Author: azeeadmin

Another day, another announcement from Facebook that it has failed to protect your personal information. Were you one of the 50 million (and likely far more, given the company’s graduated disclosure style) users whose accounts were completely exposed by a coding error in play for more than a year? If not, don’t worry — you’ll get your turn being failed by Facebook . It’s incapable of keeping its users safe.

Facebook has proven over and over again that it prioritizes its own product agenda over the safety and privacy of its users. And even if it didn’t, the nature and scale of its operations make it nearly impossible to avoid major data breaches that expose highly personal data.

For one thing, the network has grown so large that its surface area is impossible to secure completely. That was certainly demonstrated Friday when it turned out that a feature rollout had let hackers essentially log in as millions of users and do who knows what. For more than a year.

This breach wasn’t a worst case scenario exactly, but it was close. To Facebook it would not have appeared that an account was behaving oddly — the hacker’s activity would have looked exactly like normal user activity. You wouldn’t have been notified via two-factor authentication, since it would be piggybacking on an existing login. Install some apps? Change some security settings? Export your personal data? All things a hacker could have done, and may very well have.

This happened because Facebook is so big and complicated that even the best software engineers in the world, many of whom do in fact work there, could not reasonably design and code well enough to avoid unforeseen consequences like the bugs in question.

I realize that sounds a bit hand-wavy, and I don’t mean simply that “tech is hard.” I mean that realistically speaking, Facebook has too many moving parts for the mere humans that run it to do so infallibly. It’s testament to their expertise that so few breaches have occurred; the big ones like Cambridge Analytica were failures of judgment, not code.

A failure is not just inevitable but highly incentivized in the hacking community. Facebook is by far the largest and most valuable collection of personal data in history. That makes it a natural target, and while it is far from an easy mark, these aren’t script kiddies trying to find sloppy scripts in their free time.

Facebook itself said that the bugs discovered Friday weren’t simple; it was a coordinated, sophisticated process to piece them together and produce the vulnerability. The people who did this were experts, and it seems likely that they have reaped enormous rewards for their work.

The consequences of failure are also huge. All your eggs are in the same basket. A single problem like this one could expose all the data you put on the platform, and potentially everything your friends make visible to you as well. Not only that, but even a tiny error, a highly specific combination of minor flaws in the code, will affect astronomical numbers of people.

Of course, a bit of social engineering or a badly configured website elsewhere could get someone your login and password as well. This wouldn’t be Facebook’s error, exactly, but it is a simple fact that because of the way Facebook has been designed — a centralized repository of all the personal data it can coax out of its users — a minor error could result in a total loss of privacy.

I’m not saying other social platforms could do much better. I’m saying this is just another situation in which Facebook has no way to keep you safe.

And if your data doesn’t get taken, Facebook will find a way to give it away. Because it’s the only thing of value that they have; the only thing anyone will pay for.

The Cambridge Analytica scandal, while it was the most visible, was only one of probably hundreds of operations that leveraged lax access controls into enormous data sets scraped with Facebook’s implicit permission. It was their job to keep that data safe, and they gave it to anyone who asked.

It’s worth noting here that not only does it only take one failure along the line to expose all your data, but failures beyond the first are in a way redundant. All that personal information you’ve put online can’t be magically sucked back in. In a situation where, for example, your credit card has been skimmed and duplicated, the risk of abuse is real, but it ends as soon as you get a new card. For personal data, once it’s out there, that’s it. Your privacy is irreversibly damaged. Facebook can’t change that.

Well, that’s not exactly right. It could, for example, sandbox all data older than three months and require verification to access it. That would limit breach damage considerably. It could also limit its advertising profiles to data from that period, so it isn’t building a sort of shadow profile of you based on analysis of years of data. It could even opt not to read everything you write and instead let you self-report categories for advertising. That would solve a lot of privacy issues right there. It won’t, though. No money in that.

One more thing Facebook can’t protect you from is the content on Facebook itself. The spam, bots, hate, echo chambers — all that is baked on in. The 20,000-strong moderation team they’ve put on the task is almost certainly totally inadequate, and of course the complexity of the global stage and all its cultures and laws ensures that there will always be conflict and unhappiness on this subject. At the very best it can remove the worst of it after it’s already been posted or streamed.

Again, it’s not really Facebook’s fault exactly that there are people abusing its platform. People are the worst, after all. But Facebook can’t save you from them. It can’t prevent the new category of harm that it has created.

What can you do about it? Nothing. It’s out of your hands. Even if you were to quit Facebook right now, your personal data may already have been leaked and no amount of quitting will stop it from propagating online forever. If it hasn’t already, it’s probably just a matter of time. There’s nothing you, or Facebook, can do about it. The sooner we, and Facebook, accept this as the new normal, the sooner we can get to work taking real measures toward our security and privacy.

Former Facebook VP of News Feed and recently appointed Instagram VP of Product Adam Mosseri has been named the new head of Instagram. “We are thrilled to hand over the reins to a product leader with a strong design background and a focus on craft and simplicity — as well as a deep understanding of the importance of community” Instagram’s founders Kevin Systrom and Mike Krieger write. “These are the values and principles that have been essential to us at Instagram since the day we started, and we’re excited for Adam to carry them forward.”

Instagram’s founders announced last week that they were resigning after sources told TechCrunch the pair had dealt with dwindling autonomy from Facebook and rising tensions with its CEO Mark Zuckerberg. The smiling photo above seems meant to show peace has been restored to Instaland, and counter the increasing perception that Facebook breaks its promises to acquired founders.

Mosseri’s experience dealing with the unintended consequences of the News Feed such as fake news in the wake of the 2016 election could help him predict how Instagram’s growth will affect culture, politics, and user well-being. Over the years of interviewing him, Mosseri has always come across as sharp, serious, and empathetic. He comes across as a true believer that Facebook and its family of apps can make a positive impact in the world, but congniscent of the hard work and complex choices required to keep them from being misused.

Born and raised in New York, Mosseri started his own design consultancy while attending NYU’s Gallatin School Of Interdisciplinary Study to learn about media and information design. Mosseri joined Facebook in 2008 after briefly working at a startup called TokBox. Tasked with helping Facebook embrace mobile as design director, he’s since become part of Zuckerberg’s inner circle of friends and lieutenants. Mosseri later moved into product management and oversaw Facebook’s News Feed, turn it into the world’s most popular social technology and the driver of billions in profit from advertising.

After going on parental leave this year, he returned to take over the role of Instagram VP of Product Kevin Weil as he move to Facebook’s blockchain team. A source tells TechCrunch he was well-received and productive since joining Instagram, and has gotten along well with Systrom. Mosseri now lives in San Francisco, close enough to work from both Instagram’s city office and South Bay headquarters.

“The impact of their work over the past eight years has been incredible. They built a product people love that brings joy and connection to so many lives” Mosseri wrote about Instagram’s founders in an…Instagram post. I’m humbled and excited about the opportunity to now lead the Instagram team. I want to thank them for trusting me to carry forward the values that they have established. I will do my best to make them, the team, and the Instagram community proud.”

Mosseri will be tasked with balancing the needs of Instagram such as headcount, engineering resources, and growth with the priorities of its parent company Facebook, such as cross-promotion to Instagram’s younger audience and revenue to contribute to the corporation’s earnings reports. Some see Mosseri as more sympathetic to Facebook’s desire than Instagram’s founders, given his long-stint at the parent company and his close relationship with Zuckerberg.

The question will be whether users will end up seeing more notifications and shortcuts linking back to Facebook, or more ads in the Stories and feed. Instagram hasn’t highlighted the ability to syndicate your Stories to Facebook, which could be boon for that parallel product. Instagram Stories now has 400 million daily users compared to Facebook Stories and Messenger Stories’ combined 150 million users. Tying them more closely could seem more content flow into Facebook, but it might also make users second guess whether what they’re sharing is appropriate for all of their Facebook friends, which might include family or professional colleagues.

Mosseri’s most pressing responsibility will be reassurring users that the culture of Instagram and its app won’t be assimilated into Facebook now that he’s running things instead of the founders. He’ll also need to snap into action to protect Instagram from being used as a pawn for election interference in the run-up to the 2018 US mid-terms.

Earlier this year, we heard rumors that Google was working on a game-streaming service. It looks like those rumors were true. The company today unveiled “Project Stream,” and while Google calls this a “technical test” to see how well game streaming to Chrome works, it’s clear that this is the foundational technology for a game-streaming service.

To sweeten the pot, Google is launching this test in partnership with Ubisoft and giving a limited number of players free access to Assassin’s Creed Odyssey for the duration of the test. You can sign up for the test now; starting on October 5, Google will invite a limited number of participants to play the game for free in Chrome.

As Google notes, the team wanted to work with a AAA title because that’s obviously far more of a challenge than working with a less graphics-intense game. And for any game-streaming service to be playable, the latency has to be minimal and the graphics can’t be worse than on a local machine. “When streaming TV or movies, consumers are comfortable with a few seconds of buffering at the start, but streaming high-quality games requires latency measured in milliseconds, with no graphics degradation,” the company notes in today’s announcement.

If you want to participate, though, you’ll have to be fast. Google is only taking a limited number of testers. Your internet connection has to be able to handle 25 megabits per second and you must live in the U.S. and be older than 17 to participate. You’ll also need both a Ubisoft and Google account. The service will support wired PlayStation and Xbox One and 360 controllers, though you can obviously also play with your mouse and keyboard.

While it remains to be seen if Google plans to expand this test and turn it into a full-blown paid service, it’s clear that it’s working on the technology to make this happen. And chances are Google wouldn’t pour resources into this if it didn’t have plans to commercialize its technology.

Ben Ling has filed to raise up to $60 million for a new fund called Bling Capital. Bling has long been Ling’s nickname both professionally and among friends.

The early Facebook executive is still a general partner at Khosla Ventures, the firm confirmed this morning. We’ve reached out to Ling for comment.

Ling was Facebook’s director of platform from 2007 to 2008. After stints at YouTube, Google and Badoo, where he was COO, Ling began his career in venture capital at Khosla in 2013.

Ling started out strong, leading a number of deals for the firm in 2013, including rounds for ThirdLove and Zenefits, but has since pulled back substantially, according to data from both Crunchbase and PitchBook. His most recent completed deal on record was a $5.5 million round for Bay Labs in December 2017. He joined the medical technology startup’s board as part of the deal.

Ling, who’s also on the boards of storytelling platform Wattpad, home security startup Canary and mobile commerce app Tapingo, hasn’t served as lead partner on any deals this year.

It’s worth noting that Khosla did participate in Plastiq’s $27 million Series C. No lead partner was disclosed, but because Ling has previously led the firm’s investments in the business expense platform and he serves on its board of directors, it’s likely he led the most recent deal as well.

In March, Khosla joined a growing list of firms targeting billion-dollar-plus funds to keep up with SoftBank’s enormous pool of capital when it filed to raise $1.4 billion across a pair of new VC funds.

Google today announced a number of upcoming changes to how Chrome will handle extensions that request a lot of permissions, as well as new requirements for developers who want to publish their extensions in the Chrome Web Store.

It’s no secret that, no matter which browser you use, extensions are one of the main vectors that malicious developers use to gain access to your data. Over the years, Google has improved its ability to automatically detect malicious extensions before they ever make it into the store. The company has also made quite a few changes to the browser itself to ensure that extensions can wreak havoc once they have been installed. Now, it’s taking this a bit further.

Starting with Chrome 70, users can restrict host access to their own custom list of sites. That’s important because, by default, most extensions can see and manipulate any website you go to. Whitelists are hard to maintain, though, so users can also opt to only provide an extension with access to the current page after a click.

“While host permissions have enabled thousands of powerful and creative extension use cases, they have also led to a broad range of misuse – both malicious and unintentional – because they allow extensions to automatically read and change data on websites,” Google explains in today’s announcement.

Any extensions that request what Google calls “powerful permissions” will now also be subject to a more extensive review process. In addition, Google will also take a closer look at extensions that use remotely hosted code (since that code could be changed at any time, after all).

As far as permissions go, Google also notes that in 2019, it’ll introduce new mechanisms and more narrowly scoped APIs that will reduce the need for broader permissions and that will give users more control over the access that they grant to their extensions. Starting in 2019, Google will also require two-factor authentication for access to Chrome Web Store developer accounts to make sure that a malicious actor can’t take over a developer’s account and publish a hacked extensions.

While that change is still a few months out, starting today, developers are no longer allowed to publish extensions with obfuscated code. By default, obfuscated code isn’t a bad thing. Developers often use this method of scrambling their JavaScript source code to hide their code, which would otherwise be in clear text and easy to steal. That also makes it very hard to figure out what exactly the code does and 70 percent of malicious extensions and those that try to circumvent Google’s policies use obfuscated code. Google will remove all existing extensions with obfuscated code in 90 days.

it’s worth noting that developers will still be allowed to minify their code to remove whitespace, comments and newlines, for example.

Crypto and blockchain enthusiasts have been railing for years against the centralized world of banks, but many have been doing so from the privileged vantage point of developed countries. But what if blockchain technology turned out to be most revolutionary in emerging economies?

Take Africa for instance. Consumers in those countries became so frustrated with the banking fees imposed on their transactions every time the wanted to merely top up their mobile airtime, that airtime minutes alone actually became a form of money. Banking in the way it’s been developed for the developed world simply does not work when a transaction to top up a phone can cost more than the airtime itself.

South African-based startup Wala realised this early on. It had developed a smartphone app which acted like a wallet, facilitating customer transactions via the app with existing banking infrastructure. But the high banking fees for nearly every function was hurting Wala’s customer base and the company’s early business model as a mobile wallet for the smartphone generation.

They needed a Zero-fee solution, but the existing financial system just didn’t work. That’s when they realized they could switch to a cryptocurrency and allow payments across a peer-to-peer network for merchants, offering airtime, data, electricity bills – even the ability to pay school fees.

Today Wala, which raised $1.2 million selling ethereum-based “$DALA” tokens in an initial coin offering (ICO) in December last year, is facilitating thousands of transactions in daily accounts across Uganda, Zimbabwe and South Africa, with most of those are micropayments under $1.

Since the launch of their $DALA currency in May 2018 (currently accessible through the Wala mobile application) over 100,000 $DALA wallets have been opened and over 2.5 million $DALA transactions have been processed, says the company. The multi-chain crypto asset – at least right now – uses Ether for the wallet and Stellar for transactions, though it is not locked to any one platform.

Through $DALA protocols (Kopa, Soko and Kazi), consumers have access to borderless, low cost, efficient, and unique financial services enabling them to earn, save, borrow, and transact in a new, decentralized, financial system.

But Wala does not plan to stop there.

Today, Dala, announces it has partnered with a  gigawatt-scale solar program for Uganda to create a blockchain-enabled clean energy economy.

Here’s how it’s going to work:

Long-time energy company CleanPath Emerging Markets Uganda (CPEM) is partnering with the Ugandan Government and the Ugandan Ministry of Energy and Mineral Development on the project which will mean Ugandans are able to buy solar energy using $DALA from this massive new infrastructure project.

CPEM will use the DALA blockchain platform to manage its ledger, its vendor contracts, and its partner commitments. The company has over 11,000 MWs of renewable energy experience already under its belt.

The $1.5 billion program aims to create a new clean energy economy in Uganda, not only creating employment and kick-starting a clean energy economy but new economic development in Uganda. Ugandan consumers will be able to buy solar power in $DALA, workers to be paid in $DALA and the program will even run on $DALA.  

Tricia Martinez, Wala cofounder and CEO, told me at the recent Pathfounder event in Oslo: “The numbers we’ve seen since the launch of $DALA have been staggering, and a large portion of our current users are Ugandan, so this partnership is a natural next step to allow users the opportunity to further benefit from using $DALA. The high level of user traffic also shows us that Ugandans are ready to use crypto assets in their day-to-day transactions.”

But the story wouldn’t have come about without an enlightened African Prince who could have stepped straight out of the mythical kingdom of Wakanda, as featured in the recent smash hit Black Panther movie.

For the founder of CPEM is Prince Kudra Kalema of the Bugandan Kingdom (a Ugandan royal family), whose ancestry goes back to at least the 14th Century. Buganda is now a kingdom monarchy with a large degree of autonomy from the Ugandan state.

“We’re truly excited about this program and our partnership with Dala”, says Prince Kudra Kalema of the Buganda Kingdom, who is also Managing Partner and Co-Founder at CP-EM. “By providing Ugandans with an opportunity to access clean energy through $DALA, we’re fostering a more inclusive decentralized financial system not possible with legacy technologies.”

In an exclusive interview with TechCrunch, Prince Kalema told me: “My family considers itself to be the custodian of the land, and I have been searching for about a decade to find solutions that would improve the country. But what could we work on when people couldn’t even switch their lights on?”

It became obvious to him that the biggest issue was affordable electricity. And to do it in a renewable way, and it had to be solar. Microgrids turned out not to be the solution. And it had to be at scale.

But the question is, why did he hit on cryptocurrency?

“We began using the $DALA protocol because it became very clear that the financial structure in Uganda was not adequate. It was clear we needed something. There is no way the Uganda Shilling is stable enough for the type of programme we are doing. Wala was already invested in the same country and wasn’t just about the idea of a running a crypto coin in an emerging market, but was also about creating the best type of financial institutions for the country. That goes hand in hand with what we are doing. It became a no-brainer.”

He says the $DALA crypto combined with his solar project will be much easier to run in Uganda than in countries like the US: “Over 80% of Ugandans are under 35, and very well educated. I don’t like the term leap-frogging, but this is what this is. They don’t have to unlearn anything that was there before. They are eager to figure out and learn about a solution that will help them. When you look at how quickly mobile money was adopted by Ugandans — it became powerful not because it was imposed but because people yearned for it. Ugandans are saying that what we have right now does not work. The banking transaction fees, the cost of remittances… — it’s difficult for them to be enthusiastic about something they know doesn’t work already.”

Uganda continues to be a market hungry to adopt new technology, and the recent announcement that Binance is launching a fiat to crypto exchange in the country is a recent example of this.

He added: “Uganda has always been at the forefront of these types of things. Even before we were a protectorate of the British Empire, Uganda was part of the region where people would travel to find out how to deal with things in Africa. We had an intricate tribal system. The British didn’t invade, they made it a protectorate because of this.”

The details of the plan are ambitious. Prince Kalema’s CPEM plans to create a gigawatt-scale solar power development program in Uganda providing clean energy to 25% of the population and creating 200,000 new jobs in the clean energy economy. 

The program would more than double the current electricity generation capacity in Uganda (equivalent of about 2 average US coal power plants) where 75% of the UG population has no access to energy.

By using $DALA Ugandans will be able to consume energy at zero transaction fees, use it for everyday purchases, and also convert it back to fiat Ugandan currency via agents/merchants and cryptocurrency exchanges.

It will even allow CPEM and the government of Uganda to make grants of free power available to the poorest, while keeping a completely auditable and tamper-proof record of these grants. 

The story of how a small startup came to take African markets by storm begins in 2014.

Initially backed by angel investor and a social-impact VC (Impact Engine) in the US, Tricia Martinez’s Wala (pictured above) joined the Barclays Techstars Accelerator in London in 2016. It later set up shop in Cape Town, South Africa and started growing its team (it’s now at a total of 12 staff).

Not long after, South African VC Newtown Partners invested and Wala then issued the $DALA crypto-asset and set up the Dala foundation. It’s perhaps no coincidence that Newtown is headed-up by Vinny Linghams (of the well-known Civic and ethereum-based, project).

Martinez is passionate that cryptocurrency is going to be the solution emerging markets like Africa have wanted and needed for years: “The fact that the unit of account and store of value for this program is $DALA proves its utility and shows its potential to become a preferred financial system across emerging markets. We’re excited to be involved from the ground-level and look forward to playing our part in creating a just and accessible financial system for consumers.”

She says both the Prince and the Ugandan government “needed a partner that can help drive the financial inclusion to get them into a more efficient digital system. That’s when they heard about us. When we started talking we both saw the opportunity to actually build an entire ecosystem built on a crypto asset.”

“So it’s not just that consumers are buying that energy cryptocurrency, but the workers who are building our energy grids will get paid in it. So they’ve become very passionate about blockchain especially from the energy perspective, to create transparency. Working with the government to create more accountable records of what they’re building out could even reduce the potential for corruption.”

As Martinez points out: “In the hands of over 100,000 users in Uganda, already people are purchasing their electricity needs, products and services. The goal with this project is for people who are getting the energy to be able to then tap into all these other services that we offer. We’re also going to be launching cashing agents so that people can go to those mobile money agents around the corner to cash in and cash out to their wallet.”

It’s clearly a big project. Some observers will see the words ‘Uganda and Cryptocurrency’ in the same sentence and no doubt come out with some kind of trite, dismissive, assessment.

But Wala’s experience on the ground — and it cannot be emphasized enough how important that is, compared to the armchair commentators at most blockchain conferences in the Western world — combined with the hunger of an emerging nation, a passionate Prince and the ingenuity of its people should not be underestimated.

Bespoke Post says it has more than 100,000 subscribers signed up to receive a monthly “box of awesome” (that’s what it calls its bundles of curated men’s products). Next up: Creating brands and products of its own.

It’s a common move for retailers and ecommerce companies to launch their own brands, but it sounds like Bespoke Post isn’t just looking to create generic versions of stuff you’re already buying.

Instead, it says its “brand development studio” the Foundry will identify opportunities for men’s products that don’t exist, work with manufacturers to create those products and improve them with feedback from Bespoke Post customers.

The company is also unveiling its first new brand, Base Light, which creates grooming products for men, starting with a line of bar soaps. How is this different from any other soap? Bespoke Post says the bars are handmade in the United States, without “harsh” ingredients like synthetic dyes, parabens, sulfates or phthalates.

Base Light soaps are available for purchase individually, or as part of the company’s Refresh Grooming Box. There are also plans to launch Base Light-branded face wash, face scrub, face moisturizer, shampoo, conditioner, body wash and beard oil products this fall.

“Each month, we deliver hundreds of thousands of unique box experiences filled with everything from apparel and grooming products to home goods and cocktail kits,” said Bespoke Post co-founder Rishi Prabhu in the announcement. “We know the kinds of products our customers will love and can spot market opportunities for products that don’t exist yet.”

Bespoke Post says it will also launch brands in categories like homeware, apparel and shoe care.

Just when you thought you were safe from IoT on your keyboard Das Keyboard has come out with the 5Q, a smart keyboard that can send you notifications and change colors based on the app you’re using.

These kinds of keyboards aren’t particularly new – you can find gaming keyboards that light up all the colors of the rainbow. But the 5Q is almost completely programmable and you can connect to the automation services IFTTT or Zapier. This means you can do things like blink the Space Bar red when someone passes your Nest camera or blink the Tab key white when the outdoor temperature falls below 40 degrees.

You can also make a key blink when someone Tweets which could be helpful or frustrating:

The $249 keyboard is delightfully rugged and the switches – called Gamma Zulu and made by Das Keyboard – are nicely clicky but not too loud. The keys have a bit of softness to them at the half-way point so if you’re used to Cherry-style keyboards you might notice a difference here. That said the keys are rated for 100 million actuations, far more than any competing switch. The RGB LEDs in each key, as you can see below, are very bright and visible but when the keys lights are all off the keyboard is completely unreadable. This, depending on your desire to be Case from Neuromancer, is a feature or a bug. There is also a media control knob in the top right corner that brings up the Q app when pressed.

The entire package is nicely designed but the 5Q begs the question: do you really need a keyboard that can notify you when you get a new email? The Mac version of the software is also a bit buggy right now but they are updating it constantly and I was able to install it and run it without issue. Weird things sometimes happen, however. For example currently my Escape and F1 keys are now blinking red and I don’t know how to turn them off.

That said, Das Keyboard makes great keyboards. They’re my absolute favorite in terms of form factor and key quality and if you need a keyboard that can notify you when a cryptocurrency goes above a certain point or your Tesla stock is about to tank, look no further than the 5Q. It’s a keyboard for hackers by hackers and, as you can see below, the color transitions are truly mesmerizing.

Canadian internet provider Altima Telecom has fixed a flaw in its website that could have given an attacker full access to its customer database.

The customer database was connected to the company’s website, but could be remotely accessed with a blind SQL injection attack. Daley Borda, founder of Underdog Security, found the bug and reported it to TechCrunch, which we passed on to Altima.

Altima Telecom bills itself as one of the largest, independent Canadian internet service providers, serving Montreal and Toronto.

The database contained 427 tables, containing millions of records on customers — including billing data, support tickets, and other user data, according to Borda. Although the researcher could probe the database by entering commands into his browser’s address bar, he said that a malicious attacker could easily dump its contents and download the entire database.

He also found several database columns storing credit card data, including card numbers, expiry dates, security codes, and addresses.

When reached, Altima’s chief executive Frank Yang told TechCrunch that the database was protected using an encryption key management service. But when we asked several security researchers about the flaw, they said that a successful injection attack would appear as a request from a legitimate user.

“We really appreciate you and the security researcher bringing this to our attention,” said Yang. “We are taking this matter very seriously.”

It’s a surprisingly simple flaw that could have caused significant damage — even for a mid-sized ISP. Altima’s exposure is the latest in a string of security incidents at internet providers. Comcast has patched several flaws that allowed improper access to customer data. New York cable provider RCN recently admitted to storing customer passwords in plaintext.

UK members of parliament have once again called for Facebook’s founder, Mark Zuckerberg, to travel to the country to face questions about how his business operates.

They’re renewing calls for facetime with the Facebook CEO in light of the massive data breach it disclosed on Friday — which the company said could affect as many as 90 million users, with 50M confirmed to have been compromised. It’s not clear exactly how many UK (or European) accounts are involved at this stage.

Facebook said on Friday that it had fixed the flaws, which were introduced after an update in July, and had been exploited by hackers to swipe access tokens. Attackers had been able to use its APIs to scrape some user data, it also said. It reset all potentially affected tokens once it discovered the hack late last month.

Damian Collins, who chairs a UK parliamentary select committee which, earlier this year, spent several months this year interrogating data protection issues, and recently called for a levy on social media platforms to help defend democratic institutions from online disinformation, told the Telegraph: “Facebook’s latest data breach demonstrates more clearly than ever why Mark Zuckerberg should face public scrutiny about the practices and policies his company employs to keep British users’ data safe.”

Julian Knight, another member of the committee, also said: “It would be helpful to hear from Mr Zuckerberg, but I won’t be holding my breath.”

Earlier this year MPs on the Department for Digital, Culture, Media and Sport (DCMS) select committee appealed for Zuckerberg to personally give evidence as they scrutinized the impact of online disinformation on democractic processes. However Facebook repeatedly declined to send its founder — instead sending some alternative staffers, including — finally — its CTO.

The committee was not satisfied, complaining that the reps it sent were unable to answer their questions. Collins also slammed the company for what he described as an evasive “pattern of behaviour” — and “a desire to hold onto information and not disclose it”.

It also kept up its pressure for Zuckerberg to testify — offering the chance for him to answer questions remotely, via video link. Still Facebook declined.

In May, in a pretty extraordinary development, the DCMS committee then told Facebook that if its founder stepped foot on UK soil they would issue him with a formal summons.

Safe to say, Zuckerberg made no trips to the UK, although he did attend a meeting of the EU parliament’s conference of presidents towards the end of May (where he was heckled for also avoiding MEPs’ questions).

Given his record of rejecting invitations from the UK parliament, it seems unlikely the company will suddenly offer its CEO up now — to discuss an awkward security breach to boot.

Though Facebook’s lack of engagement with UK politicians might make the government keener to seize on the committee’s recommendation of a social media levy to offset damage caused by tech platforms’ accelerating online disinformation.

We’ve reached out to Facebook with questions and will up date this story with any response.

The data breach is the first that falls clearly under new EU-wide privacy rules which carry beefed up penalties for violations.

On Friday, in a statement commenting on the Facebook hack, the UK’s data protection agency said: “It’s always the company’s responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers. We will be making enquiries with Facebook and our overseas counterparts to establish the scale of the breach and if any UK citizens have been affected.”

The company does appear to have abided by the requirements of GDPR to report major breaches within 72 hours of discovery.