Category: UNCATEGORIZED

A cryptocurrency loan startup exposed reams of customer credit cards and user transactions for almost a month — because it forgot to protect the server with a password.

Security researchers Noam Rotem and Ran Locar found the database belonging to YouHodler, a lending platform designed for cryptocurrency, which claims to have processed $10 million in loans to more than 3,500 customers. The researchers shared their findings exclusively with TechCrunch, and to verify the authenticity of the data. The researchers also wrote up their findings.

Once the researchers reported the leaking data, the company pulled the database offline.

The database contained 86 million lines of daily updating records of the lending platform, containing streams of logs and computer commands based on users’ interactions on the front-end website. That also included sensitive information such as every time a transaction or a loan went through.

Among the records we reviewed, we found records with enough information to make fraudulent card purchases — such as names, transaction amounts, and credit card numbers, including card verification numbers (CVV) and expiry dates.

None of the data was encrypted.

Several other records seen by TechCrunch contained banking information, including names, addresses, bank account and routing numbers, SWIFT codes, and the transaction amount.

The database also contained customer phone numbers and in some cases passport numbers, according to the researchers.

“The amount of information included in the database makes stealing a users identity a simple task,” said Rotem and Locar.

Once the data had been secured, we reached out to YouHodler’s chief executive Ilya Volkov prior to publication but did not hear back.

It’s the latest exposed database in a stream of recent findings by the researchers in recent months.

The researchers have previously found data leaking on Fortune 500 firm Tech Data, exposed user records and private messages of Jewish dating app JCrush and leaking data from Canadian cell network Freedom Mobile, and online retailer Gearbest. Earlier in July, the researchers found an unprotected database belonging to Aavgo, which exposed user hotel bookings.

Read more:

• Aavgo security lapse exposed hotel bookings
• Fortune 500 giant Tech Data exposed customer and billing data
• Jewish dating app JCrush exposed user data and private messages
• Rela, a Chinese lesbian dating app, exposed 5 million user profiles
• At Blind, a security lapse revealed private complaints from Silicon Valley employees
• An unsecured SMS spam operation doxxed its owners
• Thousands of medical injury claim records exposed by ad agency

In a post on RED’s message board, founder Jim Jannard reasserted the company’s commitment to the disappointing Hydrogen One handset. It’s a distant memory now, but the pricey niche device was teased and delayed for months, only to be generally run through the ringer in reviews.

The camera module was one of various complaints with the device, and now RED’s placing the blame firmly at the feet of its ODM partner. In the post, Jannard notes that, while Foxconn has been a solid manufacturer, the design partner essentially blew it,

Our ODM, which was responsible for the mechanical packaging of our design including new technologies along with all software integration with the Qualcomm processor, has significantly under-performed. Getting our ODM in China to finish the committed features and fix known issues on the Hydrogen One has proven to be beyond challenging. Impossible actually. This has been irritating me to death and flooding our reactor.

Given the generally rough reviews for the $1,300 device, a lesser company would have no doubt abandoned the ship. Jannard and RED, however, are using the opportunity to double down. A new camera module (named “Komodo”), he notes, will be coming not only to the Hydrogen One, but a future Hydrogen Two.

“To that end,” he writes, “every Hydrogen One owner will get significant preferential treatment for the Hydrogen Two and/or new Cinema Camera model, both in delivery allocations and pricing.”

Given the time it took for the first gen to launch, it’s probably not worth holding one’s breath for the sequel. That said, the first handset is often the hardest, and creating a phone certainly presented a new paradigm for the high-end camera manufacturer, which is more accustom to building devices in house.

SpaceX is set to fly its CRS-18 resupply mission for the International Space Station later today (or tomorrow depending on weather). One big, important part of its cargo is the new International Docking Adapter built by Boeing, otherwise known as IDA-3. This new docking station will offer new types of standard ports that are designed to work with Boeing’s CST-100 Starliner and the SpaceX Crew Dragon, and any other ISS-destined spacecraft to follow.

Thanks to these new standard ports and sensor arrays found on the IDA-3, the new docking station will be able to dock with these new spacecraft autonomously, without any assistance required by astronauts on board the ISS. That’s a big upgrade from today, when the final docking procedure for spacecraft like the Dragon cargo capsule making the trip today typically involve astronauts making use of the space station’s Canadarm2 robotic arm to capture the capsule and bring it in for the final connection.

This is actually the second brand new docking adapter with this automated docking capability to be delivered to the International Space Station – the first, IDA-2, was installed in 2016 and was actually already used by SpaceX during its list uncrewed Dragon crew capsule test flight. That mission, Crew Dragon Demo-1, flew in March, with a successful docking procedure taking place with IDA-2 on March 3.

Canadarm2 actually gets a chance to shine with this delivery, however, since it’ll be used to unload IDA-3 and set it in place on the ISS’s Harmony module in preparation for its permanent installation, to be performed by astronauts via spacewalk later this year.

Once installed, IDA-3 will provide twice the automated docking capability for the ISS for future crewed mission, allowing for a lot more opportunities for future ISS missions  of all stripes.

In case you’re curious about the numbering, there was indeed an IDA-1 – this was the supposed to be the first docking port of its kind attached to the ISS, but it was destroyed when the Falcon 9 rocket for SpaceX’s CRS-7 resupply mission exploded due to a second-stage failure post-launch in 2015.

As part of the investigation against Facebook’s privacy lapses, the FTC announced today that it is suing Cambridge Analytica. The agency has already agreed to settlement with former Cambridge Analytica CEO Alexander Nix as well as app developer Aleksandr Kogan.

The Federal Trade Commission described the administrative complaint in a press release. It alleged that Cambridge Analytica and the app developer that worked with the company “employed deceptive tactics to harvest personal information from tens of millions of Facebook users for voter profiling and targeting.”

In particular, an app called GSRApp or “thisisyourdigitallife” took advantage of Facebook’s API to collect personal information without proper consent. The app collected profile data from 250,000 to 270,000 users located in the U.S. In addition to the answers to personality questions, the app collected page likes of those users.

But the app went one step further by collecting likes and personal information from the Facebook friends of those users. It represents 50 million to 65 million people, including at least 30 million people in the U.S.

While Cambridge Analytica, Nix and Kogan took advantage of Facebook’s generous API, they misled users of the app. And that’s what the FTC didn’t like.

“Almost half of the app users, however, originally refused to provide their Facebook profile information. To address this issue, the GSRApp began telling app users that it would not ‘download your name or any other identifiable information—we are interested in your demographics and likes.’

The FTC alleges, however, that this was false, and that the GSRApp in fact collected users’ Facebook User ID, which connects individuals to their Facebook profiles, as well as other personal information such as their gender, birthdate, location, and their Facebook friends list.”

Cambridge Analytica then allegedly used this data to generate personality scores and launch targeted advertising campaigns according to voter profiling.

Finally, according to the FTC, Cambridge Analytica complied with the EU-U.S. Privacy Shield framework, but the certification lapsed in May 2018. The FTC alleges that Cambridge Analytica failed to protect personal information from EU users after Cambridge Analytica stopped complying to the Privacy Shield.

Cambridge Analytica has filed for bankruptcy and couldn’t settle the FTC’s allegations. But its former CEO as well as the person who developed the malicious app have settled.

Going forward, they can’t make “false or deceptive statements regarding the extent to which they collect, use, share, or sell personal information, as well as the purposes for which they collect, use, share, or sell such information.”

And, of course, they have to delete all personal information they have collected through the GSRApp and projects related to that data set. The commission vote against Cambridge Analytica and for the settlement was 5-0.

If you want to learn more about Cambridge Analytica, Netflix released a documentary today about the Cambridge Analytica scandal.

At an event this week in Nigeria, Google introduced Gallery Go, a photo management and editing tool designed for offline use. The new offering joins a suite of Google apps created specifically for users in development markets, where solid online connections aren’t always a given.

Gallery Go works with devices running Android 8.1 (Oreo) and newer, taking up just 10 MB of storage space on a mobile device. The app uses similar machine learning tools as Google Photos to organize and mange images, but does so without requiring a constant connection. User can create folders and access images directly from an SD card with the app.

There’s a handful of simple editing tools on board as well here, including filters, auto enhance for quick fixes, rotate and crop. The app joins similar offerings from companies like Facebook, designed to open services to users in areas where handsets are prevalent computing devices, but mobile connections tend to be a bit more spotty.

It’s available now through the Play Store and will be available as the default gallery app on select devices starting next month.

Adam Nelson, an early Dropbox employee and partner at Social Capital, has today announced that he’s joined New York-based FirstMark Capital as a partner.

Nelson was actually born and raised here in New York City on the Upper East Side and moved out to the West Coast when he attended Stanford for his MBA. It was there that he felt the first spark of Silicon Valley inspiration, which ultimately led him to join Dropbox as an early employee.

There, Nelson led their partner network, helping mom-and-pop IT shops serving SMBs sell Dropbox products to their clients. He also worked on the revenue partnerships team, which was mostly focused on strategic business development with large flagship partners, such as Vodafone and Softbank, in international markets.

Nelson then moved on to Social Capital where he spent a few years investing in startups, with a portfolio that includes Slack, Clearbanc, WeeCare, and FareHarbor.

After some turmoil at the firm, Social Capital founder Chamath Palihapitiya changed the structure of the firm to become more of a holding company than a traditional VC firm.

Now, Nelson has landed at FirstMark Capital.

FirstMark is one of the most vital VC firms in New York city, with a portfolio that includes Shopify, Airbnb, Discord, DraftKings, Brooklinen, and Upwork. The firm has $1.6 billion under its management, and is known across the NYC ecosystem for its many events that bring startup founders and tech communities together.

The team at FirstMark includes Rick Heitzmann, Matt Turck, Amish Jani, and Beth Ferreira. Nelson said that, predominantly, the team was a big part of what attracted him to FirstMark.

Their reputation speaks for itself, not only as early investors in some of the most transformational companies of the last decade and the returns that come with it, but most notably as true partners to the entrepreneurs leading those companies. That sentiment was overwhelming in my conversations across their portfolio and was also reinforced as I’ve gotten to know the team over these last few months. Ultimately, the venture business all comes down people, and the team at FirstMark is the group I want to come to work with everyday to help advance the meaningful companies of the next decade.

So what is Nelson looking for?

Coming from private equity, Nelson has a particular curiosity when it comes to the disruption of more traditional industries such as logistics, education, and construction.

“I still think we’re in early innings,” said Nelson. “We’re seeing a lot of investment in finance, real estate, logistics, construction, and the labor markets that support those huge multi-trillion dollar revenue markets. But we’re still in the early stages of that.”

At his core, however, Nelson is still a software investor and has experience in building out an operational playbook and a go-to-market playbook that can be applied to larger industries.

One more consequence of the FTC’s investigation of Facebook, which culminated in a record $5 billion settlement announced today: it’s finally tightening another string in its privacy policy by cutting off access to friend data for Microsoft and Sony, the company announced today. It described having allowed them access up to now as “our mistake.”

Little by little, Facebook has been trickling out changes to how it handles its users’ personal data in the wake of a number of privacy breaches — not just the biggie involving Cambridge Analytica — and a subsequent investigation by regulators.

The announcement specifically impacting Microsoft and Sony comes as the company is also announcing a larger overhaul of its API. This will impact “dozens” of partners, the company said, which had been using it to build Facebook experiences on their own apps or devices “that should have been wound down.” (These integrations typically would have led to intentional — but often unintentional — sharing of contacts and synching of contacts between address books, apps and so on.)

The tech giants had been the last two remaining of a group of 12 select partners (others included Yahoo, which is owned by Verizon, which also owns us, as well as Spotify, Netflix and Blackberry) that had a particularly wide deal with the social network, in which they were allowed to access and use data relating to a users’ friend lists, in addition to data about the users themselves, when those users were logged into their services using their Facebook sign-ins.

“This was old code supporting known experiences for people, such as being able to use Facebook on an earlier generation PlayStation (PS3 or Vita) or to sync their friends’ contact information with another service,” explained Ime Archibon, Facebook’s VP of product partnerships, in a blog post. “Based on our previous commitments, we are ending these partners’ access to friend data immediately. This was our mistake, and we are correcting it.”

More to come. Refresh for updates.

 

Cann, a Los Angeles-based purveyor of CBD and THC-infused intoxicants, is rolling out its first major distribution through the venture-backed delivery service Eaze as it begins to hit the streets in California.

The company founded by two former Bain consultants is the latest to take on the growing market for non-alcoholic intoxicants that use a combination of chemicals traditionally found in the marijuana plant to make their drinks.

First dreamed up by Jake Bullock while attending business school at Stanford, Cann launched earlier this month at MedMen and is now selling its $30 multi-flavor six packs both in stores and through Eaze .

The beverages come with 2 milligram dose of THC and 5milligrams of CBD per can.

Bullock and his partner Luke Anderson met while both men were at Bain Consulting — and both have a background in consumer retail businesses. Bullock initially worked at the investment bank, Allen & Co., before moving over to Bain for consulting and finally settling in to a job at Bain Capital investing in the firm’s San Francisco-based private equity shop.

Anderson remained at Bain Consulting until Bullock pulled him away to start Cann.

Combining low doses of THC and CBD isn’t a new concept. K-Zen Beverages has raised $5 million from the investment firm DCM to roll out its line of intoxicants and California Dreamin is a Y Combinator backed intoxicant containing a whopping 10 milligrams of THC.

Bullock graduated from Stanford in 2018 and convinced Anderson to quit his job, the company raised cash through the fall and collected a cool $1.5 million for their venture.

Unlike other brands that are going for more fruity flavored beverages, Bullock and Anderson chose more herbaceous and floral flavors for their drinks –grapefuit and rosemary,  lemon and lavender and blood orange and cardamom (honestly, it seems they’d go well with alcohol rather than replace it).

“We’re really proud of it being an innovative flavor profile and really interesting with the microdose on THC,” says Anderson.  

Cash came in from tNavy Capital, a cannabis-focused hedge fund, and strategic angel investors like Bonobos co-founder, Brian Spaly, and Elizabeth Spaulding, the head of Bain & Co.’s digital practice.

For Eaze, which has stayed away from cannabis beverages, Cann seems to be a literal gateway for consumers who have been unwilling to try higher dosage drinks.

“They see this big blue ocean of future cannabis users that they haven’t accessed yet,” says Bullock. 

Younger consumers seem more willing to experiment with intoxicants other than traditional spirits these days and venture capital firms are buzzed by the possibility of returns like the ones reaped by the George Clooney-founded spirit company Casamigos (which sold for $1 billion).

Kin Euphorics, backed by KBW Ventures, Canaan, and Fifty Years is using chemicals other than cannabis to get that buzz, but most investors are looking at cannabis for the high and euphoria of intoxicating returns.

Cann, did a soft launch in June with a limited release across four MedMen stores in Los Angeles. “You start really small and notice what people are purchasing and what’s driving repurchasing,” says Anderson. “We had this fortunate problem of it flying off of the shelf with its packaging and flavor differentiation.”

And the company’s founders are also aware of the blatant injustice inherent in their ability to launch a drug distribution and delivery business in 2019 in Los Angeles when the city’s minority communities have been ravaged the criminal justice system for doing the same thing.

So far, the company has taken the step of reaching out to 4thMVMT, the organization founded by Karim Webb to bring entrepreneurialism and investment to communities that have been damaged by the “War on Drugs”.

“We talk to them pretty frequently,” says Bullock. “We’re hoping that their first class will take over all their dispensaries… But we have a standing offer for anyone who they send over to us.”

For both Bullock and Anderson their involvement in the cannabis industry also ties in to their own identities as gay men. “The role that cannabis played in the AIDS crisis, when the process to decriminalize was driven by the real need for that medicine,” says Anderson. “We’re early and it’s young, but part of the reason we launched the business was to make an impact in communities with our company.”

One of the major problems that technology companies working to find a cure for cancer need to solve is finding a safe, minimally invasive way to detect cancers early.

Almost all cancer screening will eventually require a biopsy, but determining whether that’s necessary in the early stages of cancer can mean the difference between life and death.

It’s one of the reasons why investors have spent hundreds of millions if not billions of dollars to find a reliable way to detect cancer from simple procedures like a blood draw. And why they’re investing over $160 million in the South San Francisco-based startup, Freenome. 

“If I could do it with less money and do it responsibly, I would,” says Gabriel Otte, Freenome’s founder and chief executive officer.

Since the company launched in 2014 it has been developing a test that combines machine learning with the development of proprietary assays to test for different types of cancer. The company’s research started in prostate cancer, but it has since turned its focus to colorectal cancer.

It’s a strain of the disease that has already been proven to respond well to early diagnosis and treatment. Whereas other types of cancer are less well understood in their earliest stages, according to Otte.

By drawing samples of cell-free DNA from the blood, and treating it with methylation and protein biomarkers the company is able to apply machine learning techniques to identify additive signatures that can increase the accuracy of early cancer detection tests.

By using multiple inputs rather than looking for just genetic material coming off of tumors the company says that its tests can detect cancer earlier than traditional tests that are more invasive and can miss early signs of the disease.

Colorectal cancer, which is the second most lethal cancer in the U.S., has a 90 percent five-year relative survival rate when it’s detected early, according to data from the National Cancer Institute’s Surveillance, Epidemiology, and End Results Program, cited by the company.

“We get this image in our head of a magical drug or using the immune system to kill a tumor. While drugs are an important part and will continue to play an important part.. The difference between early detection and late stage detection it is life or death,” says Otte. 

Freenome has data on several types of cancers and have looked at tests for over seven different target — including colorectal and prostate cancer. But the company decided not to pursue a test for multiple cancer types because if they launched one, it would not get used, Otte said.

“For the vast majority of cancer types today you wouldn’t do anything differently if you detected it early,” says Otte. “We haven’t developed what is the medical standard that we would apply to such an incident.”

Competitors in the diagnostics market disagree. Grail, a startup also working in the diagnostics space has raised $1.5 billion for its technology that screens for multiple cancers. The company even announced results earlier this year that showed promising advances for its technology. According to the company, data showed Grail’s still-in-development multi-cancer blood test detected strong signals for twelve deadly cancer types at early stages with a very high specificity of at least 99 percent (or a false positive rate of one percent or less). And the test identified where the cancer originated in the body (the tissue of origin) with high accuracy.

Thrive Earlier Detection, which raised over $100 million in May, is another company taking the approach of looking at multiple cancer screens.

For Otte the results may be impressive, but without a standard of care to follow, the test results are fairly meaningless.

“It’s not to say that I’m not a fan of people going after multi-stage cancer,” says Otte. “It’s a long road to see that that works and that helps.”

The new financing for Freenome comes from RA Capital Management and Polaris Partners. The two investors were joined by funds advised by T. Rowe Price Associates, Perceptive Advisors, Roche Venture Fund, Kaiser Permanente ventures and the American Cancer Society’s own impact investment arm, BrightEdge Ventures.

Previous investors, who put in an initial $78 million to fund Freenome’s work, also participated in the round. They included: Andreessen Horowitz, GV (formerly Google Ventures), Data Collective Venture Capital, Section 32, and Verily Life Sciences (a subsidiary of Alphabet focused on life sciences and healthcare).

Freenome said the money would be used for a validation study and would then be submit an application for its colorectal cancer screening test to both the U.S. Food and Drug Administration (FDA) and Centers for Medicare & Medicaid Services (CMS) under the Parallel Review Program.

“The biggest hurdle [to a company’s success] is reimbursement,” says Otte. “We’re talking about Medicare coverage is going to be no more than $500… so a test needs to be significantly under $500 mark to make a significant business. [That means it] has to have clinical utility. That’s why colorectal cancer is the right move for us… payers are going to be amenable to a test like ours. It’s a big hurdle to generate enough data over enough time to show that your test results in a better patient outcome.”

Again and again, the companies investors come back to the need for early detection to be a component of a cure for the world’s deadliest diseases and it’s something that Freenome’s chief executive also stresses.

“The most affordable and effective treatment for metastatic cancer is to detect it early, when the tumor is still small and local, and we can cure it with surgery. It’s with that vision that we have invested in Freenome,” said Peter Kolchinsky, Managing Partner of RA Capital.

The company differentiates itself not just in its approach to target single cancers with a test, but also in its use of multiple inputs beyond the genetic material given off by the cancer cell itself, according to Otte.

He sees one of the limiting factors to the success of other approaches as their inability to collect enough genetic material to produce accurate enough samples — even when those samples are enhanced by machine learning.

“We don’t believe that CT DNA is actually going to solve this problem,” says Otte. “It comes down to physics… In early disease there are very few fragments of DNA that will come from the tumor. At that low concentration [roughly] .01 percent… To take the appropriate amount of blood. If you were to collect 80 ML it would be… To get to 90 percent you would have to collect 300MLs.”

Once you have identified a disease then you can begin to treat it, but you have to have a correct diagnosis. The best drugs, which can bring someone with Stage 4 lung cancer who is at the brink of death back to perfect health only work in a small percentage of patients. The best approach is to treat the patient before they ever need a miracle cure, says Otte.

“When I talk about curing cancer the cure comes from early detection followed by early prevention and treatment,” he says.

SpaceX is currently set to launch its eighteenth commercial resupply mission (CRS-18) for the International Space Station at 6:24 PM ET (3:24 PM PT) on Wednesday, from LC-40 at Cape Canaveral Air Force Station in Florida. The mission will carry equipment for experiments and scientific research, as well as supplies for ISS astronauts, and a new docking adapter that will automate the docking process for any future crew spacecraft built to take advantage during their visits to the ISS.

Live coverage will begin via the stream above at around 15 minutes prior to the target launch time, provided all goes to plan. The standard pre-launch weather assessment isn’t looking especially good however – the USAF 5th Space Wing, which is responsible for calling the weather conditions, said that there was a 30 percent chance of favorable weather as of earlier this week. Should the launch be scrubbed for today, there’s a backup window on Thursday, July 25 at 6:01 PM ET (3:01 PM PT).

SpaceX’s Dragon capsule used for this mission is badged with an “Apollo 50th” commemorative graphic near the side-hatch on the spacecraft, to celebrate the 50th anniversary of the Apollo 11 Moon landing mission. That anniversary actually ends today as well, with the returned astronauts splashing down in the Pacific Ocean in the Columbia command capsule on July 24, 1969.

While the delivery of the new automated docking module is a big highlight for this mission from the perspective of the overall space program, there’s another big milestone for SpaceX – the Falcon 9 first stage used in this mission will attempt to land back at LZ-1 at Cape Canaveral, and it’s already flown and been recovered twice previously.