By Associated Press | Updated: 6 August 2022

A vulnerability in Twitter’s software that exposed an undetermined number of owners of anonymous accounts to potential identity compromise last year was apparently exploited by a malicious actor, the social media company said Friday.

It did not confirm a report that data on 5.4 million users was offered for sale online as a result but said users worldwide were affected.

The breach is especially worrisome because many Twitter account owners, including human rights activists, do not disclose their identities in their profiles for security reasons that include fear of persecution by repressive authorities.

“This is very bad for many who use pseudonymous Twitter accounts,” US Naval Academy data security expert Jeff Kosseff tweeted.

The vulnerability allowed someone to determine during log-in whether a particular phone number or email address was tied to an existing Twitter account, thereby revealing account owners, the company said.

Twitter said it did not know how many users may have been affected, and stressed that no passwords were exposed.

“We can confirm the impact was global,” a Twitter spokesperson said via email. “We cannot determine exactly how many accounts were impacted or the location of the account holders.”

Twitter’s acknowledgment in a blog post Friday followed a report last month by the digital privacy advocacy group Restore Privacy detailing how data presumably obtained from the vulnerability was being sold on a popular hacking forum for $30,000 (roughly Rs. 28.9 lakh).

A security researcher discovered the flaw in January, informed Twitter and was paid a reported $5,000 (roughly Rs. 4 lakh) bounty. Twitter said the bug, introduced in a June 2021 software update, was immediately fixed.

Twitter said it learned about the data sale on the hacking forum from media reports and “confirmed that a bad actor had taken advantage of the issue before it was addressed.”

It said it was directly notifying all account owners that it can confirm were affected.

“We are publishing this update because we aren’t able to confirm every account that was potentially impacted, and are particularly mindful of people with pseudonymous accounts who can be targeted by state or other actors,” the company said.

It recommended users seeking to keep their identities veiled not add a publicly known phone number or email address to their Twitter account.

“If you operate a pseudonymous Twitter account, we understand the risks an incident like this can introduce and deeply regret that this happened,” it said.

The revelation of the breach comes while Twitter is in a legal battle with Tesla CEO Elon Musk over his attempt to back out from his previous offer to buy San Francisco-based Twitter for $44 billion (roughly Rs. 3,500 crore).

By ANI | Updated: 5 August 2022

Digital payment platform Paytm on Friday assured to fix the issues hours after several users reported glitches while making the transactions through the app on social media.

In a tweet on Paytm Money’s handle, the company said, “Due to a network error across Paytm, a few of you might be facing an issue in logging into the Paytm Money App/website. We are already working on fixing the issue at the earliest. We will update you as soon as it is resolved.”

Many of the traders are even seeking compensation for the loss they suffered in the F&O (Futures and Options) due to the crash of Paytm Money during the market time.

Acknowledging the issues, the firm said in another tweet, “We understand that few of our Trading and F&O users would have faced real issues with their trades & positions. In our continued efforts to always have your back & to be fair & transparent, we request you write to us over email at exg.support@paytmmoney.com with your concerns.”

“We did have an issue and we would sincerely like to help. We are working hard to ensure such external issues do not reoccur. Thank you again for your support,” Paytm added.

Taking to Twitter, several users said they were not being able to log in to the Paytm app and website to make payments. Some even termed it as “theft” committed by the app.

Paytm allows customers to make digital payments for several services including prepaid and postpaid mobile, direct-to-home recharge, money transfers etc. It is available on all platforms including Android, Apple’s iOS and Windows Phone.

By Reuters | Updated: 5 August 2022

EU antitrust regulators have asked app developers whether Alphabet unit Google’s threat to remove apps from its Play Store if they use other payment options instead of its own billing system has hurt their business, two people familiar with the matter told Reuters.

Critics say fees charged by Google and Apple at their mobile app stores are excessive and cost developers collectively billions of dollars a year, a sign of the two companies’ monopoly power.

Questionnaires were sent to developers last month, the people said.

Of the 16 questions in the document, some covered the period 2017-2021 and others 2019-2021. The European Commission declined to comment. Google did not respond to an emailed request for comment.

The US tech giant has said apps would be removed from its app store starting June this year if developers do not use its billing system.

Respondents were asked whether Google’s policy change this year impacted the distribution of their goods or services on Google Play Store, which apps were affected and if it affected their ability to acquire users on Android devices, the people said.

Regulators wanted to know if the change has forced developers to drop other payment options in favour of Google Billing and whether migrating users to another payment option affected the number of pre-existing users and the developers’ access to data.

Developers were asked whether they believed they could offer a better service or product if they have the option of another payment system.

The EU competition enforcer also wanted to know if Google allowed them to use an alternative payment system, charged a service fee for this or complained about the security of their payment method.

App developers were asked if US payments giant Stripes, Dutch payment system Adyen and PayPal unit Braintree are seen as alternative payment systems.

Last month, Google said non-gaming app developers can switch to rival payment systems with a lower fee of 12 percent instead of 15 percent, with the move applying to European users, in order to comply with EU rules that will come into force next year.

Politico first reported about the Commission’s query.

© Thomson Reuters 2022

 By Agence France-Presse | Updated: 3 August 2022

UK regulators on Wednesday gave the provisional nod to US cyber security giant NortonLifeLock’s $8-billion (roughly Rs. 63,320 crore) purchase of Czech rival Avast, whose London shares surged more than 40 percent in reaction.

The Competition and Markets Authority (CMA) watchdog had opened an in-depth probe after warning in March that the deal risked harming competition.

However, the CMA concluded in initial findings published on Wednesday that this was not the case.

“Millions of people across the UK rely on cybersafety services to keep them safe online,” said Kirstin Baker, chair of the CMA inquiry group, in a statement.

“After gathering further information from the companies involved and other industry players, we are currently satisfied that this deal won’t worsen the options available to consumers.”

She added that the CMA has therefore “provisionally concluded that the deal can go ahead”.

In reaction, Avast’s London stock surged 42.41 percent to 680.60 pence on the British capital’s falling market.

That gave Avast a stock market capitalisation of about $8.5 billion (roughly Rs. 67,260 crore).

The regulator found both businesses “face significant competition”, particularly from main rival McAfee but also from smaller suppliers.

In addition, Microsoft’s built-in security applications on its Windows operating system provided “increasingly important alternatives” for consumers.

NortonLifeLock said it “welcomed” the news, adding in a separate statement that it hoped to complete the deal by September 12, pending final CMA approval.

The pair had announced the blockbuster takeover last year to create a leading consumer business as Internet activity boomed during the pandemic.

By Press Trust of India | Updated: 3 August 2022

The government has blocked 348 mobile applications that were identified by the Home Ministry for transmitting users’ information in an unauthorised manner to servers located outside the country, Parliament was informed on Wednesday.

Minister of state for electronics and IT Rajeev Chandrasekhar in a written reply to the Lok Sabha said the apps are developed by various countries, including China.

“Based on the request from MHA, the Ministry of Electronics and Information Technology (MeitY) has blocked those 348 mobile applications since such data transmissions infringes the sovereignty and integrity of India, defence of India and security of the State,” he said.

There was no mention of the time period when these 348 apps were blocked by the Meity.

Last month, the Battlegrounds Mobile India, or BGMI, was removed from Google Play Store as well as App Store over government’s order. The removal happened without warning. However, Google confirmed that it received a government order directing it to delist the popular online game.

It was later reported that BGMI from the South Korean game development firm Krafton was removed from app stores as there were concerns about its data sharing and mining in China, an Indian government source told Reuters. Section 69A of India’s IT Act allows the government to block public access to content in the interest of national security, among other reasons.

However, the Skyesports CEO and Founder Shiva Nandy has recently mentioned via Instagram that the ban is temporary. The game will be back in India soon.

By Press Trust of India | Updated: 2 August 2022

The government is taking action against dubious digital loan apps, including those originating from outside the country, and also Indians who helped in setting them up, Finance Minister Nirmala Sitharaman informed Rajya Sabha on Tuesday. Most of the dubious apps are originating from one particular country and as a result a lot of borrowers are harassed and money is being extorted by these apps, she said during the Question Hour while replying to a supplementary question.

The minister was asked about reports of dubious digital loan apps backed by Chinese entities which do not follow RBI guidelines in giving loans.

Sitharaman said the Ministry of Finance, Corporate Affairs, Ministry of Electronics and Information Technology, and a few other departments, inclusive of Home, are all constantly discussing and working to ensure action is taken in these cases.

“Only a couple of months ago particularly in the state of Telangana a lot of people have been put to harassment and action has been initiated. That’s not to say we are not taking action elsewhere,” she said.

She also said the government is consciously taking action against Indian citizens who have also helped in establishing these companies and also what may be broadly defined as shell companies through which they are operating.

So, actions in all these angles are being taken, she added.

Reserve Bank of India (RBI) Governor Shaktikanta Das had recently said the central bank will soon come out with regulatory architecture for digital lending platforms.

Most of the digital lending apps are not registered with the central bank and operate by themselves. There have been increasing cases of alleged suicides of borrowers due to harassment by a few of the operators of digital lending apps.