Relax. We Code.

PSD to WordPress. WordPress Customization.

Get Started

DoorDash customers say their accounts have been hacked

Food delivery startup DoorDash has received dozens of complaints from customers who say their accounts have been hacked.

Dozens of people have tweeted at @DoorDash with complaints that their accounts had been improperly accessed and had fraudulent food deliveries charged to their account. In many cases, the hackers changed their email addresses so that the user could not regain access to their account until they contacted customer services. Yet, many said that they never got a response from DoorDash, or if they did, there was no resolution.

Several Reddit threads also point to similar complaints.

DoorDash is now a $4 billion company after raising $250 million last month, and serves more 1,000 cities across the U.S. and Canada.

After receiving a tip, TechCrunch contacted some of the affected customers.

Four people we spoke to who had tweeted or commented that their accounts had been hacked said that they had used their DoorDash password on other sites. Three people said they weren’t sure if they used their DoorDash password elsewhere.

But six people we spoke to said that their password was unique to DoorDash, and three confirmed they used a complicated password generated by a password manager.

DoorDash said that there has been no data breach and that the likely culprit was credential stuffing, in which hackers take lists of stolen usernames and passwords and try them on other sites that may use the same credentials.

Yet, when asked, DoorDash could not explain how six accounts with unique passwords were breached.

“We do not have any information to suggest that DoorDash has suffered a data breach,” said spokesperson Becky Sosnov in an email to TechCrunch. “To the contrary, based on the information available to us, including internal investigations, we have determined that the fraudulent activity reported by consumers resulted from credential stuffing.”

The victims that we spoke to said they used either the app or the website, or in some cases both. Some were only alerted when their credit cards contacted them about possible fraud.

“Simply makes no sense that so many people randomly had their accounts infiltrated for so much money at the same time,” said one victim.

If, as DoorDash claims, credential stuffing is the culprit, we asked if the company would improve its password policy, which currently only requires a minimum of eight characters. We found in our testing that a new user could enter “password” or “12345678” as their password — which have for years ranked in the top five worst passwords.

The company also would not say if it plans to roll out countermeasures to prevent credential stuffing, like two-factor authentication.


Source: TECH CRUNCH

Ex-NSA employee gets 5 years in prison for taking home top secret files – CNET

Antivirus software on a home PC reportedly scooped up the information.
Source: CNET

This cheap bracelet could decrease your risk of developing skin cancer


Vipul Bansal didn’t believe he was getting enough vitamin D. He’s not alone. Although figures vary wildly, somewhere between 10 and 80 percent of Americans are vitamin D deficient. Bansal, Professor of Applied Chemistry and Environmental Science at Australia‘s Melbourne Institute of Technology, sought a solution. The easiest, obviously, is just to get more sun. But in doing so, he understood that the easiest solution often led to more problems, like skin cancer, wrinkles, and even cataracts. “I was after a sensor that could tell me how long to spend in the sun to get enough vitamin D, but not…

This story continues at The Next Web
Source: THE NEXT WEB

What's Left for Congress to Ask Big Tech Firms? A Lot

Executives from Amazon, Twitter, Google, and other tech companies head to Washington for another hearing on privacy, but this time the threat of regulation carries new weight.
Source: WIRED

Toyota's flying car design has blades that pop out of its wheels – Roadshow

It’s kind of a zany move, even by flying car standards, but this patent application could be a sign of things to come from Toyota.
Source: CNET

Mouse and keyboard support is coming to the Xbox One – CNET

You’ll be able to use any USB keyboard to play games on your Xbox One, but only if the developer enables it.
Source: CNET

See the new iPhone’s ‘focus pixels’ up close

The new iPhones have excellent cameras, to be sure. But it’s always good to verify Apple’s breathless on-stage claims with first-hand reports. We have our own review of the phones and their photography systems, but teardowns provide the invaluable service of letting you see the biggest changes with your own eyes — augmented, of course, by a high-powered microscope.

We’ve already seen iFixit’s solid-as-always disassembly of the phone, but TechInsights gets a lot closer to the device’s components — including the improved camera of the iPhone XS and XS Max.

Although the optics of the new camera are as far as we can tell unchanged since the X, the sensor is a new one and is worth looking closely at.

Microphotography of the sensor die show that Apple’s claims are borne out and then some. The sensor size has increased from 32.8mm2 to 40.6mm2 — a huge difference despite the small units. Every tiny bit counts at this scale. (For comparison, the Galaxy S9 is 45mm2, and the soon-to-be-replaced Pixel 2 is 25mm2.)

The pixels themselves also, as advertised, grew from 1.22 microns (micrometers) across to 1.4 microns — which should help with image quality across the board. But there’s an interesting, subtler development that has continually but quietly changed ever since its introduction: the “focus pixels.”

That’s Apple’s brand name for phase detection autofocus (PDAF) points, found in plenty of other devices. The basic idea is that you mask off half a sub-pixel every once in a while (which I guess makes it a sub-sub-pixel), and by observing how light enters these half-covered detectors you can tell whether something is in focus or not.

Of course, you need a bunch of them to sense the image patterns with high fidelity, but you have to strike a balance: losing half a pixel may not sound like much, but if you do it a million times, that’s half a megapixel effectively down the drain. Wondering why that all the PDAF points are green? Many camera sensors use an “RGBG” sub-pixel pattern, meaning there are two green sub-pixels for each red and blue one — it’s complicated why. But there are twice as many green sub-pixels and therefore the green channel is more robust to losing a bit of information.

 

Apple introduced PDAF in the iPhone 6, but as you can see in TechInsights’ great diagram, the points are pretty scarce. There’s one for maybe every 64 sub-pixels, and not only that, they’re all masked off in the same orientation: either the left or right half gone.

The 6S and 7 Pluses saw the number double to one PDAF point per 32 sub-pixels. And in the 8 Plus, the number is improved to one per 20 — but there’s another addition: now the phase detection masks are on the tops and bottoms of the sub-pixels as well. As you can imagine, doing phase detection in multiple directions is a more sophisticated proposal, but it could also significantly improve the accuracy of the process. Autofocus systems all have their weaknesses, and this may have addressed one Apple regretted in earlier iterations.

Which brings us to the XS (and Max, of course), in which the PDAF points are now one per 16 sub-pixels, having increased the frequency of the vertical phase detection points so that they’re equal in number to the horizontal one. Clearly the experiment paid off and any consequent light loss has been mitigated or accounted for.

I’m curious how the sub-pixel patterns of Samsung, Huawei, and Google phones compare, and I’m looking into it. But I wanted to highlight this interesting little evolution. It’s an interesting example of the kind of changes that are hard to understand when explained in simple number form — we’ve doubled this, or there are a million more of that — but which make sense when you see them in physical form.


Source: TECH CRUNCH

With Instagram Cofounders Out, It’s Facebook All the Way Down

Instagram cofounders Kevin Systrom and Mike Krieger quit the social media company Monday amid reports of clashes with Mark Zuckerberg.
Source: WIRED

Cody Wilson Leaves Defense Distributed, But 3-D Printed Guns Roll On

Even after the DIY gunsmith’s arrest on sexual assault charges, the fight for and against 3-D printed guns still rages.
Source: WIRED

Coinbase’s new asset listing process will geo-restrict some coins


Coinbase is moving away from its predominantly US-centric approach with a new cryptocurrency listing process. As a result, some new digital assets won’t be available to customers based in the US due to stricter regulations. The popular cryptocurrency exchange announced today that it will be assessing coins based on their compliance with local laws. Oh, and if you thought you can use a VPN or some other computer trickery to get around these restrictions, you’ll be unsuccessful. Coinbase makes coins available to users based on where accounts are registered. Coins must satisfy Coinbase’s new seven step process to be listed…

This story continues at The Next Web
Source: THE NEXT WEB