![](\"https:\/\/media.wired.com\/photos\/5bae95f19d86a52d3f1d0229\/master\/pass\/feds_watchin-FA-02.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Wired Staff| Date: Sat, 29 Sep 2018 14:41:15 +0000<\/strong><\/p>\n This week has <\/span>been hard for lots of people, for lots of reasons, but at least it\u2019s over. As a parting shot, though, Facebook announced a security breach that affected at least 50 million people<\/a>\u2014and possibly as many as 90 million. Or who knows! Maybe more. It\u2019s early days yet.<\/p>\n Facebook hasn\u2019t yet figured out who the hackers are\u2014and may never\u2014or the full extent of the damage, although the attackers could have gained full access to affected accounts. Oh, and also apparently to any account you used Facebook to login to<\/a>. Not great!<\/p>\n In other concerning news, new research illustrates how mobile sites access some of your smartphone\u2019s sensors<\/a>\u2014including motion and light\u2014without asking permission or notifying you at all. Security researchers at ESET caught Russian hackers using a clever technique called a UEFI rootkit<\/a>, which not even swapping in a new hard drive will fix. And while deputy attorney general Rod Rosenstein kept his job this week, don\u2019t expect the Mueller investigation status quo to last<\/a> much beyond the midterm elections regardless.<\/p>\n There was at least some good news to be found. The new series of YubiKey hardware authentication tokens will support the FIDO2 standard, which is a very jargon-heavy way of saying you\u2019ll be able to plug them into your computer instead of using a password someday<\/a>. And while Google introduced a very confusing, not great change<\/a> to Chrome that made it look like people were logged in against their wishes, they ended up making it optional. Which is a partial win?<\/p>\n Elsewhere, DIY gun evangelist Cody Wilson resigned from the company he founded, Defense Distributed<\/a>, amid unassociated legal turmoil<\/a>. Don't expect that to slow the march of 3-D printed firearms, though. And remember how voting machine security was a mess<\/a> before the 2016 election? Surprise! It's still very much a mess<\/a>.<\/p>\n And there's more! As always, we\u2019ve rounded up all the news we didn\u2019t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.<\/p>\n Over the last several weeks, Facebook has been fighting the US government in court over whether it has to wiretap an alleged gang member's Messenger account. It was seen as an important test case for preserving strong encryption; the feds were hoping for Facebook's help to access to Messenger calls they otherwise could not. On Friday, a judge ruled in favor of Facebook, preserving the privacy status quo, at least for now.<\/p>\n And then more bad Facebook news. What a rollercoaster! Gizmodo reporter Kashmir Hill confirmed this week that Facebook accesses \u201cshadow contact information\u201d to target ads at people. Specifically, in this case, the email addresses and phone numbers you hand over in answer to security questions to secure your account\u2014think your two-factor phone number\u2014as well as any contact info Facebook may have found of yours through your friends. By using only this shadow data, Hill was able to target a single security researcher with an ad for his eyes only. Hill reports that Facebook denied doing this last year when she asked the company about it. When confronted with Hill's evidence, Facebook finally acknowledged that it does..<\/p>\n Remember back in 2016 when Uber had a massive data breach\u2014affecting 25 million customers\u2014but didn\u2019t tell anyone about it for more than a year? Of course you do. It was a huge scandal, not least because it came just two years after an earlier large breach and because rather than warn their customers, Uber paid the hackers to keep the breach a secret. Now the company has to pay a $148 million penalty\u2013the largest ever for a data breach.<\/p>\n A puppet master for the long-running and beloved Broadway show \u201cThe Lion King\u201d was arrested at the Minskoff Theater recently. Ilya Vett was charged with \u201cattempted criminal possession of a firearm\u201d after theater staff found at least part of a 3-D printed gun in his office. It\u2019s illegal in the state of New York to print a revolver, assault rifle or pistol without a permit. When an NYPD police officer arrived at the theater, the officer wrote in the criminal complaint, he saw the 3-D printer in the theater\u2019s prop room in the act of printing a revolver. Vett told cops he was making the gun for his brother who lives upstate, and who he claimed had a permit. He\u2019d found the prints online. No word on whether Disney will allow Vett to return to building Mufasa and Pumba puppets.<\/p>\n