Connect with us

Social

Snapchat adds free phone number verification to its list of SDK perks – TechCrunch

Published

on

Snap’s latest developer offering is a tool called Verify that’s aiming to save its mobile-first developers cash on verifying user phone numbers en masse. The new tool is being integrated into its Login Kit framework, allowing devs with a “Log In with Snapchat” button to move away from tapping services like Twilio for SMS verification, instead checking with Snap to see whether that user has already verified their number with Snapchat.

Snap Kit lead Patrick Mandia tells TechCrunch that his team has been working on the feature for more than a year, aiming to create “an easy, private way to verify phone numbers at no cost to developers.” Mandia says that because phone number verification is already a core part of Snapchat’s login flow, the company wanted to create a way for companies inside its SDK to verify phone numbers with them rather than tapping an external service.

Verify basically works by checking whether the phone number a user just typed into the login flow of a Snap Kit app matches the phone number associated with the Snapchat account they used to log in to the app.

Rather than sending users a verification code, Snap Kit handles this all in the background. If the user has verified that number within the past year, Snap will okay the verification. If a user doesn’t have a phone number on file with Snapchat or hasn’t recently verified that number, Snap will carry out that SMS verification on their end with the user, keeping it on file so the number can be confirmed through Verify on other Snap Kit applications.

At its annual partner summit last week, Snap shared that it now has 800 developers on its Snap Kit platform that collectively reach 150 million users on a monthly basis. The social messaging company has been looking to grow that network through features that tap into its network of resources rather than its network of user data.

“Traditionally, when you think of these platforms, the value is data. The value is what data a third party is going to be able to get about you and your friends, and that turns out to have some real issues,” Snap’s VP of Partnerships Ben Schwerin told us. “So, we took a much different approach, which is that Login Kit is going to power really creative, unique experiences and that’s going to be the value for partners.”

In a conversation with Snap last week, the company connected me with Yolo co-founder Greg Henrion whose app operates on the Snap Kit platform. He says that his app is spending “above six-figures” on a monthly basis just to verify phone numbers.

“The idea that we have portfolio companies spending $1 million per year to verify text messages is pretty crazy,” says Josh Miller, an investor at Thrive Capital, which backed Yolo.

For consumer app developers with a user base that overlaps significantly with Snapchat’s, the new feature offers them something that could save them cash right off the bat. Yolo’s situation is certainly unique, Snap Kit is the only way to log in to their platform, so Verify will take care of almost all of their SMS verification spend. Yolo’s outsized spending on SMS verification is also an outlier; the startup says about one-third of their run rate is devoted to it.

Verify with Snapchat is free and is available for Snap Kit developers starting today.

Continue Reading

Social

US government says North Korean hackers are targeting American healthcare organizations with ransomware – TechCrunch

Published

on

The FBI, CISA, and the U.S. Treasury Department are warning that North Korean state-sponsored hackers are using ransomware to target healthcare and public health sector organizations across the United States.

In a joint advisory published Wednesday, the U.S. government agencies said they had observed North Korean-backed hackers deploying Maui ransomware since at least May 2021 to encrypt servers responsible for healthcare services, including electronic health records, medical imaging, and entire intranets.

“The FBI assesses North Korean state-sponsored cyber actors have deployed Maui ransomware against Healthcare and Public Health Sector organizations,” the advisory reads. “The North Korean state-sponsored cyber actors likely assume healthcare organizations are willing to pay ransoms because these organizations provide services that are critical to human life and health. Because of this assumption, the FBI, CISA, and Treasury assess North Korean state-sponsored actors are likely to continue targeting [healthcare] organizations.”

The advisory notes that in many of the incidents observed and responded to by the FBI, the Maui ransomware caused disruption to healthcare services “for prolonged periods.”

Maui was first identified by Stairwell, a threat-hunting startup that aims to help organizations determine if they have been compromised, in early-April 2022. In an analysis of the ransomware, Stairwell principal reverse engineer Silas Cutler notes that Maui lacks many of the features commonly seen with tooling from ransomware-as-a-service (RaaS) providers, such as an embedded ransom note or automated means of transmitting encryption keys to attackers. Rather, Stairwell concludes that Maui is likely manually deployed across victims’ networks, with remote operators targeting specific files they want to encrypt.

North Korea has long used cryptocurrency-stealing operations to fund its nuclear weapons program. In an email, John Hultquist, vice president of Mandiant Intelligence, said that as a result “ransomware is a no-brainer” for the North Korean regime.

“Ransomware attacks against healthcare are an interesting development, in light of the focus these actors have made on this sector since the emergence of COVID-19. It is not unusual for an actor to monetize access which may have been initially garnered as part of a cyber espionage campaign,” said Hultquist. “We have noted recently that North Korean actors have shifted focus away from healthcare targets to other traditional diplomatic and military organizations. Unfortunately, healthcare organizations are also extraordinarily vulnerable to extortion of this type because of the serious consequences of a disruption,” he added.

The advisory, which also includes indicators of compromise (IOCs) and information on tactics, techniques and procedures (TTPs) employed in these attacks to help network defenders, urges organizations in the healthcare industries to strengthen their defenses by limiting access to data, turning off network device management interfaces, and by using monitoring tools to observe whether Internet of Things devices have become compromised.

“The FBI, along with our federal partners, remains vigilant in the fight against North Korea’s malicious cyber threats to our healthcare sector,” said FBI Cyber Division assistant director Bryan Vorndran. “We are committed to sharing information and mitigation tactics with our private sector partners to assist them in shoring up their defenses and protecting their systems.”

The U.S. government’s latest warning follows a spate of high-profile cyberattacks targeting healthcare organizations; University Medical Center Southern Nevada was hit by a ransomware attack in August 2021 that compromised files containing protected health information and personally identifiable information, and Eskenazi Health said in October that cybercriminals had access to their network for almost three months. Last month, Kaiser Permanente confirmed a breach of an employee’s email account led to the theft of 70,000 patient records.

Continue Reading

Social

Hotel giant Marriott confirms yet another data breach – TechCrunch

Published

on

Hotel group Marriott International has confirmed another data breach, with hackers claiming to have stolen 20 gigabytes of sensitive data including guests’ credit card information.

The incident, first reported by Databreaches.net Tuesday, is said to have happened in June when an unnamed hacking group claimed they used social engineering to trick an employee at a Marriott hotel Maryland into giving them access to their computer.

“Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer,” Marriott spokesperson Melissa Froehlich Flood told TechCrunch in a statement. “The threat actor did not gain access to Marriott’s core network.”

Marriott said the hotel chain identified, and was investigating, the incident before the threat actor contacted the company in an extortion attempt, which Marriott said it did not pay.

The group claiming responsibility for the attack say the stolen data includes guests’ credit card information and confidential information about both guests and employees. Samples of the data provided to Databreaches.net purport to show reservation logs for airline crew members from January 2022 and names and other details of guests, as well as credit card information used to make bookings.

However, Marriott told TechCrunch that its investigation determined that the data accessed “primarily contained non-sensitive internal business files regarding the operation of the property.”

The company said that it is preparing to notify 300-400 individuals regarding the incident, and has already notified relevant law enforcement agencies.

This isn’t the first time Marriott has suffered a significant data breach. Hackers breached the hotel chain in 2014 to access almost 340 million guest records worldwide – an incident that went undetected until September 2018 and led to a £14.4 million ($24M) fine from the U.K’s Information Commissioner’s Office. In January 2020, Marriott was hacked again in a separate incident that affected around 5.2 million guests.

TechCrunch asked Marriott what cybersecurity protections it has in place to prevent such incidents from happening, but the company declined to answer.

Continue Reading

Social

Rivian says it’s on track to deliver 25,000 vehicles this year – TechCrunch

Published

on

Rivian said Wednesday the company produced 4,401 vehicles at its manufacturing facility in Normal, Illinois, and delivered 4,467 vehicles for the quarter ended June 30.

“These figures remain in line with the company’s expectations, and it believes it is on track to deliver on the 25,000 annual production guidance previously provided,” Rivian said in a statement.

In the first quarter of 2022, Rivian produced 2,553 vehicles and delivered 1,227 vehicles.

The production figures include a mix of the Rivian R1T pickup truck, R1S SUV and the commercial vans it is making for Amazon.

Developing...

Continue Reading

Trending