Everyone is looking at Lizard Squad, who hacked Xbox as well as Lenovo. They’ve got previous with Twitch as well, when they carried out a DDoS attack, which was only resolved when (get this) four Twitter users gave in to the Squad’s demands to post selfies with “Lizard Squad” daubed on their foreheads.
However, this latest hack doesn’t look like the handiwork of Lizard Squad because, mainly, they crow about their actions very readily and they’re not really about stealing personal information, which is what’s happened here.
It appears that login details, passwords and some credit card information has been stolen in this particular hack. Twitch themselves have confirmed the hack, saying that all users will be forced to reset their passwords. They said: “For your protection, we have expired passwords and stream keys and have disconnected accounts from Twitter and YouTube. As a result, you will be prompted to create a new password the next time you attempt to log into your Twitch account.”
There’s no word on just how many people have been affected by this, but seeing as Twitch has over 45 million monthly viewers and in advance of 1 million people streaming videos, it is likely that this’ll be a large number of people who have had their security breached.
Twitch say that they’ve warned users and told them that the information that may have been swiped includes usernames, email addresses, the IP addresses from where people last logged in, credit card types, truncated card numbers and expiration dates, first and last names, phone numbers, home addresses, and dates of birth.
If you’re a Twitch user, it’d be worth changing the password for any sites you use that has a similar password to the one you use with this lot.
Another day, another attack on people using gadgets to get on the internet. This time, something called Freak Attack (which sounds like an ace ’80s horror b-movie) is causing a headache for users of Android and Apple devices.
The good news is that there are no reports of this weakness being exploited (yet) and that the relevant companies are working quickly to shore up the flaw… but where has all this come from? Well, researchers reckon that the problem comes from code that came about from old government policies which required software developers to use weaker security in encryption programmes, thanks to that old chestnut of ‘international security concerns’.
The flaw is to do with web encryption technology, which could potentially enable bad people to spy on what you’re doing if you use Safari or Google’s Android browser.
Around a third of all encrypted sites were vulnerable as of yesterday, as sites continued to accept this weaker software, which affects Apple’s browsers, the Android browser, but not Google Chrome browser or the latest versions from Firefox or Microsoft.
Apple and Google have both said that they’ve fixed the Freak Attack flaw, with Apple rolling theirs out next week and Google saying that they’ve sent out the goods to device makers and wireless carriers.
Obviously, this highlights the problems with governments interfering with encryption codes, even when dealing with national security. This old policy has come back to bite it on the arse, as it could well do the opposite of what it was intended to do, and actually give a helping hand to criminals.
Until a rollout occurs, you’d be wise to use Chrome, Firefox or Microsoft’s browser or, indeed, ride your luck until the new security measures are in place, if you’re feeling saucy.
Another day, another hack and this time, customers of TalkTalk are being warned after a load of account numbers, names and personal details were stolen from them. Be on the lookout for people trying to scam you, basically.
In an email sent to all TalkTalk customers, the company said that ne’er-do-wells were using the swiped details to try and trick people into handing over their bank details. If you received the email, you’ll find a special phone line to call if you’ve been targeted.
The number is 0800 083 2710.
This scam was discovered after TalkTalk found that there was a very sudden spike in people complaining to them about scam calls at the end of last year. A spokesperson said: ”We have now concluded a thorough investigation working with an external security company, and we have become aware that some limited non-sensitive information may have been illegally accessed in violation of our security procedure.”
It seems that the hack came about via a third-party who also had access to TalkTalk’s network and, as a result, the company will be taking legal action against the aforementioned third-party.
“We are aware of a small, but nonetheless significant, number of customers who have been directly targeted by these criminals and we have been supporting them directly,” said a statement from TalkTalk.
The scam in question involves customers getting called up and, with the stolen details, the scammers are trying to convince you that they’re a legitimate TalkTalk representative who tries to sell them security software. So, if you’re a customer and someone from TalkTalk rings you up and asks for your bank details, tell ‘em where to sling it.
Those irritating gits who run companies that mither everyone with nuisance calls and texts are looking at some new regulations that will slap them with huge fines. We’re talking penalties of (up to, of course) £500,000.
The current laws don’t do much to discourage these spam merchants, but that’s apparently going to change, as new rules will make it much easier to penalise them.
They come into play from April 6th and they mean that the Information Commissioner’s Office (ICO) won’t have to prove that unwanted messages are causing a “substantial damage or substantial distress” any more.
In addition to that, the Government are also looking at bringing in new rules which will see that executives on the board of these businesses will also be held responsible for these calls and messages.
“For far too long companies have bombarded people with unwanted marketing calls and texts, and escaped punishment because they did not cause enough harm,” said digital economy minister Ed Vaizey. “This change will make it easier for the Information Commissioner’s Office to take action against offenders and send a clear message to others that harassing consumers with nuisance calls or texts is just not on.”
We all know how slippery these cold-callers are, so it would be wise to avoid holding your breath until we actually see someone getting a massive fine. Still, this is, initially, very good news for everyone.
There’s a number of products and services out there that give you a free trial before biting you on the seat of your pants. We warned readers about the trial with The Sun+ which ended up taking money off people.
Well, the Royal Bank of Scotland are now calling on regulators to do something about firms that offer free product trials before taking consumers for mugs. The RBS said that, since last June, they’d helped 37,000 customers to stop charges that had been hidden in the small print in 30-day ‘free trial’ deals for beauty and nutrition products.
The bank said that these deals “took advantage of consumers” who believed they were only handing over a small fee for postage: ”Clever advertising and pop-ups on social media websites lure customers into what they believe to be a free trial of a cream or tablet. They are asked to enter their card details to pay a small fee to cover postage and packaging.”
“In reality, by providing their card details and entering the free trial they are agreeing to a recurring subscription, if they do not cancel within the trial period.”
“At its worst point, RBS and NatWest were receiving over 390 calls a day from customers to complain of charges of around £80 a month being applied to their accounts that they did not recognise.”
“Customers receive the goods but don’t know about the recurring costs associated or that they have to stop the trial.
“Subscription details and charges should all be laid out in the terms and conditions (T&Cs) of the agreement, but the bank has found instances where the T&Cs only appear after the customer has agreed to them, where they’re hidden at the bottom of the page or where they’re greyed out making them near impossible to find.”
“The bank estimates that at its peak this was costing customers over £30k per day and over £2.9m in fees since June last year.”
So, as ever, stay vigilant and remember – always read the T&Cs and, if it looks too good to be true, it almost invariably always is too good to be true.
So with that, they’re continuing the fight against bad advertising practices, and Google’s Adwords platform, disabled over half a billion adverts last year. That’s a whopping amount! In addition to this, over 214k advertisers were banned and 250k sites were removed from the network because they’d been hiding malware, spyware and other forms of internet bleakness inside themselves.
Things that were most prevalent were 4.3m adverts that violated AdWords copyright infringement policies (over 4.3 million ads), adverts that employed trick-to-click approaches (over 43 million), advertisers trying to sell knock-off goods (in advance of 7k), those that practised phishing (more than 5k) and adverts for healthcare related violations (over 9.6 million).
That’s a lot of admin.
“Overall, we disabled more than 524 million bad ads and banned more than 214,000 advertisers in 2014″ said Vikaram Gupta, Director of Ads Engineering.
Sadly, you’ll still probably see weird muscle-men and women’s buttocks with blue dotted lines drawn on them all over your Facebook feed for the foreseeable.
If you think a deal is too good to be true, chances are, it is. Unless you’re looking in our Deals of the Day, of course. Either way, if someone is offering you a MacBook for £300, you’ve got to be wary.
One man who wasn’t, was Paul Barrington who saw the deal on eBay and thought he’d got himself an absolute steal! He parted with his money and waited. When it arrived, he found he’d spent all that money on a photocopied picture of a MacBook instead.
Look at his sad face.
Of course, MacBooks set you back around £1,500 if you’re buying them new and, if you’re getting one second-hand, they’re not going to be much cheaper.
Paul had apparently sold his treasured surfboard to buy the device, as he wanted to start gigging as a wedding DJ.
He said: “I sold my pride and joy for a piece of paper. It’s the first time I haven’t had a surfboard since I was 10 years old but I need a laptop so I checked the listing and the seller’s rating.”
“He’d been a member for a few years, so there was nothing to be suspicious about. I was excited about winning the auction and just thought, ‘I’ve got a laptop so I can start the business. The package was as light as a feather. Why bother sending a picture in a box? It doesn’t make any sense. I almost had to laugh.”
Paul has of course, reported this scam to eBay who are going to get back to him. Anyone who has dealt with eBay before, stop laughing. Here’s the auction.
As with 2013, variations on passwords like 123456 continue to be the most popular passwords. Other obvious choices such as “password” and “qwerty” are also in the top five.
There’s new entries for the likes of “baseball” (8), “dragon” (9), “football” (10) and, ahem, “Master” (19).
Superheroes such as Superman (21) and “batman” (24) proved popular, as did the winning “Michael” coming fresh in at No.20. We especially like that “trustno1″ is hanging on in there gamely, proving that irony is lost on the Cyberdog/conspiracy theorist set.
The list was compiled by password company SplashData, and combed from leaks from North America and Western Europe.
The ideal password that SplashData recommends, is one of eight characters or more with mixed types of characters. They also “helpfully” suggest not using the same password on all of your sites.
The full list of the worst passwords (with last year’s ranking in brackets) is:
1 (1) 123456
2 (2) password
3 (20) 12345
4 (3) 12345678
5 (4) qwerty
6 (6) 1234567890
7 (16) 1234
8 (-) baseball
9 (-) dragon
10 (-) football
11 (7) 1234567
12 (17) monkey
13 (14) letmein
14 (5) abc123
15 (7) 111111
16 (-) mustang
17 (-) access
18 (18) shadow
19 (-) master
20 (-) michael
21 (-) superman
22 (-) 696969
23 (11) 123123
24 (-) batman
25 (24) trustno1
(You could quite easily imagine someone named Fraud Barometer, couldn’t you?)
This increase lost to investment fraud came alongside a £824 million pound drop in the total to £717 million.
Now KPMG reckon that the numbers indicated that “victims are now being targeted because of vulnerability rather than wealth,” according to a report in the FT.
KPMG also said that part of this increase could be traced to such things as rising incomes and as investors search for ‘yield-bearing’ alternatives.
“You’ve got a generation of pensioners that actually has money but is not getting great returns on that money,” said KPMG partner Hitesh Patel.
“Pensioners effectively become targets for organised crime. A lot of people are being targeted by quite sophisticated criminals with compelling explanations of the ‘investments’.”
On OS X Yosemite, you may have noticed that Apple’s Spotlight search function is rather sophisticated, allowing you to search the web as well as peering into your machine for content too. All very clever.
However, it also has a flaw that could well expose your local information to nefarious types. Not so clever.
So what’s going on? Well, the weakness focuses on Apple Mail. Basically, as Spotlight Search indexes emails that have been received within Apple’s email service, it also shows previews of your emails, your images and such.
All a hacker would need to do is to insert a tracking pixel into one of your email’s images and hey presto! They could well be enjoying access to your data!
While the email is in your inbox, you can ignore scams, but Spotlight’s preview function opens up a vulnerability. Seeing as Spotlight opens previews of your junk and spam messages, this could be a problem. Even if you have switched off the “load remote content in messages” feature, it doesn’t exactly fix the problem.
Until Apple issue a fix, the best thing for you to do is to go to your Mac System preferences and switch off email indexing.
Thieves eh? They’re tricksy buggers. The latest scam that’s afoot (which reports like this will advertise to other sods to try out themselves, where once they wouldn’t have thought of it) is using iPod Nano devices as spy cameras on cash points!
The police were notified of an ATM in Gatley near Stockport and there, they found a camera fashioned from an iPod Nano, duct tape and a home made plastic front.
GMP Stockport tweeted a number of photos of the device and obviously, warned everyone about them, while asking us all to keep an eye out for them.
They said: “Reports of an ATM in #Gatley being found with a card reader and mini camera attached to it. Be vigilant when using them….It was the one on Northenden Road.”
“From experience they tend to leave the devices on for only a short time…First pic shows the ATM with devices attached. Second the fake front. Third pic shows the camera. We find most of them in the evening. They are usually placed near pubs and restaurants etc.”
Obviously, if you see them and want to scupper some criminals from spying on you, contact the police on 101 or Crimestoppers, anonymously, on 0800 555111.
115,549 fines were dished out in 2013, according to figures from the Ministry of Justice.
South Wales had one of the biggest increases, with the number of people fined tripling last year to 6,491, from 2,181. Earlier in 2014 a speed camera in Cardiff generated more than an estimated £800,000 worth of fines in just six months.
While London saw the most people fined last year, the figure for the Metropolitan police area has fallen to 7,736 – its lowest level in five years.
A unnamed spokeshuman for the Department for Transport said: “Speeding can have devastating consequences and it’s right that drivers should abide by the speed limit. These fines were issued at the discretion of the magistrates and show the number of fines issued is in decline across many police force areas.”
Tune in next year to see if 2014 has been beaten!
The European Banking Authority (EBA) has shared their new, tougher guidelines, making payment service providers get serious about customer identification before payments are processed.
There’s good reason for this too – in the last four years, the yearly cost of card fraud in the UK has jumped up from £365 million to somewhere in advance of £450 million! Two thirds of that came from the dastardly practice of ‘skimming’, where small amounts of money are continually removed from an account in the hope that the victim won’t even notice.
Of course, there’s been an increase in digital snidery too, with ne’er-do-wells using malware and the like. There’s also the tried-and-tested tactic of just nicking your card too.
Anyway, all this means is that you’ll carry on as normal while fraudsters will have to learn a new set of tricks to try and get at all your precious money.
One reader got in touch with us and said: “Ordered from Gearbest 4 items the promised 3-5 days when nothing came I emailed them they gave me a false tracking number… thanks to this scam £186 taken from my account”, adding: “they said payment was made into their paypal account £186 inc insurance, I am so mad and gutted for my kids, i doubt i get my money back they have lied in emails (at least 20!)”
So we decided to look into it a little further and it seems like problems aren’t uncommon with GearBest. There’s been complaints of issues with shipping and money being taken multiple times.
Elsewhere, people who have shopped with GearBest have said: “I FEEL CHEATED! Deducted 3 times from credit card for cancelled item!” which no confirmation emails for products and featuring items that are out of stock, taking the money for them and leaving customers in limbo. On top of that, customers have said that GearBest aren’t exactly forthcoming with information when they’ve been sent queries.
One customer, unsatisfied with the slow return on emailing with problems noted that the helpline requires you to call long-distance, saying that the whole thing was the “worst experience of my life.”
Another complaint said: “Ordered tablets from this website, they’re now asking for pictures of debit card and passport, this is completely unacceptable this is my private information, I have never heard of a website asking for this type of information before, unless a scam.”
We should point out that GearBest is a legitimate business and not a scam site and that there are some positive comments floating around about them. However, at best, GearBest sound like a hassle and at worst, it looks like they may have taken money from customers without fulfilling orders with subsequent and frustrating chasing.
One to avoid if you’re Christmas shopping (and beyond).
British Chief Executive Mark Fox said the giant chain’s UK operations are likely to be profitable within three years, however until Starbucks returns to profit, corporation tax is not applicable.
Fox reckons it’s nothing unusual, but did find it odd that the chain had yet to make a profit from the average £3.50 a coffee.
Tax avoidance is nothing new with Starbucks, when it emerged two years ago that it had only paid £8.6 million in corporation tax, despite a £3 billion in the bank since it first infested the UK in 1998. Back then it was accused of funnelling profits through the Netherlands because lower tax. They’re still under investigation for that.
Fox has admitted to the Evening Standard that Starbucks had been damaged by the tax row, but insisted that Starbucks’ tax affairs were very, very ordinary. He said: “It happens across the sector and therefore it didn’t bother me at all.”
“There was nothing abnormal about the way Starbucks is run in the UK. What is abnormal is that we haven’t been making a profit,” adding: “I look at the business now with eight quarters of growth, I don’t see a damaged brand, I see a brand that is starting to regain its mojo.”