Facebook has been logging hundreds of millions of user passwords in plain text for years on internal servers that were reportedly searchable by more than 20,000 Facebook employees, Brian Krebs said yesterday. Facebook said in a blog post that it plans to "notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users" that their passwords were stored this way.
Finland's data protection ombudsman is investigating a potential data breach violation following a report that some Nokia 7 Plus smartphones developed by HMD Global were transmitting sensitive data to a Chinese server. NRK reported yesterday that every time one of the phones was switched on or the screen was unlocked, it sent an unencrypted data packet containing the phone's geographic location, SIM card number, and serial number to a server belonging to China's state-owned telecommunications company. HMD Global, a Finnish company that develops the Nokia-branded phones, told Reuters this was due to a glitch in the phone activation software which was patched last month.
Over 100,000 GitHub repos have leaked API tokens and cryptographic keys, according to ZDNet. Researchers from North Carolina State University scanned millions of public GitHub repositories looking for text strings that resembled API tokens or keys, and discovered more than 200,000 exposed keys spread across more than 100,000 projects.
The US Department of Homeland Security warned that the protocol used in certain Medtronic cardiac devices can be easily hacked from up to twenty feet away.