Wave Systems Corp. (fka WAVXQ)

[Genz2]

Private messages from 81,000 hacked Facebook accounts for sale

https://www.bbc.com/news/technology-46065796

Hackers appear to have compromised and published private messages from at least 81,000 Facebook users' accounts.

The perpetrators told the BBC Russian Service that they had details from a total of 120 million accounts, which they were attempting to sell, although there are reasons to be sceptical about that figure.

Facebook said its security had not been compromised.

And the data had probably been obtained through malicious browser extensions.

Facebook added it had taken steps to prevent further accounts being affected.

The BBC understands many of the users whose details have been compromised are based in Ukraine and Russia. However, some are from the UK, US, Brazil and elsewhere.

The hackers offered to sell access for 10 cents (8p) per account. However, their advert has since been taken offline.

"We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores," said Facebook executive Guy Rosen.

"We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts."

Intimate correspondence

The breach first came to light in September, when a post from a user nicknamed FBSaler appeared on an English-language internet forum.

"We sell personal information of Facebook users. Our database includes 120 million accounts," the user wrote.

?Facebook fined £500,000 for Cambridge Analytica scandal
?Facebook hack victims will not get ID theft protection
?Is Facebook's News Feed fading?

The cyber-security company Digital Shadows examined the claim on behalf of the BBC and confirmed that more than 81,000 of the profiles posted online as a sample contained private messages.

Data from a further 176,000 accounts was also made available, although some of the information - including email addresses and phone numbers - could have been scraped from members who had not hidden it.

The BBC Russian Service contacted five Russian Facebook users whose private messages had been uploaded and confirmed the posts were theirs.

One example included photographs of a recent holiday, another was a chat about a recent Depeche Mode concert, and a third included complaints about a son-in-law.

There was also an intimate correspondence between two lovers.

One of the websites where the data had been published appeared to have been set up in St Petersburg.

Its IP address has also been flagged by the Cybercrime Tracker service. It says the address had been used to spread the LokiBot Trojan, which allows attackers to gain access to user passwords.


Presentational grey line
Who should be blamed?

Personal shopping assistants, bookmarking applications and even mini-puzzle games are all on offer from various browsers such as Chrome, Opera and Firefox as third-party extensions.

The little icons sit alongside your URL address bar patiently waiting for you to click on them.

According to Facebook, it was one such extension that quietly monitored victims' activity on the platform and sent personal details and private conversations back to the hackers.

Facebook has not named the extensions it believes were involved but says the leak was not its fault.

Independent cyber-experts have told the BBC that if rogue extensions were indeed the cause, the browsers' developers might share some responsibility for failing to vet the programs, assuming they were distributed via their marketplaces.

But the hack is still bad news for Facebook.

The embattled network has had a terrible year for data security and questions will be asked about whether it is proactive enough in responding to situations like this that affect large numbers of people.

The BBC Russian Service emailed the address listed alongside the hacked details, posing as a buyer interested in buying two million accounts' details.

The advertiser was asked whether the breached accounts were the same as those involved in either the Cambridge Analytica scandal or the subsequent security breach revealed in September.

A reply in English came from someone calling themself John Smith.

He said that the information had nothing to do with either data leak.

He claimed that his hacking group could offer data from 120 million users, of whom 2.7 million were Russians.

But Digital Shadows told the BBC that this claim was doubtful because it was unlikely Facebook would have missed such a large breach.

John Smith did not explain why he had not advertised his services more widely.

And when asked whether the leaks were linked to the Russian state or to the Internet Research Agency - a group of hackers linked to the Kremlin - he replied: "No."
=================================================================
Scrambls Introduces Secure Personal Sharing Across Social Networks & Websites

Users Regain Control over Personal Content when Posting Online

https://www.wavesys.com/buzz/pr/scrambls-introduces-secure-personal-sharing-across-social-networks-websites

Palo Alto, CA -

May 2, 2012 -

Today, scrambls launched as a free service empowering users to control and protect the messages they post to the web. Scrambls works on all of the most popular social media sites by means of a simple, yet secure web browser plug-in. It gives everyone the ability to share private communications online, and establishes personal control of every tweet, blog post or status update.

To scrambl messages, you simply enable scrambls in your browser to encode part or all of a message before it’s instantly uploaded to your favorite social media site. The cloud gets only scrambld content. You select the individuals or groups that can see the message in clear text on their devices. Friends just need to add scrambls to their own browser and messages will look the same as usual for them. Anyone else that was not approved to read the post will see only scrambld text.

“Greater control enables greater use of social media,” said Michael Sprague, scrambls co-creator. “Post confidently, knowing your boss won’t see messages meant for high school friends, and permanent records of what you say online won’t come back to haunt you in the future.”

Scrambls makes sharing content simple, safe and fun, while establishing lasting control for everything written and shared online. When entering status updates, tweets, blog posts and more, scrambls empowers you not only with the ability to choose who can see your postings—but also when messages appear, for how long and much more. And if you post something and then change your mind, you can even take it back simply by changing the groups or individuals permitted to read that post. Scrambld messages truly remain private because online services can’t read or scan the data of every post.

Scrambls helps users safeguard their privacy while protecting the huge investment in time and personal effort that goes into building a social reputation, so it’s possible to have older posts remain on a social media site, but altered to be only accessible by your family or close friends.

Get Started with Scrambls
Anyone can start using scrambls today by downloading the plug-in from www.scrambls.com, and choosing the version that works with your preferred web browser. Once installed, a switch will appear in your browser, allowing you to choose the individuals or groups that can read your posts—just select the group from a drop-down list. Then type as you usually would in any website, and the content is automatically scrambld on your device before it is uploaded to the site you are on.

To see what scrambld messages look like, view the short startup video here.

Social media providers can augment the privacy and security of their services with scrambls, and application developers can build scrambls into their own solutions as well. Along with the launch of the service, scrambls is releasing a software developer kit (SDK) to enable third-party apps and sites to integrate scrambls. Businesses can leverage the SDK to incorporate scrambls into their existing corporate policy services.

About Scrambls
Scrambls is a service developed by Wave Systems Corp. (NASDAQ: WAVX) that makes online sharing simple and safe. All you need is the scrambls plug-in added to your browser toolbar. You can make any post private with just one click, even if you’re publishing to different groups of contacts spread across multiple social networks. Scrambls lets you decide what the privacy policy will be for each post that you share. Scrambls makes online sharing smarter, with control over what you are sharing and whom you are sharing it with.