The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Over a week after Google admitted the company tracks users' location even after they disable location history, it has now been revealed that the tech giant has signed a secret deal with Mastercard that allows it to track what users buy offline. Google has paid Mastercard millions of dollars in exchange to access this information. Neither Google nor Mastercard has publicly announced the business partnership over allowing Google to measure retail spending, though the deal has now been disclosed by Bloomberg. According to four unidentified people with knowledge of the deal cited by the news outlet, Google and Mastercard reached the agreement after a four-year negotiation, wherein all Mastercard transaction data in the U.S. has been encrypted and transmitted to Google. Google packaged the data into a new tool for advertisers, called Store Sales Measurement, and currently being tested the tool with a small group of advertisers, allowing them to track whether online advertise...

George Garofano (left) The fourth celebrity hacker—who was charged earlier this year with hacking into over 250 Apple iCloud accounts belonged to Jennifer Lawrence and other Hollywood celebrities—has been sentenced to eight months in prison. Earlier this year, George Garofano, 26, of North Branford, admitted to illegally obtaining credentials of his victims' iCloud accounts using a phishing scheme, carried out from April 2013 to October 2014, in which he posed as a member of Apple's security team and tricked victims into revealing their iCloud credentials. Using stolen credentials, Garofano then managed to steal victims' personal information, including their sensitive and intimate photographs and videos, from their iCloud accounts, and then leaked them on online forums, like 4Chan. Among the victims were Jennifer Lawrence, Kim Kardashian , Kirsten Dunst, Kate Upton, American Olympic gold medallist Misty May Treanor and actors Alexandra Chando, Kelli Garner and...

Google just made its Titan Security Key available on its store for $50. First announced last month at Google Cloud Next '18 convention, Titan Security Key is a tiny USB device—similar to Yubico's YubiKey—that offers hardware-based two-factor authentication (2FA) for online accounts with the highest level of protection against phishing attacks. Google's Titan Security Key is now widely available in the United States, with a full kit available for $50, which includes: USB security key, Bluetooth security key, USB-C to USB-A adapter, USB-C to USB-A connecting cable. What Is Google Titan Security Key? Titan Security Keys is based on the FIDO (Fast IDentity Online) Alliance, U2F (universal 2nd factor) protocol and includes a secure element and a firmware developed by Google that verifies the integrity of security keys at the hardware level. It adds an extra layer of authentication to an account on top of your password, and users can quickly log into their acc...

Air Canada has confirmed a data breach that may have affected about 20,000 customers of its 1.7 million mobile app users. The company said it had "detected unusual log-in behavior" on its mobile app between August 22 and 24, during which the personal information for some of its customers "may potentially have been improperly accessed." The exposed information contains basic information such as customers' names, email addresses, phone numbers, and other information they have added to their profiles. Passport Numbers Exposed in Air Canada Data Breach However, what's worrisome? Hackers could have also accessed additional data including customer's passport number, passport expiration date, passport country of issuance and country of residence, Aeroplan number, known traveler number, NEXUS number, gender, date of birth, and nationality, if users had this information saved in their profile on the Air Canada mobile app. The airline assured its c...

Instagram is growing quickly—and with the second most popular social media network in the world (behind just Facebook), the photo-sharing network absolutely dominates when it comes to user interactions. And with great success comes great responsibility—responsibility to keep users' accounts safe, responsibility to fight fake accounts and news, and responsibility of being transparent. You might know that the Facebook-owned photo-sharing network has recently been a victim of a widespread hacking campaign that has affected thousands of Instagram users, leaving them locked out of their accounts. In the wake of the security mishappening, Instagram has announced a trio of security updates intended to discourage trolls, stop misinformation, and make the platform a little safer for its one billion users. In an official blog post , titled "New Tools to Keep Instagram Safe," published by Instagram Co-Founder & CTO Mike Krieger on August 28, the company announced thr...