427 stories
·
0 followers

Amazon fires employees for leaking customer email addresses and phone numbers

1 Share

Amazon has fired a number of employees after they shared customer email address and phone numbers with a third-party “in violation of our policies.”

The email to customers sent Friday afternoon, seen by TechCrunch, said an employee was “terminated” for sharing the data, and that the company is supporting law enforcement in their prosecution.

Amazon confirmed the incident in an email to TechCrunch. A spokesperson said a number of employees were fired. But little else is known about the employees, when the information was shared and with whom, and how many customers are affected.

“No other information related to your account was shared. This is not a result of anything you have done, and there is no need for you to take any action,” the email read to customers.

An email to Amazon customers, saying an employee was fired. Amazon said multiple employees were fired.

It’s not the first time it has happened. Amazon was just as vague about a similar breach of email addresses last year, in which Amazon declined to comment further.

In a separate incident, Amazon said this week that it fired four employees at Ring, one of the retail giant’s smart camera and door bell subsidiaries. Ring said it fired the employees for improperly viewing video footage from customer cameras.

Updated headline to clarify that an unknown number of employees were fired.

 

Read the whole story
rosshosman
8 days ago
reply
Denver, CO
Share this story
Delete

Away co-founder Steph Korey, who allegedly fostered a toxic culture, is back

1 Share

Away co-founder Steph Korey, the one who stepped down as CEO following reports of her role in creating a toxic culture, is back at the helm of the luggage startup, The New York Times reports.

The original plan was for Lululemon COO Stuart Haselden to take over today and, in a way, he will. Though, Haselden will now be co-CEO along with Korey. In an interview with the NYT, Korey said the board changed its mind after realizing it wasn’t the right move.

This all comes after The Verge’s explosive investigation into Away’s toxic workplace. Since then, the company has hired a lawyer, Elizabeth M. Locke, though has not filed a lawsuit. If Locke’s name sounds familiar, it may be because she’s the one who successfully sued Rolling Stone for defamation regarding an alleged gang rape at the University of Virginia.

“Steph Korey responding to our reporting by saying her behavior and comments were ‘wrong, plain and simple’ and then choosing to step down as CEO speaks for itself,” The Verge editor-in-chief Nilay Patel said in a statement to the NYT.

Following The Verge’s story, which described a workplace where Korey was known for berating employees via Slack, Korey tweeted last month that she was “making things right” at the company.

“I’m not proud of my behavior in those moments, and I’m sincerely sorry for what I said and how I said it,” she tweeted. “It was wrong, plain and simple.”

She added that she had also been working with an executive coach since those incidents the report highlighted. According to The Wall Street Journal, Away had been looking for Korey’s replacement since the spring.

In a Slack note sent to employees today, Korey said what happened in December created a lot of confusion, and more questions than answers. She added that it “unleashed a social media mob — not just on me, but also on many of you.”

At this point, Away’s plan is to consider legal action against The Verge and try to improve lines of communication within the company.

Read the whole story
rosshosman
8 days ago
reply
Denver, CO
Share this story
Delete

With its Kubernetes bet paying off, Cloud Foundry doubles down on developer experience

1 Share

More than 50% of the Fortune 500 companies are now using the open-source Cloud Foundry Platform-as-a-Service project — either directly or through vendors like Pivotal — to build, test and deploy their applications. Like so many other projects, including the likes of OpenStack, Cloud Foundry went through a bit of a transition in recent years as more and more developers started looking to containers — and especially the Kubernetes project — as a platform on which to develop. Now, however, the project is ready to focus on what always differentiated it from its closed- and open-source competitors: the developer experience.

Long before Docker popularized containers for application deployment, though, Cloud Foundry had already bet on containers and written its own orchestration service, for example. With all of the momentum behind Kubernetes, though, it’s no surprise that many in the Cloud Foundry started to look at this new project to replace the existing container technology.

Read the whole story
rosshosman
133 days ago
reply
Denver, CO
Share this story
Delete

Clubhouse announces new collaboration tool and free version of its project management platform

1 Share

Clubhouse — the software project management platform focused on team collaboration, workflow transparency and ease of integration — is taking another big step towards its goal of democratizing efficient software development.

Traditionally, legacy project management programs in software development can often appear like an engineer feeding frenzy around a clunky stack of to-dos. Engineers have limited clarity into the work being done by other members of their team or into project tasks that fall outside of their own silo.

Clubhouse has long been focused on easing the headaches of software development workflows by providing full visibility into the status of specific tasks, the work being done by all team members across a project, as well as higher-level project plans and goals. Clubhouse also offers easy integration with other development tools as well as its own API to better support the cross-functionality a new user may want.

Today, Clubhouse released a free version of its project management platform, that offers teams of up to 10 people unlimited access to the product’s full suite of features, as well as unlimited app integrations.

The company also announced it will be launching an engineer focused collaboration and documentation tool later this year, that will be fully integrated with the Clubhouse project management product. The new product dubbed “Clubhouse Write” is currently in beta (you can request early access here), but will allow development teams to collaborate, organize and comment on project documentation in real-time, enabling further inter-team communication and a more open workflow.

The broader mission behind the Clubhouse Write tool and the core product’s free plan is to support more key functions in the development process for more people, ultimately making it easier for anyone to start dynamic and distributed software teams and ideate on projects.

write screenshot

“Clubhouse Write” Beta Version. Image via Clubhouse

In an interview with TechCrunch, Clubhouse also discussed how the offerings will provide key competitive positioning against larger incumbents in the software project management space. Clubhouse has long competed with Atlassian’s project management tool “Jira”, but now the company is doubling down by launching Clubhouse Write which will compete head-on with Atlassian’s team collaboration product “Confluence”.

According to recent Atlassian investor presentations, Jira and Confluence make up the lion’s share of the Atlassian’s business and revenues. And with Atlassian’s market capitalization of ~$30 billion, Clubhouse has its sights set on what it views as a significant market share opportunity.

According to Clubhouse, the company believes it’s in pole position to capture a serious chunk of Atlassian’s foothold given it designed its two products to have tighter integration than the legacy platforms, and since Clubhouse is essentially providing free versions of what many are already paying for to date.

And while Atlassian is far from the only competitor in the cluttered project management space, few if any competing platforms are offering a full project tool kit for free, according to the company. Clubhouse is also encouraged by the strong support it has received from the engineering community to date. In a previous interview with TechCrunch’s Danny Crichton, the company told TechCrunch it had reached at least 700 enterprise customers using the platform before hiring any sales reps, and users of the platform already include Nubank, Dataiku, and Atrium amongst thousands of others.

Clubhouse has ambitious plans to further expand its footprint, having raised $16 million to date through its Series A according to Crunchbase, with investments from a long list of Silicon Valley mainstays including Battery Ventures, Resolute Ventures, Lerer Hippeau, RRE Ventures, BoxGroup, and others.

A former CTO himself, Clubhouse cofounder and CEO Kurt Schrader is intimately familiar with the opacity in product development that frustrates engineers and complicates release schedules. Schrader and Clubhouse CMO Mitch Wainer believe Clubhouse can maintain its organic growth by that staying hyperfocused on designing for product managers and creating simple workflows that keep engineers happy. According to Schrader, the company ultimately wants to be the “default [destination] for modern software teams to plan and build software.”

“Clubhouse is the best software project management app in the world,” he said. “We want all teams to have access to a world-class tool from day one whether it’s a 5 or 5,000 person team.”

Read the whole story
rosshosman
133 days ago
reply
Denver, CO
Share this story
Delete

Credit Karma glitch exposed users to other people’s accounts

1 Share

Users of credit monitoring site Credit Karma have complained that they were served other people’s account information when they logged in.

Many took to a Reddit thread and complained on Twitter about the apparent security lapse.

“First time logging in it gave me my information, but as soon as I refreshed the screen, it gave me someone else’s info,” said one Reddit user. “Refreshed again and bam! someone else’s info — it’s like roulette.” Another user said they logged in and out several times and each time they had “full access to a different random person’s credit file,” they said.

One user told TechCrunch that after they were served another person’s full credit report, they messaged the user on LinkedIn “to let him know his data was compromised.”

Another user told us this:

The reports are split into two sections: Credit Factors — things like number of accounts, inquiries, utilization; and Credit Reports — personal information like name, address, etc.. The Credit Reports section was my own information, but the Credit Factors section definitely wasn’t. It listed four credit card accounts (I have more like 20 on my report), a missed payment (I’m 100% on time with payments), a Honda auto loan (never had one with Honda), student loan financing (mine are paid off and too old to appear on my report), and cards with an issuer that I have no relationship with (Discover).

Several screenshots seen by TechCrunch show other people’s accounts, including details about their credit card accounts and their current balance.

Another user who was affected said they could read another person’s Credit Factors — including derogatory credit marks — but that the Credit Report tab with that user’s personal information, like names and addresses, was blank.

One user said that the login page was pulled offline for a brief period. “We’ll be right back,” the login page read instead.

Credit Karma spokesperson Emily Donohue denied there was a data breach, but when asked would not say how many customers were affected.

“What our members experienced this morning was a technical malfunction that has now been fixed. There is no evidence of a data breach,” the statement said.

The company didn’t say for how long customers were experiencing issues.

Credit Karma offers customers free credit score monitoring and reports. The company allows users to check their scores against several major credit agencies, including Equifax, which last month was fined at least $575 million for a 2017 data breach.

Read the whole story
rosshosman
160 days ago
reply
Denver, CO
Share this story
Delete

Your security team is probably an infuriating obstacle – but it doesn’t have to be this way

1 Share

Security is empty, meaningless theater — or, at least, that’s the lesson taught to most employees of most large companies. Security is your password expiring every few months, your inability to access crucial services if you’re new or a contractor, a salty message from a team you’ve never met explaining that your new initiative is not permitted, a transparently convenient excuse when someone doesn’t want to admit their real reason. Security is bullshit.

I can cite more examples from my own career as a consultancy CTO than I care to think about. The household-name company whose security team explained that cloud services were inherently insecure, until the day they decided to switch to AWS and began to explain how local servers were inherently insecure. The household-name companies that deluged us with detailed security questionnaires regarding the security of our servers, but whose assessment protocols were then unable to comprehend our “uh, everything’s in the cloud with GitHub and GSuite etc., we have no servers of our own” responses without hour-long hand-holding calls.

Which is why it was such a glorious breath of fresh air to hear Dino Dai Zovi‘s keynote speech at the Black Hat security conference in Las Vegas this morning. Dai Zovi, staff security engineer at Square, argued that the all-too-common model of security as a team, which sits and snipes at the people who actually build things, telling them no and pointing fingers, is in fact fantastically counterproductive.

Instead, he argued, security has to change its culture, which is far more important than strategy, which in turn is far more important than tactics. Instead of security becoming a faraway flaming hoop to jump through, teams should become responsible for their own security. Furthermore, security engineers should write code to help those teams. Fuzzing is great, but as he put it, “the next level is making fuzzy easy for software developers, because there are way more of them than there are of us.”

Most importantly — and most revolutionary — he argued that instead of defaulting to saying “no” all the time, and throwing up as many obstacles as possible, security people should always start with “yes, and here’s how we can help.” The fact this is so different from today’s practice that it actually sounds comical says a lot, none of it good.

The sad truth is that still, today, in the real world of enterprise software, security as most employees and vendors encounter it tends to be at least as performatively useless as the “take off your shoes & take out your liquids” security theater of American airports. The horror stories are legion. You have your own, I’m sure. Who doesn’t?

A couple more: Once a movie studio that wanted us to do some minor web-development work, for ancillary web sites with no real connection to their intellectual property, told us we would not be able to do anything unless our (primarily remote) workforce had continuous keycard access to, and closed-circuit camera coverage of, every computer which might work on these sites … then intimated that what they really needed was just for those boxes to be checked, not for any of that to actually happen.

Another time, a big company insisted that we become SOC-2 compliant — SOC-2 being a standard birthed not in tech but in accounting, and seemingly primarily designed to provide full employment for accountants rather than, you know, meaningful security standards and processes — without caring which, if any, of SOC-2’s five “trust services” we were talking about; they just needed to tick the “SOC-2 compliant” box on their list of vendors.

It doesn’t have to be this way. Security people could be contributors, rather than gatekeepers. And if they were, everyone would find it easier, more rewarding and more intuitive to contribute to security. Siloed security bureaucracies aren’t just slow and frustrating; in the long run they are inherently a more fundamental threat to the security of the companies infested by them than any exterior hacker or even APT ever could be. It’s long past time we all learned that lesson.

Read the whole story
rosshosman
167 days ago
reply
Denver, CO
Share this story
Delete
Next Page of Stories