In this week’s Cyber Blurbs Roundup, we take a look at the massive outage over at Facebook HQ, a data breach for video game streaming website Twitch, and the next step in user privacy from 1Password.
That Facebook Outage
There was no way we could have gotten through this week’s blog post without mentioning the water cooler conversation everybody was having last week (for those of you who are back in the office, anyway).
We’ll get straight to it: Facebook, along with fellow Facebook, Inc. companies Instagram and WhatsApp, suffered a global outage lasting several hours Monday, Oct. 4. It was equal parts pandemonium and bliss, depending on whom you ask. Where companies that profit from the social media platform struggled to push their products and services to target audiences, average users found peace in the silence they don’t often afford themselves.
Facebook says the outage was rooted in configuration changes gone wrong, with said changes impacting the way its data centers coordinated network traffic. Per KrebsOnSecurity, this is essentially Facebook accidentally eliminating the map used by other computers to locate Facebook and its subsidiary companies.
“Our engineering teams have learned that configuration changes on the backbone routers that coordinate network traffic between our data centers caused issues that interrupted this communication,” Facebook wrote in a statement. “This disruption to network traffic had a cascading effect on the way our data centers communicate, bringing our services to a halt.”
The company also stated that, despite some reports of a data breach, the outage was not the result of a hack.
“We want to make clear that there was no malicious activity behind this outage — its root cause was a faulty configuration change on our end,” the statement read. “We also have no evidence that user data was compromised as a result of this downtime.”
The outage also forced an impromptu day off for Facebook HQ, with the error also resulting in a big hit to the company’s internal communication tools, according to The New York Times.
The outage comes just two years after the company suffered a similar fate for nearly 24 hours in 2019. That downtime was also the result of server configuration errors.
P.s. Just as we were wrapping this section up, Facebook appeared to undergo another outage Friday, Oct. 8 — although it does appear to be a smaller outage in nature.
That Twitch Leak
It was not a good week for Twitch. Known as the premier site for video game streamers, Twitch was the victim of a massive data breach, resulting in about 125GB worth of user and company data going up for grabs. Posted on anonymous social media platform 4chan, the user responsible is said to have leaked source code and user payout data (with the latter likely to prompt some of you to run out and get your kids the latest gaming hardware).
According to Twitch, the following was among the data included in the leak:
Three years’ worth of Twitch creator payout data
Source code for desktop, mobile, and video game clients
Code linked to proprietary SDKs and AWS services
Information related to an Amazon Game Studios project
Internal security measures
The company states that user login credentials are not associated with this leak, but it’s never a bad idea to update some of those security measures. You know, just in case.
The 4chan user stated that this was merely “part one” of the leak, promising a cascade of details in the future.
1Password’s Hide My Email Feature
Now for some good news — albeit a few weeks late.
1Password, one of the more reputable password managers in the industry, recently announced the next stage of user privacy for its platform. Known for providing randomized passwords — as well as a vault to store all those passwords — unique to each and every user account a person may have, 1Password announced a partnership with Fastmail to provide users with randomly generated email addresses as well.
“Your email address is your online identity,” Fastmail CEO Bron Gondwana stated. “If your credentials are compromised in a data breach, having a randomly generated email address adds a second line of defense because it can’t be associated with your primary email address, and therefore, your identity.”
Similar services already exist on Gmail, although 1Password and Fastmail go a bit further by making it downright impossible for hackers to determine your actual email address.
Password managers are useful in the event of a) a data breach, and b) reused passwords. Beacon Cloud’s Edel Marcelino previously went into great detail on why you should consider using a password manager, but here’s the gist of it: Reusing passwords is as common as it is unsafe, with a 2019 Google survey stating more than half of all users questioned admitted to reusing passwords across multiple accounts.
The issue lies in the potential of a data breach — something users have zero control over. Data breaches often result in leaked login credentials, and if those credentials are used across multiple accounts, hackers suddenly have access to more than just one account. Password managers prevent that by generating randomized passwords locked behind just one strong password users must remember. 1Password aims to prevent it even further by offering malicious actors nothing — not even email addresses — for their troubles.
