Security flaws in a popular smart home hub let hackers unlock front doors

When is a smart home not so smart? When it can be hacked. That’s exactly what security researchers Chase Dardaman and Jason Wheeler did with one of the Zipato smart hubs. In new research published Tuesday and shared with TechCrunch, Dardaman and Wheeler found three security flaws which, when chained together, could be abused to […]

Password manager Dashlane raises $110M in Series D, adds CMO

Password manager maker Dashlane has raised $110 million in its latest round of funding, the company said Thursday. The company said Sequoia Capital led the Series D round, with partner Jim Goetz joining the board. Dashlane also said Lyft executive Joy Howard was appointed as its new chief marketing officer and will start in August. […]

Samsung spilled SmartThings app source code and secret keys

A development lab used by Samsung engineers was leaking highly sensitive source code, credentials and secret keys for several internal projects — including its SmartThings platform, a security researcher found. The electronics giant left dozens of internal coding projects on a GitLab instance hosted on a Samsung-owned domain, Vandev Lab. The instance, used by staff […]

Facebook now says its password leak affected ‘millions’ of Instagram users

Facebook has confirmed its password-related security incident last month now affects “millions” of Instagram users, not “tens of thousands” as first thought. The social media giant confirmed the new information in its updated blog post, first published on March 21. “We discovered additional logs of Instagram passwords being stored in a readable format,” the company […]

Researchers find 540 million Facebook user records on exposed servers

Security researchers have found hundreds of millions of Facebook user records sitting on an inadvertently public storage server. The two batches of user records were collected and exposed from two third-party companies, according to researchers at security firm UpGuard, who found the data. In the researchers’ write-up, Mexico-based digital media company Cultura Colectiva left more […]

Facebook admits it stored ‘hundreds of millions’ of account passwords in plaintext

Flip the “days since last Facebook security incident” back to zero. Facebook confirmed Thursday in a blog post, prompted by a report by cybersecurity reporter Brian Krebs, that it stored “hundreds of millions” of account passwords in plaintext for years. The discovery was made in January, said Facebook’s Pedro Canahuati, as part of a routine […]

Outdoor Tech’s Chips ski helmet speakers are a hot mess of security flaws

Sometimes the “smartest” gadgets come with the shoddiest security. Alan Monie, a security researcher at U.K. cybersecurity firm Pen Test Partners, bought and tested a pair of Chips 2.0 wireless speakers, built by California-based Outdoor Tech, only to find they’re a security nightmare. The in-helmet speakers allow users to listen to music on the go, […]

Lenovo Watch X was riddled with security bugs, researcher says

Lenovo’s Watch X was widely panned as “absolutely terrible.” As it turns out, so was its security. The low-end $50 smartwatch was one of Lenovo’s cheapest smartwatches. Available only for the China market, anyone who wants one has to buy one directly from the mainland. Lucky for Erez Yalon, head of security research at Checkmarx, an […]

Houzz resets user passwords after data breach

Houzz, a $4 billion-valued home improvement startup that recently laid off 10 percent of its staff, has admitted a data breach. A reader contacted TechCrunch on Thursday with a copy of an email sent by the company. It doesn’t say much — such as when the breach happened, or if a hacker is to blame or […]

Cybersecurity 101: Two-factor authentication can save you from hackers

If you find passwords annoying, you might not like two-factor authentication much. But security experts say it’s one of the best ways to protect your online accounts. Simply put, two-factor authentication adds a second step in your usual log-in process. Once you enter your username and password, you’ll be prompted to enter a code sent […]