By Eric Limer for Popular Mechanics
Twitter is suggesting all users change their passwords as a precaution after a reported glitch caused some passwords to be stored in plain text. If you’ve ever used your Twitter password for another service, you’d be wise to change it in both places.
Twitter says there is no evidence of a breach, but the error would have allowed any snoopers inside the system to scoop up unprotected passwords with ease. Typically, passwords are “hashed” before they are stored, a process which transforms them password into a unique series of numbers and letters that can’t be translated back into the actually sequence of numbers and letters you type in. This prevents hackers from snagging a phrase they can try on your other accounts.
Even with no evidence of an actual breach, this bug serves as a good reminder for some basic security hygiene. Use unique passwords for every service you use; a password manager can help you keep track of them all. Turn on two-factor authentication where available (it is available on Twitter). And while you’re at it, go look at the apps that have access to your account. These apps, if they’re insecure themselves, can offer hackers a limited way into your account without ever having to figure out your password.
A new set of data taken from an offshore law firm again threatens to expose the hidden wealth of individuals and show how corporations, hedge funds and others may have skirted taxes. A year after the Panama Papers, a massive leak of confidential information from the Bermuda law firm Appleby Group Services, dubbed the Paradise Papers, has shone another light on the use of offshore accounts.
Here are the highlights so far of the reporting by the International Consortium of Investigative Journalists and partner news outlets on the so-called Paradise Papers. Bloomberg hasn’t seen the leaked documents:
- The rich may be richer than you thought. Jim Simons, the billionaire founder of hedge fund Renaissance Technologies, has amassed more than $7.5 billion in a previously undisclosed, four-decade-old fund set up in Bermuda. Warren Stephens, an Arkansas banker and Republican donor, used a Bermuda-based family trust to reduce his tax bill and conceal his interest in a payday lender under US scrutiny. And George Soros, a liberal investor who has contributed to the ICIJ, used Appleby to manage a company that carried out reinsurance transactions that can be used to shield wealth from taxes.
- More than a dozen members of President Donald Trump’s inner circle, including Secretary of State Rex Tillerson and top economic adviser Gary Cohn, held undisclosed offshore companies. Robert Mercer, a Republican donor who just said he would step down as Renaissance Technology’s co-CEO, was revealed to be a director of more than eight of RenTech’s offshore subsidiaries, who used other offshore firms to shelter money his family funneled to political causes. The Blackstone Group, co-founded by Trump economic adviser Stephen Schwarzman, used trusts and companies registered in tax havens to avoid paying taxes on two UK commercial
- After Irish officials closed a tax loophole that had allowed Apple to avoid billions of dollars in taxes, the US tech giant enlisted international law firms to help it find a new tax home and settled in the English Channel island of Jersey, the New York Times reported. The documents helped solve a two-year mystery of where the world’s biggest company by market capitalisation is booking a big share of its revenue.
- Want to register a private jet in the US? Bank of Utah manages more than 1 390 aircraft trust accounts that obscure the identities of the jets’ (largely foreign) owners, the New York Times reported. Among the wealthy foreigners said to use the bank’s services: Russian oligarch Leonid Mikhelson, an ally of Russian leader Vladimir Putin whose gas company is under US sanctions.
- US Commerce Secretary Wilbur Ross faces questions about his financial disclosures to Congress and the government after a report that he didn’t disclose business ties to the son-in-law of Russian President Vladimir Putin and an oligarch under US sanctions. The Appleby documents included details of Ross’s stake in a shipping company, Navigator Holdings, according to the New York Times.
- House Republicans should slow down their consideration of a tax-overhaul bill after the investigative reports alleged offshore tax-avoidance by US multinational companies including Apple and Nike, congressional Democrats and tax-advocacy groups said.
- The Monetary Authority of Singapore said it’s reviewing the documents and will take action against any financial institution or individual that breaches regulations. The regulator made the remarks on Wednesday after the consortium said that some of the files came from Asiaciti, a Singapore-based family-owned trust company. Asiaciti denied any wrongdoing.
- Canadian tax authorities are reviewing reports linking a key fundraiser for Prime Minister Justin Trudeau to offshore trusts in the Caribbean. Montreal-based businessman Stephen Bronfman, son of billionaire Charles Bronfman, was among the individuals cited by news organisations including the Canadian Broadcasting Corporation, Radio-Canada and the Toronto Star in Sunday’s leak of bank documents.
Commodities trader Glencore Plc was one of the top clients of Appleby, which even had a “Glencore Room” at its Bermuda office that kept information on the trader’s 107 offshore companies, according to the ICIJ investigation. (Peter Grauer, the chairman of Bloomberg LP, is a senior independent non-executive director at Glencore.)
- Prominent Silicon Valley investor Yuri Milner, who was an early backer of Facebook Inc., partnered in two investments with the Russian state-controlled bank VTB Bank PJSC before it was sanctioned, his spokesman confirmed Friday. Details about the relationship between Milner and VTB surfaced in the wake of the Paradise Papers.
- Indonesian authorities are investigating if former presidential candidate Prabowo Subianto and the children of ex-dictator Suharto, named in the leaked documents, are in breach of the country’s tax laws.
- A North Korean was listed in the leaked documents as a shareholder in a Malta-based company which may have been involved in the overseas transfer of North Korean construction workers, according to Newstapa, a South Korean partner of the ICIJ.
- Queen Elizabeth II of the UK made a series of investments in a Cayman Islands fund through the British Royal Family’s private estate, the Duchy of Lancaster, according to The Guardian newspaper.
- Lord Michael Ashcroft, a major donor to the UK’s Conservative Party, had links to a Bermuda-based trust with assets worth as much as $450 million, The Guardian reported.
- The Dutch Finance Ministry said it will review whether more than 4 000 cross-border tax rulings were issued in accordance with procedures. The decision follows the publication of an article in Het Financieele Dagblad reporting that correct procedures weren’t followed in an agreement between the Dutch tax authority and Procter & Gamble Co. “P&G has fully transparent relationships with governments and tax administrations worldwide,” the company said in a statement. “We may seek confirmation from governments and tax administrations that our interpretation of tax laws is correct. This is what was done in this instance.
Source: Marcus Wright for MoneyWeb / Bloomberg
It seems like there is a new data breach every other day, causing companies untold embarrassment and reputational damage when customers’ private details are leaked.
A new Web site called www.haveibeenpwned.com allows you to see if your details have been compromised by a data breach.
Simply click on the link, enter your email address and click the pwnd? button to find out if you’re a victim.
Major data breaches
Some high profile leaks in the last while include:
- RNC (2017)
A misconfigured database containing the sensitive personal details of over 198-million American voters was left exposed to the internet by a firm working on behalf of the Republican National Committee (RNC) in their efforts to elect Donald Trump.
- Zomato (2017)
Zomato, which provides users with an online guide to restaurants, cafes and clubs, reported that data from 17-million users had been stolen, including email addresses and hashed passwords.
- NHS (2017)
The recent WannaCry ransomware infected 47 NHS England Trusts and hundreds of companies across the world.
- ‘Eddie’ breach (ongoing)
Security researchers at the Kromtech Security Research Center discovered a massive database of 560-million login credentials which is believed to come from up to 10 popular online services such as LinkedIn and Dropbox, obtained during previous data breaches.
- Wonga (2017)
Payday loan company Wonga has fallen victim to a large data breach that could have hit as many as 245,000 of its customers including bank account numbers and sort codes.
- Tesco Bank (2016)
Late last year, Tesco Bank, the consumer finance wing of the British supermarket giant, froze its online operations – after as many as 20 000 customers had money stolen from their accounts.
- Sage (2016)
As a FTSE-100 firm, the apparent insider attack admitted by accounting and HR software firm Sage could turn out to be one of the most important in UK data breach history if its scale is confirmed.
- Ashley Madison (2015)
In July 2015, a group calling itself “The Impact Team” stole the user data of Ashley Madison, a commercial website billed as enabling extramarital affairs. The group leaked more than 25 gigabytes of company data, including user details.
- Mumsnet (2014)
A direct victim of the infamous and widespread Heartbleed SSL software flaw, the compromise allowed hackers to access anything up to 1,5-million user accounts on the hugely popular site, its owners revealed.
- Yahoo (2013, 2014)
It seems hard to pin down just one data breach spawning from Yahoo’s 22 years in business. Last year appeared to unearth a mammoth lack of security on Yahoo’s part with reports uncovering a breach affecting over 500-million Yahoo user accounts during 2014.
- Sony PlayStation Network (2011)
The largest data breach in history at the time, Sony’s disastrous 2011 breach saw hackers make off with the customer records of 77-million people relating to its PlayStation Network, including a small number revealing credit card numbers.
Sources: www.techworld.com; wikipedia; www.haveibeenpwnd.com