![](\"https:\/\/media.wired.com\/photos\/5b899e543667562d3024c323\/master\/pass\/Hackers%20Hit%20The%20Oatmeal,%20and%20It%20Wasn't%20Funny.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Emily Dreyfuss| Date: Sat, 01 Sep 2018 13:00:00 +0000<\/strong><\/p>\n It may be <\/span>the end of August, that time when a sticky malaise settles in, but hackers can wreak havoc even during summer vacation. Which is why WIRED\u2019s security writers keep covering the news.<\/p>\n Like this story of how Iran set up a global propaganda campaign targeting social media. Issie Lapowski<\/a> lays out everything we know<\/a> about the country's 2018 propaganda machine, like how they used fake profile photos to catfish targets, and they had a real thing for Bernie Sanders.<\/p>\n Our writer Louise Matsakis<\/a> discovered a weird bug<\/a> in Facebook\u2019s two-factor authentication that made her think she\u2019d been hacked (she hadn\u2019t, but something was definitely wrong).<\/p>\n Also, Lily Hay Newman<\/a> found out that using your phone number as means for account verification across the internet is a really, really bad idea. Newman reported on how a T-Mobile data breach<\/a> last week exposed personal information, like phone numbers, and why that matters so much.<\/p>\n Another major security story this week came out of California, which is trying to pass a comprehensive digital privacy law to give residents control over their data. But the tech industry is fighting back<\/a>\u2014hard. Hackers are exploiting a decades-old-phone technology<\/a>\u2014AT commands, invented in the 1980s, way before smartphones\u2014to break into Android devices.<\/p>\n Finally, there was more movement in the 3-D gun arena. Despite a judge\u2019s injunction against sharing 3-D gun blueprints online, Defense Distributed\u2019s Cody Wilson is now selling the plans on flash drives<\/a> that he mails to whoever wants them. To actually ban 3-D-printed guns, the legislature would need to take action.<\/p>\n Plus, there's more. As always, we\u2019ve rounded up all the news we didn\u2019t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.<\/p>\n The Oatmeal Hit With DDoS Attack<\/a><\/strong><\/p>\n Internet comic website The Oatmeal, run by webcomic Matthew Inman, was offline for hours on Wednesday, thanks to an apparent DDoS attack. Inman tweeted that his website administrator emailed to say he\u2019d had to take the site offline because of the attack. Before the attack, the most recent comics on Inman\u2019s beloved site were about how dumb bees constantly chase humans they mistake for flowers and how babies are cute. Controversial stuff! After a few hours, Inman said he received an email<\/a> requesting a whopping $300 worth of Monero cryptocurrency. Though some crypto news outlets reported<\/a> the DDoS was a ransomware attack, Inman never paid the money and actually fixed the problem by adding a firewall layer<\/a> to his hosting site. He suspects the extortion attempt was a from an unrelated person trying to capitalize on the DDoS attack. It\u2019s unclear who did any of this, or why. If The Oatmeal isn\u2019t sacred online, is anything?<\/p>\n How Did a GOP Super PAC Get an Ex-Spy\u2019s Security Clearance Application?<\/a><\/strong><\/p>\n A former CIA agent who is now a Democratic congressional candidate in Virginia says a a GOP-aligned super PAC illegally accessed her security clearance application to use against her. The New York Times<\/em> reports that Abigail Spanberger sent a cease and desist letter to the executive director of the fund, demanding they destroy all copies of the application and stop using the information within it for political purposes. She figured out they had the information when a reporter from the AP showed her a copy they had been given by the PAC. The PAC said they got it through a Freedom of Information Act request, but security experts and Spanberger say a FOIA would not allow such a document to released unredacted. Security clearance applications contain the most intimate of details about a person\u2019s life. Many such applications were accessed by alleged Chinese hackers in the massive 2015 breach of the Office of Personnel Management.<\/p>\n Air Canada\u2019s Phone App Leaked Passport Numbers<\/a><\/strong><\/p>\n The passport details of 20,000 Air Canada customers may have been leaked in a data breach the airline reported Wednesday. According to ZDNet, the airline said the week previously it detected \u201cunusual login behavior\u201d and tried to fix the compromised system right away. But it wasn\u2019t fast enough to protect approximately one percent of its total customers from having their email, name, Known Traveler numbers, and passport numbers potentially stolen.<\/p>\n Telegram Says It\u2019ll Hand Over IP Addresses of Terror Suspects<\/a><\/strong><\/p>\n Telegram recently updated its privacy policy to say it would hand over phone numbers and IP addresses to law enforcement if it received a court order showing they were terror suspects. Though obviously helping to fight terrorism is important\u2013and terrorists are known to use encrypted messaging app<\/a>s to elude governments\u2014security experts worry that the definition of \u201cterrorist\u201d is a slippery one that can mean different things to different governments. Particularly concerning is that this move appears to be motivated by Russia banning Telegram\u2014and the country said it would likely allow it back now<\/a> that it had made this change. Though Telegram has been fighting Russia\u2019s attempt to breach its encryption, this policy change is a sign that the pressure may be too much for it handle.<\/p>\n Yahoo Is Selling Your Email Data to Advertisers<\/a><\/strong><\/p>\n Look, Yahoo has to stay on the cutting edge somehow, right? So while the rest of the tech industry considers scanning your email for info to sell to advertisers a verboten strategy, the old dolphin<\/a> Yahoo Mail is going for it. And making lots of money. The Wall Street Journal<\/em> reports that Yahoo Mail parent company Verizon Communications has been pitching advertisers on its ability to scan 200 million inboxes\u2014including AOL email address\u2014for clues to what customers want to buy. Google used to do this, but stopped last year.<\/p>\n