Disqus Security Alert: User Info Breach

I guess it’s time to change your Disqus password.

Yesterday, on October 5th, we were alerted to a security breach that impacted a database from 2012. While we are still investigating the incident, we believe that it is best to share what we know now. We know that a snapshot of our user database from 2012, including information dating back to 2007, was exposed. The snapshot includes email addresses, Disqus user names, sign-up dates, and last login dates in plain text for 17.5MM users. Additionally, passwords (hashed using SHA1 with a salt; not in plain text) for about one-third of users are included.

Notice of 2013 We Heart It Data Breach

If you have a We Heart It account you might want to update your password too.

On October 11, 2017, we were alerted to a possible security breach involving account information for over 8 million accounts that had occurred several years ago. We immediately began an investigation to verify the information and are writing this post to inform the community of our findings to date, and the immediate actions we are taking to further protect your data.

Equifax website borked again, this time to redirect to fake Flash update

Equifax still struggles, it looks like their site redirects to fake Flash update scams.

For several hours on Wednesday, and again early Thursday morning, the site was maliciously manipulated again, this time to deliver fraudulent Adobe Flash updates, which when clicked, infected visitors’ computers with adware that was detected by only three of 65 antivirus providers.Apparently, rival TransUnion also sends site visitors to malicious pages.

Accidental Dow Jones News Report Claims Google to Buy Apple for $9 Billion

This is what happens when you’re not careful when testing.

The Dow Jones newswire reported some mind-blowing news this morning: Google is acquiring Apple for the relatively paltry price of $9 billion, thanks to an agreement revealed in Steve Jobs’ will. But the news — and the multiple alerts that the newswire blasted out — were bogus.

Holding the powerful accountable, using data

Great piece about data and investigative journalism, and how it can be used to keep the powerful in check.

It is referred to as one of the main goals of modern journalism, and yet, in many parts of the world, holding the powerful accountable causes a great amount of threats and challenges. How do you go about investigating corruption and finding the data that your government or powerful individuals want to keep hidden? What issues do most data journalists face when working on such investigations and how do they tackle them?

Technology / AI / Blockchain

SAGE: an artificially intelligent band recommender

Gotta love when the underground music scene is where brilliant minds come up with insane AI projects (very technical piece of reading).

We’ve been able to leverage publicly available data about communal listening habits across over 200,000 bands and developed a novel model for finding new music. The model has been able to learn fairly robust mathematical representations of bands that preserves their “context”: bands that share members, have similar tempos, are lyrically and thematically related, tend to cluster together in the embedded space. This enables the user to define taste profiles capturing what they do and don’t like, and that corresponds to a well-defined set of mathematical operations on the embedded representations of bands.

Playbook for Testing Chatbots

If you’ve been experimenting with chatbots I’m sure you’ve been through the painful process of testing your bots. This project might be able to help you structure your tests.

Chatbottest is an open source Playbook of 120 questions (and counting) that you can use for free to test your chatbot and its UX. Similar to what you get with an Heuristic Evaluation on traditional interfaces, with this guide you will be able to find out what users will expect from their interaction.

Development / Design / DIY projects

8-Point Grid: Vertical Rhythm

Discover the 8-point grid, a powerful system for creating consistent and visually appealing user interfaces.

Bits and pieces

Apparently OxygenOS (the custom version of the Android operating system that comes installed on all OnePlus smartphones) is tracking usersactions without anonymizing data. Speaking of phones, don’t get fooled by this malicious Apple ID popup that will steal your password.

See how a cybersecurity researcher has found a way to abuse WhatsApp’s ‘online status’ feature to spy and monitor on people’s sleeping patterns. Also check out the Absurdly Underestimated Dangers of CSV Injection.

Read more about how Your Data is Being Manipulated and see why company culture makes or breaks remote work.