Facebook reported this week that 50-90 million user accounts were hacked or compromised through three bugs in their interface that would allow a hacker to bypass password challenges through a stolen access token, video downloader access. Facebook says they have fixed the bug and made access tokens unusable for the 90 million compromised accounts. So if you had to re-log in this week, chances are that your account was compromised. Leo also says this is a good time to change your password and turn on 2 Factor Authentication in your Facebook settings.
Linda thinks her email accounts on Google and Yahoo have been hacked. She tried to log in, and it says "account no longer exists." What can she do? Rich says she may or may not have luck recovering it because Google has billions of accounts, and there's no deal tech support. Here's a good place to start to recover her account: https://support.google.com/accounts/answer/7682439?hl=en.
Mike's personal laptop was hacked by someone at work. He also believes that person is stalking him. Leo says that from a technological point of view, it would be wise to wipe the PC completely and reinstall Windows. But he'd also recommend contacting the police.
Karen's computer got taken over by a scammer who convinced her that he was from AOL when she was having trouble with her account. Leo says that gaining control of her computer remotely likely gave him that control and the only thing she can do is backup her data, format her hard drive, and reinstall windows from a known, good source. If one needs help from AOL, contact them directly here - https://help.aol.com/products/new-aol-desktop
There's a new attack that has been affecting ATMs around the world, and it's called "Jackpotting." It causes ATMs to dispense all of its cash. Hackers are using endoscopes to gain access to the interior of an ATM in order to connect to it and hack into the ATM's Windows XP operating system. Then, the once the malware is installed, a remote command is given to spew out 40 bills every 23 seconds.
Brad accidentally downloaded some malware, but he can't find it to remove it. Leo says downloading a file is only half the equation. He then would have to run it. Since he can't find it, even in his download log, it's likely it was a failed download. On top of that, Brad runs a Mac, so he's even more secure than Windows. But he should always make sure he keeps his computer updated, just in case.
Mike's Coinbase Bitcoin wallet has a corrupted IP address to it and he's worried his wallet has been hacked. Leo says he can't have two IP addresses on an account. Leo says that the ISP may be at fault here and Mike should log into his Coinbase wallet and make a screenshot of the error messages. Then he should contact his ISP and show them the evidence. They need to fix it. Leo also says he should change his Coinbase password just in case. It's possible something nefarious is afoot.
The website that Equifax set up to allow people to see if their personal data had been compromised by hackers has been found to be filled with more malware. Even worse, your salary history has also been compromised. Learn more about it at krebsonsecurity.com.
A new bill being proposed would allow computer users to hack back any hackers that strike them. This will give them the ability to destroy any data stolen from them, as well as giving a little digital pay back. Leo says that it's hard to know where the attack is coming from and you could make matters worse for some innocent person who was also hacked, with their computers and email addresses used as an alias for the real hacker. He also says this is asking for trouble because hackers are far more sophisticated than their victims.
Equifax was recently hacked and over 143 million people had their credit information stolen. Even worse, Equifax executives sat on the news for five weeks while many executives sold stock before it would tank. Leo says that this was insider trading plain and simple. Equifax has a higher duty to protect user credit information because we are required to have our credit monitored. They had one job: Protect the data that they gathered without our permission.