Connect with us


Instagram tests new age verification tools for 18 and over accounts, including video selfies – TechCrunch



Instagram has been tinkering for years looking for better ways to manage and engage with younger and older users — not just to be more compliant with regulations, but to better target age-appropriate and relevant content and advertising to them. In the latest move, the Meta-owned platform is testing a new set of features — video selfies, vouching from adult friends, and providing an ID — designed to verify when people say they are 18 and older.

The test covers U.S. users, who will now potentially see these options if they try to change their age from under 18 to 18 and over.

There are two basic use cases for this new verification system: adults who have registered as teens by mistake and trying to enter their correct age; and teens who are trying to circumvent the platform’s age-appropriate restrictions. Instagram’s made periodic modifications to those restrictions, including making accounts for younger people to default to private mode.

Notably, this doesn’t change the check at the registration process where you have to enter your birthdate. According to the company’s rules, you need to be at least 13 years old to sign up for the service.

In the U.S., when you’re changing your age from under 18 to 18 and over, you’ll be prompted to select one of the options mentioned above. You can provide an ID card like a passport or a driver’s license for verification. The company will store your ID for 30 days on its servers before deleting it.

Image Credits: Instagram

If you don’t have a valid ID listed in Instagram’s acceptable ID list, you can choose the video selfie method for age verification. Instagram has partnered with London-based digital identity startup Yoti for this part of the verification. Once a user uploads the video selfie, Meta shares it with Yoti, which verifies their age using its specially trained AI. Once the verification process is over, both companies delete the data.

Image Credits: Instagram

In its whitepaper about the technology, Yoti claims that the AI can just estimate your age, but can’t identify you. The firm said it has trained its model from images of users across the world who have consented for their data to be used for research.

The third way to verify your age is named Social Vouching. This method involves three of your friends aged 18 and above who need to vouch for your age, and they can’t be vouching for anyone else at that moment. The company said that the vouchee gets the list of six people randomly with no family member on it.

The people you choose for this process will get a confirmation request, and they’ll have to address it within three days. The people vouching for you will get options to specify your age bracket such as under 13 years old, 13-17 years old, 18-20 years old, 21 years or older, or I’m not sure. All three of them must choose the same option for your age verification to be approved.

Image Credits: Instagram

Meta said that all the information you provide for age verification is private, and it won’t be visible to anyone. The company also noted that devices and app stores should perform these checks so teens can have a safe experience across all apps and services.

“Understanding someone’s age online is a complex, industry-wide challenge. We want to work with others in our industry, and with governments, to set clear standards for age verification online. Many people, such as teens, don’t always have access to the forms of ID that make age verification clear and simple. As an industry, we have to explore novel ways to approach the dilemma of verifying someone’s age when they don’t have an ID,” the company said in a statement.

Meta added that it’s continuously developing AI to detect users who are lying about their age. While it doesn’t scan photos and videos, it looks for signals like birthday posts to identify the true age of a user. The AI also helps the company keep the teens away from experiences for adults like Facebook Dating and  Mentorship.

Instagram first introduced an age check by asking for birthdates during registration in 2019. Later in 2021, it made it mandatory for everyone to provide their birthdate.

The same year, it launched restrictions for teens like making accounts private by default for under-16 users, blocking DMs from unknown adults, and stopping advertisers to serve targeted ads based on teens’ interests and activities. Instagram’s rival TikTok also introduced similar limitations for users under 18 last year.

Last year, the Wall Street Journal reported that Instagram knew its platform affects the mental health of young users, but ignored its impact. After facing backlash, the firm took many steps like shelving its plans for developing a dedicated kids app and rolling out stronger parental controls. Instagram’s new age verification methods are another attempt to protect teens from harmful content.

Continue Reading


US government says North Korean hackers are targeting American healthcare organizations with ransomware – TechCrunch



The FBI, CISA, and the U.S. Treasury Department are warning that North Korean state-sponsored hackers are using ransomware to target healthcare and public health sector organizations across the United States.

In a joint advisory published Wednesday, the U.S. government agencies said they had observed North Korean-backed hackers deploying Maui ransomware since at least May 2021 to encrypt servers responsible for healthcare services, including electronic health records, medical imaging, and entire intranets.

“The FBI assesses North Korean state-sponsored cyber actors have deployed Maui ransomware against Healthcare and Public Health Sector organizations,” the advisory reads. “The North Korean state-sponsored cyber actors likely assume healthcare organizations are willing to pay ransoms because these organizations provide services that are critical to human life and health. Because of this assumption, the FBI, CISA, and Treasury assess North Korean state-sponsored actors are likely to continue targeting [healthcare] organizations.”

The advisory notes that in many of the incidents observed and responded to by the FBI, the Maui ransomware caused disruption to healthcare services “for prolonged periods.”

Maui was first identified by Stairwell, a threat-hunting startup that aims to help organizations determine if they have been compromised, in early-April 2022. In an analysis of the ransomware, Stairwell principal reverse engineer Silas Cutler notes that Maui lacks many of the features commonly seen with tooling from ransomware-as-a-service (RaaS) providers, such as an embedded ransom note or automated means of transmitting encryption keys to attackers. Rather, Stairwell concludes that Maui is likely manually deployed across victims’ networks, with remote operators targeting specific files they want to encrypt.

North Korea has long used cryptocurrency-stealing operations to fund its nuclear weapons program. In an email, John Hultquist, vice president of Mandiant Intelligence, said that as a result “ransomware is a no-brainer” for the North Korean regime.

“Ransomware attacks against healthcare are an interesting development, in light of the focus these actors have made on this sector since the emergence of COVID-19. It is not unusual for an actor to monetize access which may have been initially garnered as part of a cyber espionage campaign,” said Hultquist. “We have noted recently that North Korean actors have shifted focus away from healthcare targets to other traditional diplomatic and military organizations. Unfortunately, healthcare organizations are also extraordinarily vulnerable to extortion of this type because of the serious consequences of a disruption,” he added.

The advisory, which also includes indicators of compromise (IOCs) and information on tactics, techniques and procedures (TTPs) employed in these attacks to help network defenders, urges organizations in the healthcare industries to strengthen their defenses by limiting access to data, turning off network device management interfaces, and by using monitoring tools to observe whether Internet of Things devices have become compromised.

“The FBI, along with our federal partners, remains vigilant in the fight against North Korea’s malicious cyber threats to our healthcare sector,” said FBI Cyber Division assistant director Bryan Vorndran. “We are committed to sharing information and mitigation tactics with our private sector partners to assist them in shoring up their defenses and protecting their systems.”

The U.S. government’s latest warning follows a spate of high-profile cyberattacks targeting healthcare organizations; University Medical Center Southern Nevada was hit by a ransomware attack in August 2021 that compromised files containing protected health information and personally identifiable information, and Eskenazi Health said in October that cybercriminals had access to their network for almost three months. Last month, Kaiser Permanente confirmed a breach of an employee’s email account led to the theft of 70,000 patient records.

Continue Reading


Hotel giant Marriott confirms yet another data breach – TechCrunch



Hotel group Marriott International has confirmed another data breach, with hackers claiming to have stolen 20 gigabytes of sensitive data including guests’ credit card information.

The incident, first reported by Tuesday, is said to have happened in June when an unnamed hacking group claimed they used social engineering to trick an employee at a Marriott hotel Maryland into giving them access to their computer.

“Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer,” Marriott spokesperson Melissa Froehlich Flood told TechCrunch in a statement. “The threat actor did not gain access to Marriott’s core network.”

Marriott said the hotel chain identified, and was investigating, the incident before the threat actor contacted the company in an extortion attempt, which Marriott said it did not pay.

The group claiming responsibility for the attack say the stolen data includes guests’ credit card information and confidential information about both guests and employees. Samples of the data provided to purport to show reservation logs for airline crew members from January 2022 and names and other details of guests, as well as credit card information used to make bookings.

However, Marriott told TechCrunch that its investigation determined that the data accessed “primarily contained non-sensitive internal business files regarding the operation of the property.”

The company said that it is preparing to notify 300-400 individuals regarding the incident, and has already notified relevant law enforcement agencies.

This isn’t the first time Marriott has suffered a significant data breach. Hackers breached the hotel chain in 2014 to access almost 340 million guest records worldwide – an incident that went undetected until September 2018 and led to a £14.4 million ($24M) fine from the U.K’s Information Commissioner’s Office. In January 2020, Marriott was hacked again in a separate incident that affected around 5.2 million guests.

TechCrunch asked Marriott what cybersecurity protections it has in place to prevent such incidents from happening, but the company declined to answer.

Continue Reading


Rivian says it’s on track to deliver 25,000 vehicles this year – TechCrunch



Rivian said Wednesday the company produced 4,401 vehicles at its manufacturing facility in Normal, Illinois, and delivered 4,467 vehicles for the quarter ended June 30.

“These figures remain in line with the company’s expectations, and it believes it is on track to deliver on the 25,000 annual production guidance previously provided,” Rivian said in a statement.

In the first quarter of 2022, Rivian produced 2,553 vehicles and delivered 1,227 vehicles.

The production figures include a mix of the Rivian R1T pickup truck, R1S SUV and the commercial vans it is making for Amazon.


Continue Reading