Category: UNCATEGORIZED

Facebook has confirmed its password-related security incident last month now affects “millions” of Instagram users, not “tens of thousands” as first thought.

The social media giant confirmed the new information in its updated blog post, first published on March 21.

“We discovered additional logs of Instagram passwords being stored in a readable format,” the company said. “We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others.”

“Our investigation has determined that these stored passwords were not internally abused or improperly accessed,” the updated post said, but the company still has not said how it made that determination.

The social media giant did not say how many millions were affected, however.

Last month, Facebook admitted it had inadvertently stored “hundreds of millions” of user account passwords in plaintext for years, said to have dated as far back as 2012. The company said the unencrypted passwords were stored in logs accessible to some 2,000 engineers and developers. The data was not leaked outside of the company, however. Facebook still explained how the bug occurred

Facebook posted the update at 10am ET — an hour before the Special Counsel’s report into Russian election interference was published.

We asked the company when it learned of the new scale of the password leak and will update if we hear back.

Pinterest (NYSE: PINS) is a public company. Ben Silbermann’s virtual pinboard rose 25 percent in its NYSE debut, opening at $23.75 per share. Currently, shares of its stock are up another 2%, trading at more than $24 each.

The company priced its shares above range last night at $19 a piece. The IPO price gave the company a fully-diluted market cap of $12.6 billion, a figure slightly larger than its Series H valuation of $12.3 billion.

After selling 75 million Class A shares, Pinterest has a fresh $1.4 billion of cash to navigate the trials and tribulations of being a public company.

Pinterest saw a boost in its debut despite concerns that Lyft, a fellow consumer technology IPO, has struggled since its Nasdaq IPO three weeks ago. Lyft priced at the top of its range at $72 apiece in late March, raising $2 billion in the process. Though it traded up 21 percent on its first day, it has since fallen below its IPO price and is currently sitting at about $58 per share.

We’ll have to sit back and wait to see if Pinterest suffers the same fate.

Zoom, another unicorn IPO that happened to fall on the same day as Pinterest’s big debut, has skyrocketed 81 percent on its first day of trading.

Shares of the video conferencing business began trading at $65 a pop this morning after the video conferencing company priced its shares at $36 apiece Wednesday, above its anticipated range. The company initially planned to price its shares at between $28 and $32 per share, but following big demand for a piece of a profitable tech business, Zoom increased expectations, announcing plans to sell shares at between $33 and $35 apiece.

The pop gives Zoom a fully diluted market cap of roughly $16 billion, or 16 times larger than the $1 billion valuation it garnered with its last round of private funding in 2017. Yes, that means Zoom, a company that raised less than $200 million in venture capital, is worth more than Pinterest, a beloved Silicon Valley success story that attracted nearly $1.5 billion in VC funding.

The Mueller report contains new information about how the Russian government hacked documents and emails from Hillary Clinton’s presidential campaign and the Democratic National Committee .

At one point, the Russians used servers located in the U.S. to carry out the massive data exfiltration effort, the report confirms.

Much of the information was previously learned from the indictment of Viktor Borisovich Netyksho, the Russian officer in charge of Unit 26165. Netyksho is believed to be still at large in Russia.

But new details in the 488-page redacted report released by the Justice Department on Thursday offered new insight into how the GRU operatives hacked.

The operatives working for the Russian intelligence directorate, the GRU, sent dozens of targeted spearphishing emails in just five days to the work and personal accounts of Clinton Campaign employees and volunteers, as a way to break into the campaign’s computer systems.

The GRU hackers also gained access to the email account of John Podesta, Clinton’s campaign chairman, of which its contents were later published.

Using credentials they stole along the way, the hackers broke into the networks of the Democratic Congressional Campaign Committee days later. By stealing the login details of a system administrator who had “unrestricted access” to the network, the hackers broke into 29 computers in the ensuring weeks, and more than 30 computers on the DNC.

The operatives, known collectively as “Fancy Bear,” is made up of several units tasked with specific operations. Mueller formally blamed Unit 26165, a division of the GRU specializing in targeting government and political organizations, for taking on the “primary responsibility for hacking the DCCC and DNC, as well as email accounts of individuals affiliated with the Clinton Campaign,” said the Mueller report.

The hackers used Mimikatz, a hacking tool used once an intruder is already in a target network, to collect credentials, and two other kinds of malware: X-Agent for taking screenshots and logging keystrokes, and X-Tunnel used to exfiltrate massive amounts of data from the network to servers controlled by the GRU. Mueller’s report found that Unit 26165 used several “middle servers” to act as a buffer between the hacked networks and the GRU’s main operations. Those servers, Mueller said, were hosted in Arizona — likely as a way to obfuscate where the attackers were located but also to avoid suspicion or detection.

In all, some 70 gigabytes of data were exfiltrated from Clinton’s campaign servers and some 300 gigabytes of data were from the DNC’s network.

Meanwhile, another GRU hacking unit, Unit 74455, which helped to disseminate and publish hacked and stolen documents, pushed the stolen data out through two fictitious personas. DCLeaks was a website that hosted the hacked material, while Guccifer 2.0 was a hacker-like figure who had a social presence and would engage with reporters.

Under pressure from the U.S. government, the two GRU-backed personas were shut down by the social media companies. Later, tens of thousands of hacked files were funneled to and distributed by WikiLeaks .

Mueller’s report also found a cause-and-effect between Trump’s remarks in July 2016 and subsequent cyberattacks.

“I hope you’re able to find the 30,000 emails that are missing,” said then-candidate Trump at a press conference, referring to emails Clinton stored on a personal email server while she headed the State Department. Mueller’s report said “within approximately five hours” of those remarks, GRU officers began targeting for the first time Clinton’s personal office.

More than a dozen staffers were targeted by Unit 26165, including a senior aide. “It is unclear how the GRU was able to identify these email accounts, which were not public,” said Muller.

Does that implicate the Trump campaign in an illegal act? Likely not.

“Under applicable law, publication of these types of materials would not be criminal unless the publisher also participated in the underlying hacking conspiracy,” according to Elie Honig, a CNN legal analyst. “The special counsel’s report did not find that any person associated with the Trump campaign illegally participated in the dissemination of the materials.”

Microsoft has never been shy about being acquisitive, and today it announced it’s buying Express Logic, a San Diego company that has developed a real-time operating system (RTOS) aimed at controlling the growing number of IoT devices in the world.

The companies did not share the purchase price.

Express Logic is not some wide-eyed, pie-in-the-sky startup. It has been around for 23 years building (in its own words), “industrial-grade RTOS and middleware software solutions for embedded and IoT developers.” The company boasts some 6.2 billion (yes, billion) devices running its systems. That number did not escape Sam George, director of Azure IoT at Microsoft, but as he wrote in a blog post announcing the deal, there is a reason for this popularity.

“This widespread popularity is driven by demand for technology to support resource constrained environments, especially those that require safety and security,” George wrote.

The beauty of Express Logic’s approach is that it can work in low-power and low resource environments and offers a proven solution for a range or products. “Manufacturers building products across a range of categories — from low capacity sensors like lightbulbs and temperature gauges to air conditioners, medical devices and network appliances  –leverage the size, safety and security benefits of Express Logic solutions to achieve faster time to market,” George wrote.

Writing in a blog post to his customers announcing the deal, Express Logic CEO William E. Lamie, expressed optimism that the company can grow even further as part of the Microsoft family. “Effective immediately, our ThreadX RTOS and supporting software technology, as well as our talented engineering staff join Microsoft. This complements Microsoft’s existing premier security offering in the microcontroller space,” he wrote.

Microsoft is getting an established company with a proven product that can help it scale its Azure IoT business. The acquisition is part of a $5 billion investment in IoT the company announced last April that includes a number of Azure pieces such as Azure Sphere, Azure Digital Twins, Azure IoT Edge, Azure Maps and Azure IoT Central.

“With this acquisition, we will unlock access to billions of new connected endpoints, grow the number of devices that can seamlessly connect to Azure and enable new intelligent capabilities. Express Logic’s ThreadX RTOS joins Microsoft’s growing support for IoT devices and is complementary with Azure Sphere, our premier security offering in the microcontroller space,” George wrote.

Following reports that Amazon is preparing to launch a free, streaming music service for Echo owners, Google today announced YouTube Music will be free on its Google Home smart speakers and other Google Assistant-powered speakers — like those from JBL, Panasonic, Sony and others. The free service will be ad-supported, and available in select markets, including the U.S., Canada, Mexico, parts of Europe and elsewhere.

The move appears to be a preemptive strike in light of Amazon’s plans. Bloomberg had reported last week that Amazon would soon launch a free streaming service and Spotify competitor to better cater to its Echo device owners.

Starting today, Google Home speaker owners or those with other Assistant-powered devices can enable the free, ad-supported music service by visiting the Account Settings section of the Google Home app, then tapping Services, Music, and selecting “YouTube Music” as their default.

Users can then say “Hey, Google,” and ask for music for any mood or moment, the company explains. For example, you could ask for workout music or music for a dinner party, or you could ask for a certain genre. But the free version of the service won’t allow you to request particular songs, albums, artists or playlists for on-demand streaming — you’ll have to upgrade to YouTube Music Premium for that.

The $9.99/month on-demand Premium offering also includes support for unlimited skips, song replay, and offline listening when you’re on a mobile device, in addition to removing the ads.

The free, ad-supported music service is live on smart speakers in the United States, Canada, Mexico, Australia, Great Britain, Ireland, Germany, France, Italy, Spain, Sweden, Norway, Denmark, Japan, Netherlands, and Austria. YouTube says more countries will be available soon.

He invented modern social media, then had it stolen from him. So how does Evan Spiegel feel about it, and how will he turn Snapchat’s product leadership into a profitable business? We’ll bring you the answers at TechCrunch Disrupt SF, where Snap CEO Evan Spiegel will join us. Come learn how Spiegel analyzes behavior to create new features, evolves from failure, and keeps his brand cool.

The talk comes at a pivotal time for Snap, just as it hopes to hit profitability. After 2.5 years of being ruthlessly copied while trying to maintain the moral high ground, Snapchat is finally fighting back against Mark Zuckerberg’s army of clones. Snapchat has a smart new platform strategy that will bring its Stories and vertical video ads to other apps. The goal is to unite the independent social web from Tinder to Houseparty into a rebel alliance. By colonizing the app ecosystem, Snap could revive growth and juice its revenue.

How does Spiegel devise his battle plans? What took Snap so long to respond to Facebook’s competition? And what advice does he have for other founders duking it out with well-funded rivals? Our talk will have plenty of tactical insights for anyone roadmapping their company’s future.

However, it’s not competition, but missteps and stagnation that most often kill startups. From a disastrous redesign to neglect of international teens, Snapchat has made plenty of unforced errors. But it’s finally proving willing to correct course. It’s been fixing its design and feature set while reengineering its Android app for the developing world. We’ll discuss what it takes for a CEO to admit they’re wrong without destroying morale, and how to make things right even if the process takes years.

Spiegel and Snapchat have proven the longevity of owning a core tech use case like messaging. Now it faces the challenge of monetizing our habits without annoying us. And if Snap can survive long enough while funding augmented reality hardware R&D, it could emerge a power player in the next era of computing. We’ll ask Spiegel how he balances capitalizing on today’s trends with playing the long-game against giants like Apple.

It’s been an interesting few years since we last spoke to Spiegel on the Disrupt stage, and we’re excited to hear what’s next for Snap. Tickets to Disrupt, which runs October 2 to October 4 in San Francisco, are available here.

Today at TechCrunch’s TC Sessions: Robotics + AI event at UC Berkeley, Nvidia VP of Engineering Claire Delaunay announced that the company’s Isaac SDK is available for download. Announced last month, the software development kit is part of the chipmaker’s ongoing push to help make robotics development more accessible for a wider range of users.

The system is designed to improve accessibility to key features of robotics AI and ML, including obstacle detection, speech recognition and stereo depth estimation, each of which will prove key components to even basic robotic systems, going forward.

According to the company:

Using computational graphs and an entity component system, the Isaac Robot Engine allows developers to break down complex robotic tasks into a network of smaller, simpler steps. Developing a complex system is made easy using Gems, which are modular capabilities for sensing, planning, and actuation that can be easily plugged into a robotics application.

And, of course, the system will play nicely with NVIDIA’s own robotics hardware components like the Jetson Nano and Jetson AGX Xavier. Delaunay demonstrated some of the system’s functionality onstage at today’s event, using Nvidia’s dual in-house reference platforms, the two-wheeled Carter and four-wheeled Kaya.

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

1. Samsung responds to reviewer complaints about its Galaxy Fold phone

Samsung has issued a statement about its new folding phone. Apparently a number of reviewers either mistakenly destroyed their phone screens or had the screens bork on them after a few days of use.

In response, the company said it “will thoroughly inspect these units in person to determine the cause of the matter.”

2. Pinterest prices IPO above range

The company will sell 75 million shares of Class A common stock at $19 apiece in an offering that should attract $1.4 billion in new capital for the visual search engine.

3. Apple expands global recycling programs, announces new Material Recovery Lab in Austin

Apple says it’s building a new, 9,000-square-foot Material Recovery Lab based in Austin, Texas, focused on discovering future recycling processes.

Special counsel Robert Mueller (L) arrives at the U.S. Capitol for closed meeting with members of the Senate Judiciary Committee June 21, 2017 in Washington, DC. (Photo by Alex Wong/Getty Images)

4. The Mueller Report

Granted, this isn’t primarily a tech story, but it’s obviously going to be the big news of the day, and tech plays a key role. Check out all our coverage of the latest developments at the link above.

5. Twitter acqui-hires highlight-sharing app Highly

The company is scooping up the team behind highlight-sharing app Highly. This talent could help Twitter build its own version of Highly or develop other ways to excerpt the best content from websites and get it into the timeline.

6. Phantom Auto raises $13.5M to expand remote driving business to delivery bots and forklifts

Autonomous vehicles are hard and everyone seems to be waking up to that fact. Companies like Phantom Auto are expanding into new areas as they wait for autonomous vehicle developers to catch up.

7. Salesforce is buying MapAnything, a startup that raised over $84M

MapAnything helps companies build location-based workflows, something that could come in handy for sales or service calls.

Over the past half a decade, the tidal wave of niche brands delivering new kinds of products to consumers and doing so online has changed the retail and CPG landscapes forever.

This shift has in some way caused a shakeout in traditional retail, with once-popular retailers announcing store closures (JCPenney, Sears) or even liquidation (Payless, Toys R Us) and has sent fashion houses and CPG brands on a soul-searching journey. The changing demographics and desires of shoppers have also fueled the decline of traditional brands and their distribution mechanisms.

This bleak scenario of incumbent consumer brands is in stark contrast to the rapid emergence of a host of digitally-native Direct to Consumer (D2C) brands. A few D2C brands have been successful enough to become unicorns! Retailers like Walmart, Nordstrom, and Target have quickly adapted to the D2C era.

Walmart has made a string of acquisitions beginning with Jet.com and Bonobos. Nordstrom has broadened its assortment to include D2C brands, Target has partnered with Harry’s, Quip, and Flamingo – all of which have rolled out their products in Target’s stores across the country. Target has also invested in Casper, which is the latest D2C brand to become a Unicorn.

Venture capital firms have invested over four billion dollars in D2C brands since 2012, with 2018 alone accounting for over a billion. With investment comes pressure to scale and deliver profits. And this pressure is bringing the focus on some pertinent questions – How are these D2C brands going to evolve and how could they sustain as businesses?

Like always, the pioneering companies find their path and we then derive the playbooks out of them. From PipeCandy’s analysis of several D2C brands, we see the following approaches taken by D2C brands.

• Playbook 1: Brand’s purpose anchored around one product category
• Playbook 2: Brand’s purpose anchored around multiple product categories
• Playbook 3: Brand’s purpose anchored around aggregation of other brands (for sale or rent)

We discuss the market size and capital availability factors that influence the paths and the outcomes.

Table of Contents

1. D2C playbooks
   1. Playbook 1: Brand’s purpose anchored around one product category
   2. Playbook 2: Brand’s purpose anchored around multiple product categories
   3. Playbook 3: Brand’s purpose anchored around aggregation of other brands (for sale or rent)
2. Access to capital and how D2C playbooks are impacted
3. The VC route to scale
4. The non-VC route to scale
5. Outcome without hitting scale
6. Roll-ups by strategic buyers
7. Roll-ups by financial buyers
8. Brand incubators

Brand’s Purpose anchored around one product category:

Many of these D2C brands that have experienced early success owe their rise largely to an authentic relationship with consumers that is built on the promise of one product. In many ways, focusing on one product line and a small set of SKUs makes total business sense.

Design, Production, Marketing & Customer Support complexities can stay manageable with such deliberate narrowing down of focus.

In some categories, you could stay focused on one product line for a long time and build a successful company.

Venture investors, private equity, and corporations funneled $2 billion into digital health startups in the first quarter of 2019, down 19% from the nearly $2.5 billion invested a year ago.

There were also 38 fewer deals done in the first quarter this year than last year, when investors backed 187 early stage digital health companies, according to data from Mercom Capital Group.

While private investments declined, public equities soared in the first quarter — with 66% of the digital health companies that Mercom tracks beating the S&P 500, compared to the previous quarter when nearly the same amount of public companies were underwater compared to the S&P. 

Among startups, data analytics and mobile health apps, drew the most capital, with analytics focused companies raising $557 million for the quarter. Mobile health apps raked in $392 million while telemedicine-focused startups claimed another $220 million — making up the ublk of the funding in the digital healthcare space.

The top investments went to Doctolib, the European back-office support software developer, which raised $170 million; Health Catalyst, which pulled in $100 million; and Calm, which grabbed another $88 million from investors, according to Mercom.