Catch up on this week’s round-up of the latest hosting and tech news. Here’s what we’ve uncovered since our last edition.
Loyalty card attacks hit the high street
This week, two of the biggest names on the UK high street, Tesco and Boots, have seen large scale cyberattacks on their loyalty cards. On Monday, Tesco announced that a database of stolen Clubcard usernames and passwords had been used to access accounts and that some attacks may have been successful. Over 600,000 customers were emailed, informing them that they would need to change their passwords and that their Clubcard vouchers had been temporarily suspended until new cards with different numbers could be issued.
On Thursday, Boots announced that the same form of attack had been used against their Advantage Card loyalty programme and that they had temporarily suspended anyone paying for items using loyalty points in order to prevent them being stolen and used by the hackers. In this instance, 150,000 users were affected. Both companies said that their servers hadn’t been breached and that customers’ financial data remained secure.
However, with so many databases of stolen usernames and passwords available on the black market, it shows the importance of regularly changing passwords.
Explosion of dirty data
A recent documentary by the BBC, Dirty Streaming, has highlighted the impact of the internet on climate change. It estimates that binge-watching a Netflix series generates the same levels of CO2 emissions as an 80-mile drive and that the average US data centre consumes the same amount of energy as all the homes in an entire city.
What’s concerning for the future is that, within the next 15 years, the ever-expanding internet is expected to use 20% of the world’s electricity with the massive growth in the number and size of data centres, the implementation of 5G and the proliferation in connected devices all being major contributors to pollution.
With this in mind, all companies need to be aware of how the use of renewable energy can help reduce the impact of the internet.
Its SS-Hell for Let’s Encrypt users
If you use Let’s Encrypt SSL certificates to secure payments on your website, you might have had recent problems with your ‘Secure’ status. According to Let’s Encrypt’s parent company, ISRG, a bug found in some certificates means 3 million websites would have their existing SSL certificate revoked.
Website owners were contacted by ISRG, informing them that to avoid any disruption, they would have to renew and replace any affected certificate by 4 March. Any affected website owner who hasn’t yet done this may find that their site is now labelled ‘not-secure’ by browsers and this could damage customer trust and lose sales.
Scammer gets a taste of his own medicine
Amit Chauhan, who ran a large-scale scamming operation from his call centre in Delhi, has been arrested by Indian police after being caught out by a UK hacker. Investigative YouTuber, Jim Browning, hacked into Chauhan’s call centre, gaining access to its CCTV cameras, computers and even telephone calls. Over months, he watched and recorded as the operation defrauded millions from UK victims, many targeted because they had previously fallen for other scams.
According to Browning, there are thousands of gangs running similar operations. Many of these pose as legitimate IT companies in order to purchase the rights to run the technical support for software developers. Once this has been secured, they distribute the software, bundling it with the malicious ‘There’s a problem with your PC. Ring this number to fix’ pop-up. When a user calls for help, the scammers then get remote access and run fake computer checks, telling the customer it will cost hundreds, sometimes thousands of pounds to fix the non-existent issue. At the same time, they will install spyware and other malicious apps in order to scrape valuable data at a later date. The details of those who fall for the scam are then added to a database and are sold to other gangs for targeting. This should be a warning to everyone to only download software from legitimate and verified sources.
Big Brother’s got blurred vision
It looks like UK police forces have some way to go before their AI-enabled CCTV systems finally master the art of live facial recognition. New figures released by London’s Met for February showed that its accuracy rate was only 12.5%.
On one particular day, the cameras scanned almost 9,000 faces looking for 7000 people on its watch list. Using AI, the system logged 8 potential matches. Out of these, only one individual was correctly identified. Of the other 7, five completely innocent individuals were stopped by police and two were so obviously mismatched that the individuals weren’t stopped at all. According to the Metropolitan Police, the images of anyone misidentified by the system would be automatically erased.
Visit the WHUK website for more news, knowledge base articles, blog posts and information on our wide range of hosting services.