Social Media | SC Media

Social Media

Twitter users’ 2FA info found its way to advertisers

Twitter this week disclosed that it gave advertisers access to email addresses and phone numbers that users had supplied to the social media messaging platform, originally for two-factor authentication purposes. The company is asserting that this practice was inadvertent. In an online post, Twitter acknowledged that data intended for “safety or security purposes” went to…

WordPress Rich Review plugin vulnerable to malvertising

An estimated 16,000 WordPress websites are running a plugin that is vulnerable to unauthenticated plugin option updates. WordFence, a WordPress security solution provider, has reported that the plugin Rich Reviews has a vulnerability that is currently being abused and can be exploited to deliver stored cross-site scripting (XSS) payloads. This can result in malvertisements being…

Facebook boots multiple inauthentic accounts created in Iraq and Ukraine

Facebook yesterday excised from its platform hundreds of inauthentic pages, groups and accounts that were created by actors in Iraq and Ukraine. The social media giant removed 76 accounts, 120 Facebook pages, one group, two events and seven Instagram accounts linked to the Iraq-based campaign, and it expelled 168 accounts, 149 Facebook pages and 79…

Instagram fixed after researcher finds way to link account info to PII

Facebook has repaired a vulnerability in its Instagram social media platform, after a researcher found that it could be exploited to link users’ phone numbers to their account numbers, usernames and actual names. With the help a brute-force algorithm and a network of bots, malicious actors could have leveraged the flaw to bypass data security…

Facebook hosts election security meeting between tech companies, intel officials

Executives from leading technology and social media firms convened with U.S. intelligence representatives yesterday to discuss ongoing efforts to shield their platforms and users from election interference campaigns. According to Bloomberg and additional news outlets, Facebook used its Menlo Park, Calif. headquarters to host the meeting, which was attended by Google, Microsoft, Twitter and members…

Google fined $170M for allegedly improper collection of kids’ data from YouTube channels

The Federal Trade Commission and New York Attorney General’s office today announced that Google and its subsidiary YouTube agreed to an unprecedented $170 million in fines for allegedly using cookies to harvest personal data from minors without parental consent and then serve behavioral ads based on this information. Such actions are in violation of the…

WordPress plugins vulnerable to redirects

A number of new and old WordPress plugin vulnerabilities are being targeted in an attempt to redirect traffic from victims’ sites to a number of potentially harmful locations. WordFence’s Threat Intelligence team said users of the plugins under attack are protected by individual firewall rules or generic protections built into the plugin, however, two of…

Instagram asks security researchers to check out ‘Checkout’ feature

Instagram is reportedly recruiting white-hat researchers to test the security of its new Checkout feature, which allows users to buy merchandise from select brands without ever having to leave the social media app. CNN this week reported that Facebook-owned Instagram is restricting the testing to only those individuals who have submitted high-quality research to its…

Next post in Data Breach