Welcome to The Dashlane Tech Check for July 7, 2017!  I’ll help you catch up on Dashlane-related news and the big news in the tech industry. And just for fun, we’re taking a trip down memory lane with an unforgettable #FlashbackFriday video! 

What in the (security) world?

Here’s what made headlines this week in the world of digital identity, security, and privacy:

Poor password security is to blame for the UK parliament email hack

How are ‘primitive and easily discovered passwords” to blame for the cyber attack on British lawmakers? According to reports from ZDNet and Reuters, the cyber attack targeting UK parliament’s systems wasn’t state-sponsored. Low-level hackers used a brute force attack to compromise 90 lawmakers’ email accounts that used “weak passwords that did not conform to guidance issued by the Parliamentary Digital Service,” said a spokesperson. According to ZDNet, not all of the parliamentary systems and networks used two-factor authentication. Although it is currently unclear who is behind the attack. 

Find this story about password habits in the UK interesting? These we’re sure you’ll also enjoy these:

Mini Security Roundup: A Look at UK Password Practices [INFOGRAPHIC] 

Are UK citizens more likely to fall victim to hacking and identity theft than US citizens? 

How hackers steal your reused passwords–Credential Stuffing 

Dark web market, AlphaBay, goes down, leaving user fearing the worst

The most popular Dark Web marketplace, AlphaBay, has gone offline, leaving many users suspicious. According to HackRead, AlphaBay–also called “the new Silk Road”–was a popular destination to buy and sell drugs, databases, weapons, and other illegal items. According to HackRead, a large transaction of over 1,479 bitcoin (about $3.8 million) took place from an AlphaBay account, leaving some Redditors to suggest the site admin used the site to steal users’ funds. To date, it is still unclear why the site has gone down.

Google employees affected by third-party data breach

Google notified some employees that their personal and financial details may have been exposed as the result of a data breach with a third-party partner, Infosecurity Magazine reports. The security incident affected an electronic booking firm Sabre earlier this year, which directly impacted Google’s travel service Carlson Wagonlit Travel (CWT). In a letter to staff members, Google confirms that the name, contact information, and payment card data associated with certain hotel reservations may have been compromised.

The FTC shuts down firm that unlawfully shared and sold consumers’ sensitive data

The US Federal Trade Commission have agreed to settle charges against lead generation company, Blue Global Media, LLC, for misleading consumers into filling out loan applications–which included information on consumers’ names, addresses, email addresses, birthdates and phone numbers, as well as financial information, including social security numbers, bank routing and account numbers, driver’s license, state identification numbers, employment status and name of employer, income status, approximate credit scores and more.

According to the FTC, their complaint alleges that Blue Global Media then sold the data as a “lead” for up to $200 per lead, without any regard as to how the data will be used or if it would remain secure.  Ultimately, Blue Global Media settled the complaint, which includes a judgment for more than $104 million. Moreover, the company is prohibited from “misrepresenting that they can assist in providing loans at favorable rates and terms, that they will protect and secure personal information collected from consumers, and the types of businesses with which they share consumers’ personal information.”

A United Nations survey find major gaps in cybersecurity among the world’s most powerful nations

A United Nations (UN) survey released this week found major gaps in cybersecurity among the 134 countries surveyed, according to CNET. The UN’s Global Cybersecurity Index looked into 5 factors: technical, organizational, legal, cooperation, and growth potential. Here are five important findings from the survey:

  • Singapore is “most committed” on cooperation, followed by the US in No. 2. However, the US beat Singapore on legal, organizational, and growth potential factors.
  • Malaysia, Oman, Estonia, Mauritius, Australia, Georgia, France, Canada, and Russia–respectively–round out the top 10 in countries who are committed to cooperation.
  • Malaysia and Oman, despite being poorer countries, were stronger in cybersecurity than France and Canada.  
  • Half of the countries surveyed did not have a cybersecurity strategy in place.

Emirates and Turkish Airlines lift laptop ban for US-bound flights

Emirate Airlines and Turkish Airlines have lifted their ban on laptops in the passenger cabin during flights to the US. According to The Register, the ban began in March after fears that terrorists could smuggling in bombs disguised as laptops on flights. However, both airlines have completely halted the ban, allowing all passengers to bring personal devices on board.

US military will start encrypting soldiers’ emails next year

The US Defense Information Systems Agency (DISA), the Pentagon’s branch that oversees its internal mail services, says it will finally begin to encrypt emails for over 4.5 million users within a year, according to Motherboard. Senator Ron Wyden (D-Oregon) was pleased with the announcement, after expressing concerns that the agency didn’t take advantage of “a basic, widely used, easily-enabled cybersecurity technology.”

Flashback Friday

We’ve come a long way since we first reached 1 million users in just four years ago! Today, we’ve earned the trust of nearly 8 million users worldwide–and counting! In honor of #FlashbackFriday, let’s take a stroll down memory lane, back to when Dashlane’s CEO, Emmanuel Schalit, got his first tattoo after the company reached 1 million users. Have any thoughts about what his tattoo should be after 10 million users? Let us know in the comments below!

Have any thoughts on any of the news I shared? Leave me a comment below and make sure to visit our blog next week for another edition of The Dashlane Tech Check.

Also, don’t forget to follow us on Twitter to always be in the know! In our last Tech Check, we learned that the Petya/NonPetya ransomware may not be ransomware after all!