While the world indulges in online activities while at home, hacking groups are working overtime in the past week as multiple security breaches have been reported. Thus, video chatting app Zoom, which has long been targeted by hackers, has recently upgraded its encryption keys to strengthening its security.
Zoom Launches Security Upgrades
Video conferencing app Zoom recently announced numerous small but vital security advances. With the recent surge in Zoom usage during the pandemic, the company earned scrutiny on its security and privacy offerings.
The gradual changes are part of the company's 90-day plan to improve its services. Primarily, Zoom now offers AES 256 encryption on meetings, which will be encrypted with a 256-bit key. Previously, it used to offer AES 128, although Zoom claimed it has been using AES 256, based on documentation and marketing materials.
Various Security Breaches
Zoom is not the only company that is being targeted by crooks. In fact, Google recently published that about 12 government-backed hacking groups are undeterred by the pandemic, trying to take advantage of those conditions for intelligence-gathering. Also, another report claimed China has been hacking Uighurs' iPhones during the crisis. Other issues have also been raised on various apps and platforms.
Nintendo Account Breaches
Meanwhile, Nintendo users worldwide have seen their accounts being controlled by crooks over the past few weeks. This allowed access to the linked credit card or PayPal accounts to purchase Nintendo games or currency for Fortnite.
Nintendo has been urging users to turn on two-factor authentication to protect their accounts since the start of the month, so it is unclear how hackers got through the system. On Friday, the company confirmed that hackers gained unauthorized access to accounts, so the company decided to change the login process.
Instead of accessing their Nintendo accounts using Nintendo Network IDs from the older Wii U and 3DS system, it also will contact affected users about resetting passwords.
Nintendo reported the issue on its US customer support page and reassured users about the Nintendo's security policies. "While we continue to investigate, we would like to reassure users that there is currently no evidence pointing toward a breach of Nintendo's databases, servers, or services," the statement said.
Meanwhile, the company opted not to divulge how the system was accessed illegally after doing the investigation. This is to deter "further attempts of unauthorized sign-ins."
Facebook Profiles Sold for $600
Data from more than 267 million profiles are apparently being sold on criminal dark web forums for £500, or about $618. While the information does not include passwords, it contains details like users' full names, phone numbers, and Facebook IDs, which can fuel digital scams like phishing.
Bleeping Computer reported on Monday about the Elasticsearch database discovered by security researcher Bob Diachenko. However, after being contacted by Diachenko, the ISP hosting database took the server offline.
Later on, a new set of data containing 42 million records was brought online. From this, 16.8 million records comprised more details like Facebook users' birth date, email address, and gender.
To avoid unauthorized access, Cyble CEO Beenu Arora recommends users to strengthen their Facebook privacy settings and be cautious of unsolicited emails and text messages.