Connect with us

Social

Social media boosting service exposed thousands of Instagram passwords – TechCrunch

Published

on

A social media boosting startup, which bills itself as a service to increase a user’s Instagram followers, has exposed thousands of Instagram account passwords.

The company, Social Captain, says it helps thousands of users to grow their Instagram follower counts by connecting their accounts to its platform. Users are asked to enter their Instagram username and password into the platform to get started.

But TechCrunch learned this week Social Captain was storing the passwords of linked Instagram accounts in unencrypted plaintext. Any user who viewed the web page source code on their Social Captain profile page could see their Instagram username and password in plain sight, so long as they had connected their account to the platform.

Making matters worse, a website bug allowed anyone access to any Social Captain user’s profile without having to log in — simply plugging in a user’s unique account ID into the company’s web address would grant access to their Social Captain account — and their Instagram login credentials.

Because the user account IDs were for the most part sequential, it was possible to access any user’s account and view their Instagram password and other account information with relative ease.

A security researcher, who asked not to be named, alerted TechCrunch to the vulnerability and provided a spreadsheet of about 10,000 scraped user accounts. (A recent court ruling found that scraping websites does not fall afoul of U.S. computer hacking laws.) The spreadsheet contained about 4,700 complete sets of Instagram usernames and passwords. The rest of the records contained just the user’s name and their email address.

The data also showed if the accounts were free trial or paid premium accounts. Only about 70 accounts were paying customers, the data said, but many of those premium accounts also contained the customer’s billing addresses.

We verified the bug by creating a dummy Instagram account and connecting it to a new Social Captain account, and viewing the web page source code of our profile page on Social Captain.

Users were asked to connect their Instagram accounts to the service by entering their username and password. Despite the claim it was “secure,” passwords were collected and stored in plaintext. (Image: TechCrunch)

After TechCrunch reached out, Social Captain confirmed it had fixed the vulnerability by preventing direct access to other users’ profiles.

But passwords and other account information are still visible in the web page source code of a user’s profile page.

“Early analysis indicates that the issue was introduced during the past weeks when the endpoint, meant to facilitate integration with a third-party email service, has been temporarily made accessible without token-based authentication,” said Anthony Rogers, chief executive at Social Captain.

“As soon as we finalize the internal investigation we will be alerting users that could have been affected in the event of a breach and prompt them to update the associated username and password combinations,” he said.

Rogers did not say how long that investigation would take.

Instagram said the service breached its terms of service by improperly storing login credentials.

“We are investigating and will take appropriate action. We strongly encourage people to never give their passwords to someone they don’t know or trust,” said an Instagram spokesperson.

Users who signed up to Social Captain should change their Instagram passwords immediately.

It’s the latest security incident to hit Instagram users, even if the Facebook -owned social media giant was not directly culpable for the lapse. Last year, Instagram expanded its bug bounty to include misuse of account data just months after an Indian social media firm scraped the contact information of Instagram influencers on a massive scale. Instagram also last year cut off a trusted ad partner for secretly collecting and storing the locations and other data on millions of users.

Continue Reading

Social

SAIC Mobility Robotaxi valued at $1B after $148M Series B – TechCrunch

Published

on

SAIC Mobility Robotaxi, an arm of state-owned Chinese automaker SAIC aiming to launch a commercial robotaxi service, raised $148 million (RMB 1 billion). The funds will be used to scale its robotaxi service in China, which it will operate in partnership with autonomous vehicle company Momenta.

SAIC Group led the Series B round that also saw participation from Momenta, Gaoheng Management Consulting and other institutions. The funding brought SAIC Mobility’s total valuation to more than $1 billion, according to the company.

SAIC Mobility’s robotaxis are powered using Momenta’s “Flywheel L4” technology, which is designed to use deep learning rather than a rules-based, machine learning approach. Momenta contends that the technology allows the robotaxis to quickly iterate and improve its algorithms.

The funding comes eight months since the two companies launched two 100-day trials in the cities of Shanghai and Suzhou. The pilot, which launched in December, tested a fleet of 60 vehicles, all of which had a safety driver behind the wheel at all times. SAIC says it reached a daily order volume of about 20 rides per vehicle, and that its overall user satisfaction rate was 98%. About 80% of riders used the service two or more times after their initial experience, according to the companies.

The next step is to advance SAIC’s trial in Shanghai and Suzhou into a service as SAIC Mobility gears up for eventual commercialization. Local regulations don’t support commercialization and SAIC wants to be ready when new regulations are released early next year, according to a SAIC spokesperson.

With Momenta on its side, SAIC Mobility has a good chance of scoring a commercial deployment permit in Suzhou. The company has a joint venture with the Suzhou branch of the state-owned Assets Supervision and Administration Commission of the State Council (SASAC), which has oversight of more than 100 large state-owned enterprises, to “scale up” robotaxi deployment in the city.

Launching in Shanghai will put SAIC Mobility in competition with other big players, like Baidu, which also has an autonomous ride-hailing service, Apollo Go, in the city. Baidu also recently got the green light to operate a commercial robotaxi service, without a human driver present, in Wuhan and Chongqing. Baidu is also operating Apollo Go commercially in Beijing, with a human safety operator present, alongside Pony.ai.

Momenta and SAIC have said in the past that they aim to deploy 200 vehicles across China by 2022. To reach this aim, the two companies will use the Series B to buy and develop more vehicles, more than doubling the current number in its fleet, and to continue to improve on both the ride-hailing app, as well as the autonomous capabilities of the vehicles, said the spokesperson.

“SAIC Mobility Robotaxi’s success is the organic combination of ‘operational experience’ and ‘leading autonomous driving technology,’” said Cao Xudong, CEO of Momenta, in a statement. “Our two companies together will continue to develop the technology, products and commercial implementation to meet the future and diverse travel needs of end users. We believe that this will become the industry benchmark for autonomous driving and in-depth cooperation between leading car companies and operating platforms, and the future of scalable [uncrewed] driving.”

Continue Reading

Social

Pomelo exits stealth mode with $20M seed to rethink international money transfer – TechCrunch

Published

on

Eric Velasquez Frenkiel had a seemingly simple thought when visiting his family in the Philippines, impressed by the cashless economy that had formed. Instead of sending money to his family once a year – a costly, fee-heavy affair – why can’t he just leave his credit card there?

As with many things in fintech, it wasn’t that simple. But the seed of the idea made the former enterprise chief executive turn his career into a bet on one of fintech’s most elusive problems.

Pomelo, Frenkiel’s new startup launching out of stealth today, wants to make it easier to send remittance payments and conduct international money transfer, with a credit twist.

To execute on that vision, Pomelo has raised a $20 million seed round led by Keith Rabois at Founders Fund and Kevin Hartz at A* Capital, with participation from Afore Capital, Xfund, Josh Buckley and the Chainsmokers. The round also included a $50 million warehouse facility, which will allow Pomelo to give upfront cash to people who want to make transfers.

Venture investors are not the only cohort showing interest; over 120,000 people have joined Pomelo’s waitlist over six months, according to Frenkiel. (It’s important not to confuse this Pomelo with another Pomelo, a fintech-as-a-service platform for Latin America that has raised $9 million in funding). Oh, fintech.

Here’s how the startup works: if someone wants to send money overseas, they make a Pomelo account, which comes with up to four credit cards. The creator of the account – let’s just assume that they’re the one that is sending the money – can set limits, pause cards and view spending habits.

Pomelo’s key tweak is around credit. Senders can give cash, in the form of credit, to family members – which the startup thinks will help with instant access to funds, fraud and chargeback protection and, for potential immigrants that may use this to send money back home, a way to boost one’s credit score with more transaction history.

Challenges still await any fintech, whether traditional or scrappy upstart, that is betting its business on backing potentially risky individuals. For example, Pomelo doesn’t want to rely on credit score when deciding whether or not to trust a sender, because the metric historically leaves out those who don’t have a bounty of access to financial literacy or spending.

Image Credits: Pomelo

“If you do have a credit score and you have enough credit history, you would get up to $1,000 a month,” Frenkiel said. “But if you don’t have credit or wish to improve your credit, we give you a credit builder.” Customers are invited to supply a secure deposit, so that there’s a way to prove creditworthiness down the road, and Pomelo is able to “actually balance the need to extend credit but also ensure we stay in business long term.”

International money transfer continues to be an expensive affair for senders. Unsurprisingly, that pain point has led to a plethora of startups. Startups offer a sliding scale proposition, meaning it costs more to send more money, or a flat-fee value proposition, with a $5 fee for all transfers regardless of size. Per the World Bank, around 6% of a total check is removed via fees and exchange rate markups.

Rethinking remittance thus feels like a common pitch. Frenkiel says that Pomelo’s closest competitors are Xoom and Remitly, although he thinks they differentiate in two keys ways: the focus on credit, and a “fundamentally new revenue model.”

Pomelo doesn’t make money from senders via transfer fees, instead leaning its business on interchange fees paid by merchants. “You shouldn’t have to pay money to send money,” Frenkiel adds.

While interchange fees have their own slew of issues as a business model, let’s end with some insurance: both Visa and Mastercard were interested in partnering with the startup, but the latter won the deal.

“MasterCard allows us to work in more than 100 countries,” Frenkiel said. “Obviously, we’re starting off with a few, but the idea is that there’s far more endpoints to take MasterCard or Visa than having banking as a prerequisite to send money… we hope we can eventually deliver a product to wherever MasterCard is accepted around the world. ”

The startup is servicing the Philippines, but soon plans to expand to Mexico and India as well as other geographies.

Continue Reading

Social

Watch NASA roll out the mega moon rocket Space Launch System ahead of launch – TechCrunch

Published

on

NASA engineers have completed final tests of the Space Launch System (SLS), clearing the way for the mega moon rocket to roll out to the launch pad today instead of Friday as originally planned.

The space agency was able to move up the date for the rollout — when a transporter-crawler moves the 322-foot-tall SLS from the Vehicle Assembly Building to launch pad 39B at Kennedy Space Center — because it completed key tests of the rocket’s flight termination system (FTS). The FTS is a critical series of components that ensure a rocket can be safely destroyed after launch in the case of a major failure. Testing of the FTS was “the final major activity” on NASA’s pre-launch to-do list, the agency said.

Image Credits: NASA

Testing and installing the FTS was last on the list because the system starts a proverbial “clock” of around 20 days for launch. If launch does not occur within this period, the system must be retested. This time frame is set by the U.S. Space Force and by the FTS’s own battery system. NASA was able to get an extension from Space Launch Delta 45, the USSF unit that has jurisdiction over launches on the east coast, from 20 days to 25 days.

That means NASA is on track for a first launch attempt of the Artemis I mission on August 29. Thanks to the extension, NASA can now make backup launch attempts on September 2 and September 5.

Artemis I is the first in a series of planned launches aimed at returning humans to the moon for the first time since the Apollo era. The primary goal is to test the Orion spacecraft and ensure it can safely carry humans. (SLS is not reusable, so while a successful launch will surely give engineers plenty of confidence about the rocket, it will not make a second flight.) During the mission, Orion will journey around the moon before conducting a reentry and splashdown back on Earth.

The next flight in the manifest, Artemis II, is scheduled for 2024. This mission will carry humans, though they won’t touch down on the moon. That privilege will go to the next cohort of astronauts, which will include the first woman and person of color to go to the moon, during the Artemis III mission scheduled to launch in the middle of the decade.

Today’s rollout is expected to take around 11 hours. Click on the video above to watch it live.

Continue Reading

Trending