Archive for November 12, 2022

US Senator Wants “Answers” From Twitter… Which Is Bad News If You’re Elon Musk

Posted in Commentary with tags on November 12, 2022 by itnerd

I think it’s safe to say that Elon Musk has a lot to worry about at the moment. And the list keeps growing. The latest item that is on the list is Senator Ed Markey has sent a letter to Elon Musk which he has also posted to his website demanding answers about the Twitter Blue fiasco:

“Apparently, due to Twitter’s lax verification practices and apparent need for cash, anyone could pay $8.00 and impersonate someone on your platform. Selling the truth is dangerous and unacceptable. Twitter must explain how this happened and how it will prevent it from happening again,” wrote Senator Markey in his letter to Musk.

Now Elon can try to ignore this. But that would not be a good idea as all that will likely result is him being hauled in front of Congress where he will have to answer questions. And trying to blow that off will not end well for him. Thus I hope for his sake that Elon is drafting answers for Senator Markey that are comprehensive and detailed. Otherwise it’s not going to end well for him.

Oh yeah, I’m calling it now that the EU is going be knocking on Musk’s door in the next few days asking for similar answers. And that’s going to be even less fun for Musk when that happens.

The Ad Agency That Apple And Mc Donald’s Use Recommends To Clients A Pause To Ads On Twitter

Posted in Commentary with tags on November 12, 2022 by itnerd

The hits to Elon Musk and Twitter keeps coming. The latest hit is being reported by The Verge and it’s a big hit:

Omnicom, one of the world’s biggest ad firms, representing brands like McDonald’s, Apple, and PepsiCo, is recommending clients pause spending on Twitter, according to an internal memo obtained by The Verge.

Omnicom Media Group is recommending clients “pause activity on Twitter in the short term,” according to a note titled “Twitter – Continued Brand Safety Concerns.” The memo cites recent events in the last few days that have “potential serious implications” for brands running ads on the platform.

The memo cites the deep layoffs of Twitter trust and safety teams, the resignations of high-profile executives, and the slew of “verified” impersonation accounts as being key issues for advertisers. There is “evidence that the risk to our clients’ brand safety has risen sharply to a level most would find unacceptable,” the memo reads. “We recommend pausing activity on Twitter in the short term until the platform can prove it has reintroduced safeguards to an acceptable level and has regained control of its environment.”

The memo goes on to say that Omnicom has “formally requested that Twitter assure us that these issues will not impact compliant processes, operations, products, brand safety and client investment on the platform in any way” but that “seemingly due to the lack of senior leadership now in these areas, Twitter has not been able to give those assurances.”

I have said this for a while. Elon needs to assure advertisers that Twitter is a safe place for brands to be on. Currently that isn’t the case and Musk hasn’t done nearly enough to convince advertisers otherwise. That means that since Twitter is highly dependent on advertising, an ad agency like Omnicom can effectively kill Twitter if their clients pull out of advertising on Twitter. Thus it’s now Elon Musk’s Rubicon moment. He has one shot at doing something meaningful to save Twitter and avoid costing himself $44 billion. If he succeeds at dealing with Omnicom’s concerns, he has a lifeline. If he doesn’t succeed at dealing with Omnicom’s concerns, Twitter is dead. It’s that simple.

Your move Elon.

We Now Have Proof That Sobeys Was Pwned By Ransomware

Posted in Commentary on November 12, 2022 by itnerd

Earlier this week, I reported that there were rumours that Canadian grocery chain Sobeys was hit with a ransomware attack. At the time Sobeys simply said that there was an “IT problem” that they were dealing with. But from what I have heard, some of which was from Sobeys employees, I knew that they were hiding the truth. And now we have proof of that from a pair of reports.

On Thursday, this happened:

However, on Thursday, two provincial privacy watchdogs said they had received data breach reports from Sobeys.

Both Quebec’s access to information commission and Alberta’s privacy commission have both been notified by the grocer about a “confidentiality incident.”

Quebec’s access to information commission said confidentiality incidents occur when there is unauthorized access, use or loss of personal information or any other breach of the protection of this information.

That’s the first hint that this is not some “IT problem” and is indicative of Sobeys getting pwned and the threat actors having access to confidential data. Be it employee data, customer data, both, or even more than that. I say that because you only file a report like this if you’re the victim of some sort of data breach. Or in this case, you’ve been pwned by hackers. Since these are both public agencies that Sobeys reported this to, we’ll find out soon enough what was leaked and how.

The next day Bleeping Computer posted a story with proof that Sobeys was pwned in a ransomware attack:

Furthermore, based on ransom notes and negotiation chats BleepingComputer has seen, the attackers deployed Black Basta ransomware payloads to encrypt systems on Sobeys’ network.

BleepingComputer was told by multiple sources that the attack occurred late Friday/early Saturday morning.

Photographs shared by Sobeys employees online also show in-store computers displaying a Black Basta ransom note.

That’s right. They have screen shots, and Bleeping Computer has proof that Sobeys was in negotiations with the threat actors. Thus at this point, Sobeys really does need to just come clean and admit that they were pwned and what they are going to do to remediate the situation. The problem is that this is the worst kept secret in Canada at the moment, and Sobeys not only looks bad, but their silence really doesn’t create trust among their customer base. My wife for example has been freaking out as she walks a couple of blocks to the local Sobeys store anytime she need to grab something. And as a result of her shopping at Sobeys, she’s afraid her personal information has been exposed. I can’t answer that question. But I bet Sobeys can. But they’re too busy trying to hide this rather than taking steps to level with the public and describe what their next steps are to regain their trust. And to take this further, what if you’re an employee of Sobeys, I’m pretty sure that you’re scared that your personal info has been exposed. And to be frank, you should be. The fact is that Sobeys isn’t helping itself here, and that will only hurt Sobeys as a brand at the end of the day.