Cyber Week in Review: HipChat, Netflix & Microsoft Word

Media Division | May 12, 2017

In the digital age, we expect instant service: instant messaging, instant viewing, and instant responses.  Well, in this cyber week in review we have instances of all of those instants, each of them going wrong.

Here are your top stories for this week’s cyber week in review.

HipChat Chatting Haywire

If you haven’t heard of HipChat, the chatroom and messaging service has actually been around since 2010.  (Maybe not as old as Facebook (2004), but around the same time as the Messenger feature).  The company markets as “group chat built for teams & business.”

Internet time is like dog years, right?  So 7 years in internet years means that about 49 years ago, HipChat first offered chatting and texting services, with free service and cloud storage.

Now here in 2017, the instant chat got hacked.  Compromised data includes:

  • Usernames
  • Email addresses
  • Hashed passwords (“hashed” = scrambled into complex character sequences. Crackable, but difficult)
  • Possibly message content
  • Possibly private chats

HipChat states the possibility of your actual content having been obtained by less than 0.05% chance, but that might not be reassuring for users.  A little more reassuring is that the vulnerability has been repaired, according to HipChat sources.  Still, users should change passwords.

And as always: never use the same password for more than one site.

Netflix Not Playing

In other instant news: Netflix got hacked, indirectly.  Like the HipChat hack, which likely stemmed from one of the many sub-features, farmed and lifted from other sources, involved in programming a messaging app, any chain is only as strong as its weakest link.

Unfortunately for the LA-based Larson Studios, they might have been the weakest link.  The popular digital-mixing service works for movie studios and television networks alike.  The hacker(s), going by the handle “thedarkoverlord,” claims to have breached content from other media giants such as FOX and ABC.

Thedarkoverlord also reportedly hacked a small charity, the Little Red Door Cancer Services of East Indiana, demanding $43,000.  The group was unable to pay, and all of their data, including backup servers, got wiped. (Not very charitable of the overlord).

Netflix received the ultimatum to pay a bitcoin ransom or episodes of yet-to-be-released shows would start getting leaked.  Netflix refused, and the first 10 episodes of Orange is the New Black were leaked.

Internet security breaches that demand ransoms, such as this, often get paid and go unreported.  Netflix refusing to pay may have cost them revenue, but it also sent a message to other would-be ransom-hackers: they won’t play that game.

Microsoft Word’s Instant

Speaking of large-scale security breaches, what about a vulnerability that Microsoft has known about since last October?

The tech giant had a difficult decision: on the one hand, make the vulnerability known and risk it being exploited by other hackers.  On the other hand, wait for the patch (risking hackers discovering the vulnerability themselves in that time).  Microsoft chose the latter and has faced some criticism for doing so.

In internet time, six months of a known weakness is a long time (42 months?).  But patches also take time to develop.

That means now is the time to update software, if you haven’t already done so.

Breaching Instances

Network security breaches cost corporations literally billions of dollars per year.  Without the kind of financial backing of giants like Netflix or Microsoft, would your organization withstand such an attack?

Request a live demo to see the level of insight and protection available to your business sector.

And in the meantime, enjoy the headlines, but stay out of them.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.