Top infosec trends in the social media spotlight this week
Last Friday, Marriott hotels broke the news that up to 500 million guests could have had their data swiped in a four-year long leak of Starwood Hotel reservation lists.
As expected, the disclosure dominated headlines – and not just because of the monumental number of victims.
It also sparked conversation concerning the way the hospitality industry protects, or doesn’t protect, its customers’ data.
Hotels worldwide require a deposit for a room and will hold the guests’ card details in case they need to claim money back.
In the US, hotel staff regularly swipe the cards rather than using the more-secure chip and PIN (EMV) methods, despite the migration away from swipe and sign.
Starwood, which was acquired by Marriott in 2015, is just one in a long line of hotels to have suffered huge data breaches.
This latest mega-breach has seen US lawmakers call for tougher rules for companies to prevent large-scale data leaks.
“We must pass laws that require data minimization, ensuring companies do not keep sensitive data that they no longer need,” commented Senator Mark R Warner.
Senator Edward J Markey added: “Checking in to a hotel should not mean checking out of privacy and security protections.
“It’s time for Congress to pass comprehensive consumer privacy and data security legislation that requires companies to adhere to strong data security standards, directs them to only collect the data they actually need to service their customer, and creates penalties for companies that fail to meet them.”
Chances are, you’ve heard of the social media subset dubbed ‘YouTubers’. And chances also are that you’ll recognize one of the biggest stars PewDiePie.
Last week, the Swedish video blogger, who shot to fame with his Let’s Play gaming clips, faced down Indian channel T-Series to retain his title as the YouTuber with the most subscribers.
To help his bid, a fan known as ‘Hacker Giraffe’ hacked 50,000 open printers, forcing them to print a message of support for PewDiePie.
The hacker, whose real identity isn’t known, was able to carry out the hack on November 29 after targeting insecure internet-connected printers which hadn’t been updated and had their security settings open.
The hack seems to have inspired a questionable business model from a company or individual peddling advertising via unsecured printers.
The unidentified user claims to be able to reach “every single printer in the world” – a hyperbolic statement that’s probably not worth the printer ink it isn’t written on.
President Donald Trump’s attorney and cybersecurity advisor Rudy Giuliani accused Twitter of “allowing” one of his tweets to be “hacked” with anti-Trump messages this week.In a tweet dated November 30, Giuliani mistyped a message regarding the G-20, instead typing G-20.in – a valid domain swiftly snapped up by a prankster.According to reports, web designer Jason Velazquez was behind the stunt. After purchasing the domain, he filled the page with the message: “Donald J. Trump is a traitor to our country”.cybersecurity advisor.
Mozilla had faded into the background this week.But staff at the company’s Mozlando conference (in, yes, Orlando) were trapped on buses surrounded by alligators during a trip to the NASA Space Center.