Well, it was a very bad, no good, week for Twitch. The Amazon-owned streaming service suffered a devastating hack, with Twitch source code, streamer payouts, internal security tools, and more all dumped on 4chan. It’s about as thorough a data dump as you’ll see. Among the many repercussions: Twitch streamers experienced sudden, forced pay transparency, which quickly became a meme on social media and Twitch itself.
Twitch wasn’t the only unlucky tech titan this week. Facebook, Instagram, and WhatsApp all got knocked out of service for several hours on Monday. No, it wasn’t hackers. Instead, Facebook accidentally withdrew its BGP route, effectively making it impossible for the rest of the internet to find it. Not only that, but it knocked Facebook’s own networks off the internet’s maps, meaning its engineers couldn’t fix the problem remotely. A real mess! The company experienced down time Friday afternoon as well, but not nearly as extensive an outage.
Are you using a password manager yet? And while we’re at it, is the rest of your family? They should be! If you’re having a hard time convincing them, we’ve put together a few suggestions that might help get them to buy in.
A simple bug leaves AirTag users potentially vulnerable. And a judge found that the internet infrastructure company Cloudflare isn’t responsible for copyright-infringing sites that use its services.
And there’s more! Each week we round up all the security news WIRED didn’t cover in depth. Click on the headlines to read the full stories, and stay safe out there.
Everything’s fine now, it’s resolved; the Navy has its Facebook page back. But sometime Sunday night, someone managed to break into the account of the USS Kidd, a US Navy destroyer, and used that access to, well, stream the real-time strategy game Age of Empires. A Navy spokesperson confirmed that someone gained “unauthorized access” to the Facebook page for the military-focused news site Task & Purpose on Wednesday. The streams were accompanied by brief messages like “hi guys” and “play game” and “ffffffffffff.” The likeliest culprit seems to be a family member of someone who has the keys to the USS Kidd’s social media account.
Firefox is a great browser for the privacy-minded, but maybe not in this specific instance? In the latest version, when you type into the address bar you’ll get “new, relevant suggestions from our trusted partners based on what you’re searching for.” In other words, a type of ad in an unexpected place. You can turn the feature off by heading to Settings, then Privacy & Security, then uncheck Contextual suggestions down under Address Bar — Firefox Suggest. But c’mon—you shouldn’t have to do this in the first place, and you definitely should have a better heads-up about where the URL prompts in your address bar are coming from.
A very big hack that did not get nearly enough attention was quietly disclosed in an SEC filing by Syniverse, a telecom infrastructure company. As Motherboard first reported, hackers managed to stay in Syniverse systems for years, and they would have had access to all manner of phone records, potentially including text messages. It’s unclear if there’s been any fallout yet from the prolonged incident, but it’s a potential treasure trove for international espionage.
Speaking of international espionage! Google this week sounded the alarm that Russia’s Fancy Bear hackers had unleashed a broad, sophisticated phishing campaign that targeted 14,000 Gmail users last month. Individual accounts that were targeted received alerts, and the group appears to have included journalists and security researchers along with people in a variety of other industries. Google said all of the attempts were caught by spam filters, but the scale of the effort was still notable.
More Great WIRED Stories