Top infosec trends in the social media spotlight this week

Troy Hunt, creator of Have I Been Pwned? and infosec celeb, revealed this week that he is looking to sell the website.

Hunt created the database back in 2013 as a side project intended to notify people if their credentials have been breached.

After momentous growth, he told followers in a blog post this week that the site is officially up for acquisition.

Hunt’s well-wishers flooded Twitter, thanking him for his invaluable service in the fight against cybercriminals.

Which just leaves the question: who will take on the project? Microsoft and Mozilla – both of which have previously collaborated with Hunt – were just two of the names thrown into the online gossip ring, though at the time of writing no buyer has been confirmed.

One of the biggest stories this week was the Telegram cyber-attack, which resulted in the secure messaging app being knocked offline for users worldwide.

A “powerful” distributed denial-of-service (DDoS) attack disrupted communications for around an hour, the company said.

Telegram founder Pavel Durov claimed on Twitter that most of the assaults, which happened during protests in Hong Kong, came from China.

Others accused the Chinese government of launching the DDoS in lieu of being able to censor the protestors.

Residents are currently demonstrating against the Hong Kong government’s plan to allow extradition to mainland China.

A post-mortem on the DDoS has yet to be released.

All eyes were on Facebook after a creepy ‘deep fake’ video of Mark Zuckerberg appeared on Instagram, testing the limits of its policies.

In the clip, an AI-generated Zuck boasts how he is in control of billions of people’s stolen data – awkward, given the Cambridge Analytica fallout.

Facebook previously declared it would not remove manipulated videos, after a doctored viral clip of White House speaker Nancy Pelosi acting ‘drunk’ was deemed acceptable to remain online.

The Zuck deep fake is currently still available on Instagram, which is owned by Facebook, The Daily Swig can confirm, but for how long?

Spanish soccer league La Liga was fined €250,000 ($280,000) for a GDPR violation after its mobile app was caught accessing users’ microphones to expose illegal match streaming.

The La Liga app – used to keep track of games and stats – recorded audio to identify whether a bar or pub was showing a league game.

It then matched up the location using GPS and determined whether the premises had paid for the appropriate license, handing out fines for establishments that were streaming games illegally.

The league claims it notified users of its intentions, and it did indeed explain the process in its terms and conditions.

But the Spanish data protection authorities ruled that La Liga didn’t make this clear enough, handing down the penalty and ordering the app to be taken offline by June 30.

La Liga is appealing the decision, claiming that the agency doesn’t understand the tech behind the application.

Finally, Radiohead had the last laugh after the band thwarted a cybercriminal’s attempt to hold stolen rare recordings to ransom.

An unnamed actor took around 16 hours of previously-unreleased material in a hack, holding it to ransom for $150,000.

The songs were intended for their 1997 album OK Computer.

Radiohead followed the generally accepted advice that victims should never bow to cybercrooks’ demands.

Instead Thom York & Co. promptly released the album online, with all proceeds going to climate change charity Extinction Rebellion.

Hail to the thief? Not this time…