessing images of child sexual abuse material. He decided to reveal his involvement in DDoSecrets to 404 Media after serving a five year prison sentence. "I was told, in no uncertain terms, that if I spoke out publicly against Ross Ulbricht's excessive sentence, [DDoSecrets] or anything similar, that I would spend much more time in prison," he said. "Now I can freely speak again, it is important to use it or lose it. So #FreeRoss."

The news provides more insights into the origins of DDoSecrets, which has filled the void left by Wikileaks to become the most significant site publishing massive data dumps at this time. The other co-founder is Emma Best, who for years has archived, cataloged, and distributed large amounts of hacked information online. "Emma and I have been communicating for many years, and both know the difficulty in finding and verifying leaked material. It was a shared vision to make this process easier for people better placed than ourselves, to use the data to counteract the veil of secrecy protecting many bad actors in society," White told 404 Media in an email in July.

Mozilla's interim CEO Laura Chambers "says the company is reinvesting in Firefox after letting it languish in recent years," reports Fast Company, "hoping to reestablish the browser as independent alternative to the likes of Google's Chrome and Apple's Safari.

"But some of those investments, which also include forays into generative AI, may further upset the community that's been sticking with Firefox all these years..." Chambers acknowledges that Mozilla lost sight of Firefox in recent years as it chased opportunities outside the browser, such as VPN service and email masking. When she replaced Mitchell Baker as CEO in February, the company scaled back those other efforts and made Firefox a priority again. "Yes, Mozilla is refocusing on Firefox," she says. "Obviously, it's our core product, so it's an important piece of the business for us, but we think it's also really an important part of the internet."

Some of that focus involves adding features that have become table-stakes in other browsers. In June, Mozilla added vertical tab support in Firefox's experimental branch, echoing a feature that Microsoft's Edge browser helped popularize three years ago. It's also working on tab grouping features and an easier way to switch between user profiles. Mozilla is even revisiting the concept of web apps, in which users can install websites as freestanding desktop applications. Mozilla abandoned work on Progressive Web Apps in Firefox a few years ago to the dismay of many power users, but now it's talking with community members about a potential path forward.

"We haven't always prioritized those features as highly as we should have," Chambers says. "That's been a real shift that's been very felt in the community, that the things they're asking for . . . are really being prioritized and brought to life."
Firefox was criticized for testing a more private alternative to tracking cookies which could make summaries of aggregated data available to advertisers. (Though it was only tested on a few sites, "Privacy-Preserving Attribution" was enabled by default.) But EFF staff technologist Lena Cohen tells Fast Company that approach was "much more privacy-preserving" than Google's proposal for a "Privacy Sandbox." And according to the article, "Mozilla's system only measures the success rate of ads — it doesn't help companies target those ads in the first place — and it's less susceptible to abuse due to limits on how much data is stored and which parties are allowed to access it." In June, Mozilla also announced its acquisition of Anonym, a startup led by former Meta executives that has its own privacy-focused ad measurement system. While Mozilla has no plans to integrate Anonym's tech in Firefox, the move led to even more anxiety about the kind of company Mozilla was becoming. The tension around Firefox stems in part from Mozilla's precarious financial position, which is heavily dependent on royalty payments from Google. In 2022, nearly 86% of Mozilla's revenue came from Google, which paid $510 million to be Firefox's default search engine. Its attempts to diversify, through VPN service and other subscriptions, haven't gained much traction.

Chambers says that becoming less dependent on Google is "absolutely a priority," and acknowledges that building an ad-tech business is one way of doing that. Mozilla is hoping that emerging privacy regulations and wider adoption of anti-tracking tools in web browsers will increase demand for services like Anonym and for systems like Firefox's privacy-preserving ad measurements. Other revenue-generating ideas are forthcoming. Chambers says Mozilla plans to launch new products outside of Firefox under a "design sprint" model, aimed at quickly figuring out what works and what doesn't. It's also making forays into generative AI in Firefox, starting with a chatbot sidebar in the browser's experimental branch.
Chambers "says to expect a bigger marketing push for Firefox in the United States soon, echoing a 'Challenge the default' ad campaign that was successful in Germany last summer. Mozilla's nonprofit ownership structure, and the idea that it's not beholden to corporate interests, figures heavily into those plans."

CNN reports: Former President Donald Trump's campaign said Saturday in a statement that it had been hacked.

Politico reported earlier Saturday that it had received emails from an anonymous account with documents from inside Trump's campaign operation. "These documents were obtained illegally from foreign sources hostile to the United States, intended to interfere with the 2024 election and sow chaos throughout our Democratic process," Trump campaign spokesperson Steven Cheung said in a statement to CNN.

Cheung pointed to a recent report published by Microsoft that said Iranian operatives had ramped up their attempts to influence and monitor the US presidential election by creating fake news outlets targeting liberal and conservative voters and by trying to hack an unnamed presidential campaign... Still, it's not clear whether Iran was responsible for the hack. CNN has reached out to the Iranian mission to the United Nations for comment...

Politico reported it had received emails that contained internal communications from a senior Trump campaign official and a [271-page] research dossier the campaign had put together on Trump's running mate, Ohio Sen. JD Vance. The dossier included what the Trump campaign identified as Vance's potential vulnerabilities...

In 2016, days before the Democratic National Convention, WikiLeaks published nearly 20,000 emails from the Democratic National Committee server.

An anonymous reader quotes a report from Ars Technica: Back in July 2022, when mobile app metrics firm Branch acquired the popular and well-regarded Nova Launcher for Android, the app's site put up one of those self-directed FAQ posts about it. Under the question heading "What does Branch want with Nova?," Nova founder and creator Kevin Barry started his response with, "Not to mess it up, don't worry!" Branch (formerly/sometimes Branch Metrics) is a firm concerned with helping businesses track the links that lead into their apps, whether from SMS, email, marketing, or inside other apps. Nova, with its Sesame Search tool that helped users find and access deeper links -- like heading straight to calling a car, rather than just opening a rideshare app -- seemed like a reasonable fit. Barry wrote that he had received a number of acquisition offers over the years, but he didn't want to be swallowed by a giant corporation, an OEM, or a volatile startup. "Branch is different," he wrote then, because they wanted to add staff to Nova, keep it available to the public, and mostly leave it alone.

Two years later, Branch has left Nova Launcher a bit too alone. As documented on Nova's official X (formerly Twitter) account, and transcripts from its Discord, as of Thursday Nova had "gone from a team of around a dozen people" to just Barry, the founder, working alone. The Nova cuts were part of "a massive layoff" of purportedly more than 100 people across all of Branch, according to now-former Nova workers. Barry wrote that he would keep working on Nova, "However I have less resources." He would need to "cut scope" on an upcoming Nova release, he wrote. Other employees noted that customer support, marketing, and even correspondence would likely be strained or disappear. "While Nova is not dead (despite mine and others' eulogistic tones), it's certainly not positioned to launch bold new features or plot new futures," writes Ars' Kevin Purdy, in closing. "Here's hoping Barry can make a go of Nova Launcher for as long as it's viable for him."

Security researcher Grant Smith uncovered a large-scale smishing scam where scammers posing as the USPS tricked victims into providing their credit card details through fake websites. Smith hacked into the scammers' systems, gathered evidence, and collaborated with the USPS and a US bank to protect over 438,000 unique credit cards from fraudulent activity. Wired reports: The flood of text messages started arriving early this year. They carried a similar thrust: The United States Postal Service is trying to deliver a parcel but needs more details, including your credit card number. All the messages pointed to websites where the information could be entered. Like thousands of others, security researcher Grant Smith got a USPS package message. Many of his friends had received similar texts. A couple of days earlier, he says, his wife called him and said she'd inadvertently entered her credit card details. With little going on after the holidays, Smith began a mission: Hunt down the scammers. Over the course of a few weeks, Smith tracked down the Chinese-language group behind the mass-smishing campaign, hacked into their systems, collected evidence of their activities, and started a months-long process of gathering victim data and handing it to USPS investigators and a US bank, allowing people's cards to be protected from fraudulent activity.

In total, people entered 438,669 unique credit cards into 1,133 domains used by the scammers, says Smith, a red team engineer and the founder of offensive cybersecurity firm Phantom Security. Many people entered multiple cards each, he says. More than 50,000 email addresses were logged, including hundreds of university email addresses and 20 military or government email domains. The victims were spread across the United States -- California, the state with the most, had 141,000 entries -- with more than 1.2 million pieces of information being entered in total. "This shows the mass scale of the problem," says Smith, who is presenting his findings at the Defcon security conference this weekend and previously published some details of the work. But the scale of the scamming is likely to be much larger, Smith says, as he didn't manage to track down all of the fraudulent USPS websites, and the group behind the efforts have been linked to similar scams in at least half a dozen other countries.

ADT confirmed this week that it was recently hacked, compromising some customer data. From a report: The home security company did not say when the cyberattack and data breach occurred, but disclosed that the attackers accessed the company's databases containing customer home addresses, email addresses, and phone numbers.

In a brief regulatory filing published late Wednesday, ADT said it has "no reason to believe" that customer home security systems were compromised during the incident, but ADT did not say how it reached that conclusion. The statement said a "small percentage" of customers are affected, but did not provide a more specific number. As of June 2024, ADT said it had six million customers.

"We are getting leaner," said Dell's Bill Scannell and John Byrne in an internal memo to employees on Monday. "We're streamlining layers of management and reprioritizing where we invest." While no official numbers have been confirmed, a source close to the matter told SiliconANGLE that 12,500 layoffs, or about 10% of Dell's worldwide workforce, were planned across the company starting Tuesday. However, that number could be high. "It's unlikely the number is that high because that would typically trigger an SEC filing," said theCUBE Research Chief Analyst Dave Vellante. From the report: Indeed, in February 2023, a 10-K filing with the Securities and Exchange Commission was made for a reduction of about 6,000 employees. The number of new layoffs might become more apparent when Dell files its latest earnings report on Aug. 29, which should show severance and other costs. Dell declined to provide specifics on the layoff. "Through a reorganization of our go-to-market teams and an ongoing series of actions, we are becoming a leaner company," the company said in an email to SiliconANGLE. "We are combining teams and prioritizing where we invest across the company. We continually evolve our business so we're set up to deliver the best innovation, value and service to our customers and partners."

Rumors of layoffs were swirling today on TheLayoff.com website. "Despite whatever person from corporate put in here earlier about this being a 1% layoff, it is in fact larger than that and is hitting services, sales, marketing & engineers," one person said. "Half of my team is gone in marketing and still no coms." Dell has been cutting staff for at least the past year. It laid off a total of 13,000 last year, according to CRN, including the 6,000 in February 2023 and another round in August whose numbers the company didn't specify. The layoffs follow a 15% reduction announced by Intel last week, affecting over 16,000 workers.

A Reddit user discovered the backend prompts for Apple Intelligence in the developer beta of macOS 15.1, offering a rare glimpse into the specific guidelines for Apple's AI functionalities. Some of the most notable instructions include: "Do not write a story that is religious, political, harmful, violent, sexual, filthy, or in any way negative, sad, or provocative"; "Do not hallucinate"; and "Do not make up factual information." MacRumors reports: For the Smart Reply feature, the AI is programmed to identify relevant questions from an email and generate concise answers. The prompt for this feature is as follows: "You are a helpful mail assistant which can help identify relevant questions from a given mail and a short reply snippet. Given a mail and the reply snippet, ask relevant questions which are explicitly asked in the mail. The answer to those questions will be selected by the recipient which will help reduce hallucination in drafting the response. Please output top questions along with set of possible answers/options for each of those questions. Do not ask questions which are answered by the reply snippet. The questions should be short, no more than 8 words. The answers should be short as well, around 2 words. Present your output in a json format with a list of dictionaries containing question and answers as the keys. If no question is asked in the mail, then output an empty list. Only output valid json and nothing else."

The Memories feature in Apple Photos, which creates video stories from user photos, follows another set of detailed guidelines. The AI is instructed to generate stories that are positive and free of any controversial or harmful content. The prompt for this feature is: "A conversation between a user requesting a story from their photos and a creative writer assistant who responds with a story. Respond in JSON with these keys and values in order: traits: list of strings, visual themes selected from the photos; story: list of chapters as defined below; cover: string, photo caption describing the title card; title: string, title of story; subtitle: string, safer version of the title. Each chapter is a JSON with these keys and values in order: chapter: string, title of chapter; fallback: string, generic photo caption summarizing chapter theme; shots: list of strings, photo captions in chapter. Here are the story guidelines you must obey: The story should be about the intent of the user; The story should contain a clear arc; The story should be diverse, that is, do not overly focus the entire story on one very specific theme or trait; Do not write a story that is religious, political, harmful, violent, sexual, filthy or in any way negative, sad or provocative. Here are the photo caption list guidelines you must obey.

Apple's AI tools also include a general directive to avoid hallucination. For instance, the Writing Tools feature has the following prompt: "You are an assistant which helps the user respond to their mails. Given a mail, a draft response is initially provided based on a short reply snippet. In order to make the draft response nicer and complete, a set of question and its answer are provided. Please write a concise and natural reply by modifying the draft response to incorporate the given questions and their answers. Please limit the reply within 50 words. Do not hallucinate. Do not make up factual information."

An anonymous reader quotes a report from TechCrunch: On July 19, Yelp informed select indie developers that they would have to switch to paid accounts, due to high API usage. Developers were given four days to make the change, in a move that echoes recent communication bungles by Reddit and Twitter. When the developers replied to the July 19 email, Yelp sent a deck of pricing tiers with base pricing starting from $229 per month for a limit of 1,000 API calls per day. Developers were concerned that other, more affordable options weren't mentioned in the deck. Yelp said the pricing is equivalent and simply presented in different ways. The method of communication and lack of transparency has angered developers, some of whom shuttered their services, even after Yelp gave them a 90-day leeway and apologized. While the company has issued an apology email to developers and extended their free usage by 90 days, it may not be enough to keep these frustrated developers from moving to new platforms.

"We apologize for last week's abbreviated transition that impacted a small percentage of developers and have extended access to these users," a company spokesperson told TechCrunch. "Yelp sunsetted free, commercial, unlimited use of the Yelp Fusion API in 2019 and has been in the process of migrating developers to a paid program over the last several years. The developer community is important to Yelp, and we've heard their feedback about the transition period from the free Yelp Fusion API to our paid program."

snydeq writes: CSO Online's Evan Schuman reports on a design flaw in Microsoft Authenticator that causes it to often overwrite authentication accounts when a user adds a new one via QR scan. "But because of the way the resulting lockout happens, the user is not likely to realize the issue resides with Microsoft Authenticator. Instead, the company issuing the authentication is considered the culprit, resulting in wasted corporate helpdesk hours trying to fix an issue not of that company's making."

Schuman writes: "The core of the problem? Microsoft Authenticator will overwrite an account with the same username. Given the prominent use of email addresses for usernames, most users' apps share the same username. Google Authenticator and just about every other authenticator app add the name of the issuer -- such as a bank or a car company -- to avoid this issue. Microsoft only uses the username."

The flaw appears to have been in place since Authenticator was released in 2016. Users have complained about this issue in the past to no avail. In its two correspondences with Schuman, Microsoft first laid blame on users, then on issuers. Several IT experts confirmed the flaw, with one saying, "It's possible that this problem occurs more often than anyone realizes because [users] don't realize what the cause is. If you haven't picked an authentication app, why would you pick Microsoft?"

An anonymous reader shares a report: Payments infrastructure firm Infibeam Avenues has acquired a majority 54% stake in Rediff.com for up to $3 million, a dramatic twist of fate for the 28-year-old business that was the first Indian internet firm to list on Nasdaq back in the year 2000.

Founded in 1996, Rediff rode the initial dot-com wave to become one of India's leading web portals, offering email, news, and e-commerce services. At its peak, Rediff was valued at over $600 million on the Nasdaq stock exchange. It also drove some of the largest traffic in India, climbing at least up to the 12th spot, according to brokerage house Jefferies.

A U.S. judge has thrown out a Republican National Committee lawsuit accusing Alphabet's Google of intentionally misdirecting the political party's email messages to users' spam folders. From a report: U.S. District Judge Daniel Calabretta in Sacramento, California, on Wednesday dismissed the RNC's lawsuit for a second time, and said the organization would not be allowed to refile it. While expressing some sympathy for the RNC's allegations, he said it had not made an adequate case that Google violated California's unfair competition law.

The lawsuit alleged Google had intentionally or negligently sent RNC fundraising emails to Gmail users' spam folders and cost the group hundreds of thousands of dollars in potential donations. Google denied any wrongdoing.