Daily Crunch: Facebook admits password security lapse

Share
  • March 22, 2019

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

1. Facebook admits it stored ‘hundreds of millions’ of account passwords in plaintext

Prompted by a report by cybersecurity reporter Brian Krebs, Facebook confirmed that it stored “hundreds of millions” of account passwords in plaintext for years.

The discovery was made in January, said Facebook’s Pedro Canahuati, as part of a routine security review. None of the passwords were visible to anyone outside Facebook, he said. Facebook admitted the security lapse months later, after Krebs said logs were accessible to some 2,000 engineers and developers.

2. To fund Y Combinator’s top startups, VCs scoop them before Demo Day

What many don’t realize about the Demo Day tradition is that pitching isn’t a requirement; in fact, some YC graduates skip out on their stage opportunity altogether. Why? Because they’ve already raised capital or are in the final stages of closing a deal.

3. MoviePass parent’s CEO says its rebooted subscription service is already (sort of) profitable

We interviewed the CEO of Helios and Matheson Analytics to discuss the service’s tumultuous year and future plans.

4. Robotics process automation startup UiPath raising $400M at more than $7B valuation

UiPath develops automated software workflows meant to facilitate the tedious, everyday tasks within business operations.

5. Microsoft Defender comes to the Mac

Previously, this was a Windows solution for protecting the machines of Microsoft 365 subscribers, and the assets of the IT admins that try to keep them safe. It was previously called Windows Defender ATP, but launching on the Mac has prompted a name change.

6. Homeland Security warns of critical flaws in Medtronic defibrillators

The government-issued alert warned that Medtronic’s proprietary radio communications protocol, known as Conexus, wasn’t encrypted and did not require authentication, allowing a nearby attacker with radio-intercepting hardware to modify data on an affected defibrillator.

7. Nintendo’s Labo: VR Kit is not Virtual Boy 2.0

Like the first Labo kits, the VR Kit a friendly reminder that Nintendo’s chief job is to surprise and delight, and it delivers on both fronts. But just as the Labo piano shouldn’t be mistaken for a real musical instrument, Labo VR should not be viewed as “real” virtual reality.

Source : Daily Crunch: Facebook admits password security lapse