Top infosec trends in the social media spotlight this week

Last Friday, Marriott hotels broke the news that up to 500 million guests could have had their data swiped in a four-year long leak of Starwood Hotel reservation lists.

As expected, the disclosure dominated headlines – and not just because of the monumental number of victims.

It also sparked conversation concerning the way the hospitality industry protects, or doesn’t protect, its customers’ data.

Hotels worldwide require a deposit for a room and will hold the guests’ card details in case they need to claim money back.

In the US, hotel staff regularly swipe the cards rather than using the more-secure chip and PIN (EMV) methods, despite the migration away from swipe and sign.

Starwood, which was acquired by Marriott in 2015, is just one in a long line of hotels to have suffered huge data breaches.

This latest mega-breach has seen US lawmakers call for tougher rules for companies to prevent large-scale data leaks.

“We must pass laws that require data minimization, ensuring companies do not keep sensitive data that they no longer need,” commented Senator Mark R Warner.

Senator Edward J Markey added: “Checking in to a hotel should not mean checking out of privacy and security protections.

“It’s time for Congress to pass comprehensive consumer privacy and data security legislation that requires companies to adhere to strong data security standards, directs them to only collect the data they actually need to service their customer, and creates penalties for companies that fail to meet them.”

Chances are, you’ve heard of the social media subset dubbed ‘YouTubers’. And chances also are that you’ll recognize one of the biggest stars PewDiePie.

Last week, the Swedish video blogger, who shot to fame with his Let’s Play gaming clips, faced down Indian channel T-Series to retain his title as the YouTuber with the most subscribers.

To help his bid, a fan known as ‘Hacker Giraffe’ hacked 50,000 open printers, forcing them to print a message of support for PewDiePie.

The hacker, whose real identity isn’t known, was able to carry out the hack on November 29 after targeting insecure internet-connected printers which hadn’t been updated and had their security settings open.

The hack seems to have inspired a questionable business model from a company or individual peddling advertising via unsecured printers.

The unidentified user claims to be able to reach “every single printer in the world” – a hyperbolic statement that’s probably not worth the printer ink it isn’t written on.

President Donald Trump’s attorney and cybersecurity advisor Rudy Giuliani accused Twitter of “allowing” one of his tweets to be “hacked” with anti-Trump messages this week.

In a tweet dated November 30, Giuliani mistyped a message regarding the G-20, instead typing – a valid domain swiftly snapped up by a prankster.

According to reports, web designer Jason Velazquez was behind the stunt. After purchasing the domain, he filled the page with the message: “Donald J. Trump is a traitor to our country”.

Giuliani hysterically clapped back, accusing Twitter of enabling Velazquez to insert the hyperlink into his tweet.

He attempted to back up his argument by referencing another typo (Helsinki.Either) which did not create a hyperlink – because .Either isn’t a valid domain.

You’d think Giuliani would know this, being the President’s cybersecurity advisor.

Perhaps not.

Microsoft announced it is rebuilding its Edge browser to run on open source engine Chromium, which also powers Google Chrome.

The move, which was rumored on December 3, was confirmed by bosses on Thursday, who said that it will improve web compatibility and make Edge “better” across diverse platforms.

You can read more about the move here.

Needless to say, the security community had a lot to say on the topic.

But the reaction wasn’t all bad, as Edge fans praised the development – with one even claiming it was “Christmas come early”.

Finally, with all the noise surrounding Microsoft and Google, you’d think Mozilla had faded into the background this week.

But staff at the company’s Mozlando conference (in, yes, Orlando) were trapped on buses surrounded by alligators during a trip to the NASA Space Center.

“This is not a metaphor”.

Luckily for Firefox fans, the stranded employees made it out of the trip safe and well.