Welcome to The Dashlane Tech Check for May 12, 2017!  I’ll help you catch up on Dashlane-related news and the big news in the tech industry. And just for fun, I’ll include a useful lifehack that will keep you safe and secure all year long.

What in the (Security) World?

Here’s what made headlines this week in the world of digital identity, security, and privacy:

Researchers claim gadgets using EEG signals can be hacked to capture passwords and PIN numbers

Photo credit: Pinterest

ZDNet is reporting researchers who demonstrated how an $800 headset which uses your brain power can be hijacked to steal your passwords and PIN numbers. According to a study by Nitesh Saxena from the University of Alabama, the Epoc+ headset can translate EEG (electroencephalography) signals into commands for PCs and other gadgets. The study found that a computer program was able to accurately guess the letters and numbers a participant entered into a computer screen based on their brain waves. The researcher says that, in the future, this vulnerability could be exploited by cybercriminals who take advantage of video games which require inputting numbers and letters.

Trump signs executive order on federal cybersecurity

On Thursday afternoon, President Trump signed an executive order addressing the federal government’s vulnerability to cyber threats. According to NBC News, the new order makes every federal agency responsible for their cybersecurity. “Effective risk management requires agency heads to lead integrated teams of senior executives with expertise in IT, security, budgeting, acquisition, law, privacy and human resources.” Effective risk management requires agency heads to lead integrated teams of senior executives with expertise in IT, security, budgeting, acquisition, law, privacy and human resources,” says the order.

A U.S. ban on carry-on laptops may apply to all flights from the U.K

Unnamed “European security officials” told The Daily Beast that U.S. authorities plan on banning laptops from carry-on luggage on all flights from Europe and the U.K. However, the Department of Homeland Security issued a statement claiming “no official decisions” have been made on expanding the restriction on large electronic devices in aircraft cabins; however, it is under consideration.”

Starbucks suggests poor account security is to blame for hacked customer accounts

Are customer’s to blame for fraudulent activity on their Starbucks accounts? Starbucks thinks so. According to Grubstreet, several customers have complained to the company about fraudulent activity on their Starbuck’s mobile app, including BuzzFeed reporter Vanessa Wong who watched someone reload money into her account and spent it all. However, in a statement to Good Housekeeping, the company says “a team of engineers dedicated to advancing security and fraud prevention” were on the case and encouraged customer “to follow best practices to protect their accounts.”

Researchers create AI to help you choose stronger passwords

Cybersecurity researchers from Carnegie Mellon and the University of Chicago created a new password strength “meter” to help users create safer passwords. Digital Journal reports that the system purports to use artificial intelligence and publicly available passwords to test the strength of any password.

German cyber agency scolds Yahoo for not cooperating with investigation

YahooPassword

Germany’s federal cyber breach agency, BSI, claims Yahoo’s Europe, Middle East, and Africa units had not cooperated with its investigation into a series of hacks that compromised more than one billion email users between 2013 and 2016. According to Fortune, a BSI spokesman said they decided to go public after Yahoo “refused to give the BSI any information and referred all questions to the Irish Data Protection Commission, without, however, giving it the authority to provide information to the BSI.”

Macron’s private documents released just days before the French presidential election

Ahead of last weekend’s French presidential election, a huge batch of private documents belonging to Emmanuel Macron was released to the public. A 9GB cache was posted to Pastebin and shared on 4chan, according to Infosecurity Magazine. The now president elect’s campaigned called the leaks “massive coordinated hacking,” although no one has yet to claim responsibility.

Breach Alerts

Thousands of medical records exposed in a New York hospital data breach

The medical records of at least 7,000 patients were compromised in a data breach at Bronx Lebanon Hospital Center in New York. According to NBC News, the leaked data spanned from 2014 to 2017 and exposed names, home addresses, addiction histories, religious affiliations, and mental health and medical diagnoses. A security researcher told NC News that a “misconfigured Rsync backup server hosted by iHealth” was the cause of the leak.

Hacker Steals 77 Million Edmodo User Accounts

According to EdSurge, a hacker compromised 77 million user accounts from Edmodo, a social learning platform used widely in K-12 schools around the world. “We have no indication at this time that any user passwords have been compromised, and we want to let everyone know that we are working with law enforcement,” the company said in a statement. Compromised data includes usernames, email addresses and hashed passwords, and is apparently up for sale on the dark web.

One in 10 data breaches discovered in 2016 had gone undetected for more than a year

1 in 10 data breaches that took place in 2016 went unnoticed for at least a year, according to Verizon’s 2017 Data Breach Investigations Report. Quartz also noted that more than a quarter of those data breaches resulting from espionage, PoS intrusions, and privilege misuse took months or longer to unveil. In addition, nearly two-thirds of data breaches discovered within a few days–or less–were “incidents that are easy to catch, like physical theft or administrative accidents.”

Dashlane News You Shouldn’t Snooze

Dashlane makes headlines around the U.S.

Dashlane and our CEO Emmanuel Schalit have appeared in several publications and live broadcasts this week. Did you tune in? If not, here’s what you missed:

  • Dashlane was highlighted in an article on CSO Online about security keys and Dashlane’s support of FIDO U2F.  
  • Dashlane CEO Emmanuel Schalit was interviewed on KTLA Morning News with online security tips for consumers. That segment was also broadcasted to local Fox news affiliates around the country.
  • Dashlane was featured in a report in ValueWalk on how to protect the cybersecurity of one’s home without spending a lot of money.

This Week’s Lifehack to Improve Your Security

If you’re a Dashlane user, struggling with passwords may be a thing of the past. But millions of Americans are suffering from “password overload” and have said one or more of the quotes above. In our latest blog post, we explain what it is, share data from our recent Harris poll study, and offer a simple cure for anyone suffering from password overload.