Cyber Blurbs: Acer Hit With Second Attack of 2021

In this week’s Cyber Blurbs Roundup, we take a look at the latest hit against Acer, 1Password’s latest steps in securing your login credentials, and a convenient yet controversial way of paying for the subway out in Moscow.

Acer Suffers Another Cyber Attack

Acer has been hit again, suffering its second cyber attack since March of this year. The company confirmed its offices in India were the victim of a cyber attack, stating that 60GB of data were stolen after its servers were penetrated. The Desorden Group has claimed responsibility for the attack.

"Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems," an Acer spokesperson said (h/t ZDNet). "We are notifying all potentially affected customers in India. The incident has been reported to local law enforcement and the Indian Computer Emergency Response Team, and has no material impact to our operations and business continuity." 

The Desorden Group recently told ZDNet that it no longer had access to Acer’s India servers, though it was not clear if a ransom was paid. A ransom demand may have been omitted altogether given Acer’s historic reluctance to pay (more on that in a bit), prompting the cybercriminal group to hit the web with its cache of customer data. Desorden is said to have released data belonging to 10,000 Acer customers as proof of its attack. The group is believed to have data belonging to millions of Acer users. 

Acer was first hit with a 2021 ransomware attack in March, with notorious ransomware group REvil demanding $50 million to relinquish control of the company’s data. Acer reportedly offered $10 million, though that offer was said to be rejected. 

1Password Psst PW Sharing

All right, one thing to get out of the way before we applaud the folks over at 1Password for the second week in a row: They are not a sponsor of this blog, nor do we have a link to the company in any way. We actually use LastPass here at BCS, for whatever that’s worth.

Now onto the good stuff. Last week we wrote about 1Password’s partnership with Fastmail to provide its users with randomly generated email addresses — a measure to prevent hackers from acquiring any usable login credentials in the event of a data breach. This week, 1Password announced Psst! (Password Secure Sharing Tool), a new feature aimed at preventing users from sharing exact passwords with other people.

The thought behind the feature is rooted in the way users typically share login credentials. Where 1Password users can easily store shared login information in a shared folder for other associated 1Password accounts to access, sharing login details with those outside of their organization or family plan can get pretty sloppy. It often requires users to manually copy and paste the email address and randomized password with another user via email or text. That’s, suffice it to say, not good.

Psst! allows 1Password users to share login credentials with anybody — including non-1Password users — through a generated link containing non-viewable login information. Users can configure the link to define who is allowed to use it (via email), how long it remains active, and how many times a user can view the link before it expires. 

"Having the ability to share passwords and other credentials outside of a business or family has been one of our most highly-requested features, and I’m very excited by today’s launch of Psst! as it helps keep everyone, not just 1Password customers, safe online,” 1Password CEO Jeff Shiner wrote in a statement. “Crossing the 100,000 business customers mark is a clear indication that businesses understand the need to safeguard their passwords and other sensitive information online."

Moscow Launches Facial Recognition Metro Payments

Moscow announced the launch of “Face Pay” last Friday in what officials are claiming to be the “largest use of facial recognition technology in the world,” according to The Guardian. But there’s a bit of a catch: The facial recognition tech relies exclusively on photographs stored on Mosmetro’s servers, prompting many privacy advocates to sound the alarms.

Riders will need to upload a photo, along with some payment information, onto Mosmetro’s mobile app. This will allow the facial recognition at more than 240 Mosmetro stations to take a quick scan of the rider’s face to activate the turnstiles. Images provided by Mosmetro indicate that scans will also work while wearing masks (or at least the “oops my nose is sticking out” variation of wearing masks).

It has all the makings of a convenient and utopian way of paying for public transit, until you stop and think just how these images may potentially be used in the future. 

“This is a dangerous new step in Russia’s push for control over its population. We need to have full transparency on how this application will work in practice,” digital rights advocate Stanislav Shakirov told The Guardian. “The Moscow metro is a government institution and all the data can end up in the hands of the security services.”

It’s similar (ish) to what Amazon has been proposing for a few years now with Amazon One, dreaming of a future where customers need only scan their palms to pay for goods inside of its brick and mortar stores.

RECENT POSTS

Featured
Cyber Blurbs: Google's Phone Service to Support E2EE
Cyber Blurbs: Google's Phone Service to Support E2EE
Cyber Blurbs: iPhone Privacy Policy Still Allows for Tracking
Cyber Blurbs: iPhone Privacy Policy Still Allows for Tracking
Cyber Blurbs: Please Update Your iPhone
Cyber Blurbs: Please Update Your iPhone

Get in Touch

Phone: 619.537.7511  |  Fax: 619.377.7452