Twitter invests $70 million in SoundCloud

Twitter might not have bought SoundCloud, but it still wants a say in the streaming music service’s future. The social network has confirmed that it recently invested in SoundCloud — it won’t provide details, but Recode sources peg the value at $70 million. The move is meant to boost “efforts with creators,” and reflects the “community-supported approach” that both sites share. It’s not certain if there’s an official partnership, but it’s easy to see Twitter getting some say.

You could see this coming. SoundCloud was the first company to embrace Twitter’s audio cards and has generally been a good ally, so it’s in Twitter’s best interests to offer some support. Meanwhile, SoundCloud itself could use the Twitter link to get extra promotion for its Go music service. And both companies could stand to shake things up — they’re not growing briskly, so they don’t have much to lose by rethinking their music strategies.

Source: Recode

Twitter helps you quote your own tweets

Until now, quoting yourself on Twitter was a headache. You usually had to copy the link to your old post and paste it in to share that timeless comment or uncanny prediction. You won’t have to do that after today, though: Twitter has made it easy to quote or retweet yourself in “just a few taps.” It’s a simple change, but this (along with an improved mention system) could help stimulate conversation by letting you quickly reflect upon a favorite remark.

Now you can easily Retweet or Quote Tweet yourself with just a few taps. Pick an old favorite and give it a try! 🔄 https://t.co/bUj4ezQNOJ

— Twitter (@twitter) June 14, 2016

Source: Twitter

Twitter makes it easier to block abusers

Twitter has already taken a few steps to curb harassment, but what about the basic act of blocking someone? That’s getting easier, too. The social network is introducing a simpler blocking experience that takes some of the headaches out of the process: just go to the offending tweet, choose Block from the “…” button and that person vanishes from your timeline. It’s not going to get rid of systematic abuse (such as people who create dummy accounts or put you on targeted lists), but it will help you get back to your regular tweeting a little bit sooner.

Starting today, we’re making Block easier to help you control your Twitter experience. https://t.co/8pee8rzN1I pic.twitter.com/gCzkTwoglP

— Safety (@safety) June 13, 2016

Source: Safety (Twitter), Twitter Safety Center

Hacker hijacks @Deray by redirecting his Verizon phone number

While everyone freaks out over passwords to millions of Twitter accounts floating around, the hijacking of yet another high-profile account shows that hackers don’t necessarily need your password. Activist and former mayoral candidate Deray Mckesson was the latest to have his account taken over, with an attacker deciding to claim Deray supports Donald Trump. According to Mckesson, this happened even though the hacker didn’t have his password, and he had two-factor authentication turned on for his account. In this case, the hacker went a step further, by hijacking his phone number with the help of Verizon customer service.

Today I learned that it is rather easy for someone to call the provider & change your SIM. The hacker got the account verification texts.

— deray mckesson (@deray) June 10, 2016

As detailed in a series of tweets, this morning someone called Verizon posing as Mckesson and apparently armed with the last four digits of his social security number. This person changed the registered SIM on his account to one they controlled, redirecting and SMS to their phone instead of his. After that, they just triggered a password reset on Twitter and waited for the authorization code to come in.

While @Deray was able to recover his account with Twitter’s help (it’s good to be friends with @Jack), for the normal user it might not be as easy. Unfortunately, even with extra security in place like this, social engineering of various types can still put your information at risk. Hackers used a similar message to take control of developer Grant Blakeman’s Instagram page in 2014, and accessed a Gmail account for the CEO of Cloudflare in 2012 by redirecting his AT&T voicemail. Wired writer Mat Honan had his accounts and devices taken over when a hacker convinced Amazon to give up the last four digits of his credit card number, then used that information to get a new password for his Apple iCloud account.

So what else can you do to protect yourself? Unfortunately, many services still use SMS or phone calls to perform the second bit of authentication (using a one-time password powered by apps like Google’s Authenticator removes your phone number from the equation), and when it comes to telephone and cable providers they largely don’t support two-factor at all. Instead, they by default will verify account info over the phone using the SSN, as seen in this case, which is all too easily found by hackers.

Buzzfeed points out a recommendation recently published by the FCC’s CTO: The major mobile carriers will allow you to set your own password that’s required for account access. Sprint requires a PIN at account setup, Verizon can set up a four-digit billing password, T-Mobile will set up a customer care password if you ask, and AT&T lets you set one up via its app. Your internet service provider probably has a similar option, but you may have to request it there also.

Source: Deray Mckesson (Twitter)

Twitter locks ‘millions’ of accounts with exposed passwords

While Twitter maintains that its servers have not been hacked, the company now says it has “cross-checked” the account data noted by LeakedSource and is taking pre-emptive measures. Particularly notable in light of hacks that have recently affected accounts from Katy Perry to Mark Zuckerberg to the NFL, the social network said it has identified a number of accounts for extra protection. No matter where the information came from, whether via malware or shared passwords revealed in hacks of other services, any accounts with “direct password exposure” have been locked (similar to pre-emptive moves Netflix and others are using when they see account details floating around), and emails were sent to the owner prompting for a password reset.

In light of recent events, learn more about account security on Twitter and what we’re doing to keep yours safe. https://t.co/Hug5cLr6r8

— Twitter (@twitter) June 10, 2016

There’s no word on exactly how many accounts in the database checked out, but Twitter told the Wall Street Journal that “millions” of accounts have been notified. If your account is vulnerable then you should’ve already been notified; so if your inbox is empty and you can still sign in then you don’t have anything (more than usual) to worry about. Still, it’s always a good time to reset your password just in case, use unique passwords on every account (a password manager like 1Password or LastPass can be helpful) and enable two-factor authentication wherever available.

Source: Twitter Blog

Twitter ‘confident’ that 32 million usernames weren’t hacked

Recently revealed breaches into MySpace and LinkedIn have been followed by someone allegedly selling 32 million leaked Twitter accounts on the dark web. But Twitter spokespeople and the company’s information security officer have denied that their security has been compromised, leading some to theorize that info from these accounts was leaked the old-fashioned way: by malware.

A Russian seller with the username “Tessa88” claimed to have the database of usernames, emails and passwords for 32 million accounts, according to ZDNet. The asking price was 10 bitcoins, or about $5,773, as of this writing. The seller noted they acquired the database in 2015 as part of a larger haul of 379 million accounts, far more than Twitter’s 310 million monthly users, though that could include dormant ones.

In a prepared statement, a Twitter spokesperson denied that its systems had been hacked, and that the company has “been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks.” Twitter’s trust and info security officer tweeted last night that the company is confident that its systems weren’t breached.

We securely store all passwords w/ bcrypt. We are working with @leakedsource to obtain this info & take additional steps to protect users.

— Michael Coates ஃ (@_mwc) June 9, 2016

Instead, the accounts were probably acquired by malware that copied passwords and usernames entered while browsing in Chrome or Firefox, according to LeakedSource. After filtering out duplicates, their analysis of the database confirmed 32 million purported accounts. As befits their mission, LeakedSource has uploaded the database for users to search for their own usernames, full names and passwords, and says they will remove them upon request.

There’s probably no cause for alarm unless your password is weak, said Microsoft regional director and MVP for developer security Troy Hunt:

Change your Twitter password if it’s weak or reused, but they’re probably the only reasons to. Oh – and multi-step verification too.

— Troy Hunt (@troyhunt) June 9, 2016

Source: ZDNet

Twitter and TfL combine to alert you about Tube and train delays

A pilot scheme has been launched by both Twitter and Transport for London to notify travellers about severe delays to train and Tube services.

Customers can opt in to receive instant notifications when there are delays to services. That way they can find alternative routes before heading into the London Underground system or to train stations.

Followers of the London Overground, TfL Rail, Central Line or District Line Twitter accounts can have the notifications set-up so they are informed directly on their mobile phones whenever an incident has occurred. They can also be sent to a computer, free as charge.

To opt in, just head to tfl.goc.uk/twitter-alerts and select the lines that are relevant to you. Some of the lines and accounts are still to be activated, which will possibly happen once the pilot scheme has ended and is judged successful.

TfL is gathering feedback from customers throughout the summer to see if the scheme should be extended.

“Like every Londoner, I rely on public transport to get me around and this world-first service looks set to become an essential tool for millions of Tube passengers,” said Sadiq Khan, the recently-elected mayor of London.

“It is an innovative way of providing people with live updates from the Underground and contributes to my goal of making it as easy as possible to get around the capital.”

Twitter and TfL team up for instant Tube disruption alerts

From today, London’s Tube and train passengers can get travel alerts sent to their phone, thanks to a partnership between Transport for London (TfL) and Twitter. In what’s being described as a “world first” by the travel authority, the new service will notify travellers via a direct message if there are severe delays on their chosen line.

To get started, Londoners will need to opt-in to Travel Alerts via the TfL website, which is still undergoing testing. Currently, four Twitter accounts are live — Central Line, District Line, London Overground and TfL Rail — with more routes becoming “available soon.” Users can also set the times when they get alerts, like turning off commuter pings over the weekend (if they so choose).

Mayor of London Sadiq Khan had this to say on the new integration: “Like every Londoner I rely on public transport to get me around and this world-first service looks set to become an essential tool for millions of Tube passengers. It is an innovative way of providing people with live updates from the Underground and contributes to my goal of making it as easy as possible to get around the capital.”

It’s not the first time Twitter has partnered with organisations to deliver real-time updates. The company lists various UK police and fire services on its Twitter Alerts page, as well as child-protection and weather agencies. It’s a great way to avoid Twitter’s out-of-order timelines and ensure commuters can navigate around potential issues.

Via: Evening Standard

Source: TfL Travel Alerts