It's being called the largest digital security breach ever. Earlier this month, a leaked database inconspicuously titled Compilation of Many Breaches was made available in a popular hacking forum. Inside were 3.2 billion unique sets of email addresses and passwords, all aggregating from past leaks from Netflix, LinkedIn, and other platforms. — Read the rest

Hackers managed to break into a Tampa Bay water plant and momentarily poison the water, remotely, on Friday. Fortunately, a plant operator noticed his mouse moving across his computer screen. Although he thought it was nothing at first, minutes later he noticed the levels of sodium hydroxide – or lye, used in liquid drain cleaners – shoot up from 100 parts per million to more than 11,100 parts per million, "a hazardous level that could sicken residents and corrode pipes," according to The Washington Post. — Read the rest

Prominent U.S. cybersecurity firm FireEye disclosed on its corporate blog Tuesday it was hacked, possibly by a foreign nation, and the breach included the theft of internal hacking tools the firm normally uses to privately test the network defenses of their own clients. — Read the rest

Back in 2013, market research firm Global Web Index found 56 percent of internet users were worried that the web was an enemy of their own personal privacy. By last year, that number had climbed to 61%. 

But, considering all the data breaches, identity theft, governmental intrusion, and other attacks targeting you and your sensitive information online, it's almost a surprise that that number isn't much higher. — Read the rest

Police broke up an illegal all-night rave on Sunday in Thetford Forest in eastern England. The rave raid came days after the British government launched a crackdown on "serious breaches" of COVID-19 restrictions. Potential fines for breaking the rules are as much as 10,000 pounds ($13,000). — Read the rest

Unsealed court documents reveal the identity of Fxmsp, a hacker from Kazakhstan who is blamed for information theft from more than 300 companies and governments, in 44 different countries around the world.

The numbers are stark. The global cost of data breaches is expected to rise from $3 trillion this year to over $5 trillion by 2024. 

However, the numbers are just as eye-popping for those who want to defeat current unemployment trends and get hired as a cybersecurity expert. — Read the rest

On the web, security is always critical. But when a company feels its systems have been infiltrated by a hacker or outside force, usually the only recourse is for their IT security team to start the long process of pouring over data logs, building analysis tools and rooting around for unusual behavior. — Read the rest

'The purchased accounts include a victim's email address, password, personal meeting URL, and their HostKey'

Apparently, Greater Manchester is the New Florida during spring break of the United Kingdom. Despite warnings, daily updates to the number of victims of COVID-19 and the threat of steep fines for breaking quarantine or engaging in large public gatherings, an absurd number of Mancunians refuse to do anything to prevent the spread of coronavirus. — Read the rest

In case you needed any more proof that America desperately needs more cybersecurity specialists, look no further than the U.S. Congress. Just this week, the release of a year-long congressional study of America's cyber defense capabilities showed the nation was still "ill prepared" to fend off cyberattacks and requires a full overhaul of its entire cyberoperations strategy. — Read the rest

“Facebook’s default settings facilitated the disclosure of personal information, including sensitive information, at the expense of privacy.”

Bug bounties are making some hackers rich — and the companies they're hacking are more than happy to pay them. More than 600,000 white hat hackers are members of the bug bounty site HackerOne, a community connecting those hackers with companies paying them to find security holes in their vital digital systems. — Read the rest

“If there are no consequences for the [UN] agencies for failures like these … there will be more breaches.”

[My EFF colleague Bill Budington has a fantastic report on all the ways that Ring surveils its own customers. Caveat emptor, indeed. -Cory]

Ring isn't just a product that allows users to surveil their neighbors. The company also uses it to surveil its customers. — Read the rest

“Gee, thanks.”

Dear Boing Boing readers —

Around 11:30 EST on January 10th, An unknown party logged into Boing Boing's CMS using the credentials of a member of the Boing Boing team.

Ring's response to a group of US senators who questioned the company about its privacy practices reveals that the Amazon subsidiary has had to fire multiple employees who were caught spying on customers' surveillance doorbell cameras and other Ring surveillance footage.

[Amazon's surveillance doorbell company Ring sells "security" — the sense that surveilling your porch or your driveway or your home can make you safe. But when the company experienced a grotesque and completely predictable breach that saw hackers breaking into Ring cameras and spying on and tormenting their owners, Amazon blamed their customers for recycling passwords. — Read the rest

Facebook's decision to default to end-to-end encryption for Facebook Messenger prompted the governments of the UK, the USA and Australia to write to Mark Zuckerberg, urging him to delay implementation of the move, warning him that adding working encryption by default would make it harder for spies and cops to do their jobs.