Instagram back up after several hours; Facebook still down for some

(Reuters) – Instagram is back up after suffering a partial outage for over several hours, the photo-sharing social network platform said in a tweet, but its parent Facebook Inc’s app still seemed to be down for some users across the globe.

FILE PHOTO: Silhouettes of mobile users are seen next to a screen projection of Facebook logo in this picture illustration taken March 28, 2018. REUTERS/Dado Ruvic/File Photo

Certain users around the world were facing trouble in accessing widely used Instagram, Whatsapp and Facebook apps earlier on Wednesday, in one of the longest outages faced by the company in the recent past.

“Anddddd… we’re back,” Instagram tweeted here along with GIF image of Oprah Winfrey screaming in excitement. Facebook did not provide an update.

Social media users in parts of United States, Japan and some parts Europe were affected by the outage, according to DownDetector’s live outage map here

Facebook users, including brand marketers, expressed their outrage on Twitter with the #facebookdown hashtag.

“Ya’ll, I haven’t gotten my daily dosage of dank memes and I think that’s why I’m cranky. #FacebookDown,” a user Mayra Mesina tweeted. bit.ly/2TDCYDK

The Menlo Park, California-based company, which gets a vast majority of its revenue from advertising, told Bloomberg that it was still investigating the overall impact “including the possibility of refunds for advertisers.”

A Facebook spokesman confirmed the partial outage, but did not provide an update. The social networking site is having issues since over 12 hours, according to its developer’s page.

Facebook took to Twitter to inform users that it was working to resolve the issue as soon as possible and confirmed that the matter was not related to a distributed denial of service (DDoS)

attack.

In a DDoS attack, hackers use computer networks they control to send such a large number of requests for information from websites that servers that host them can no longer handle the traffic and the sites become unreachable.

Reporting by Mekhla Raina in Bengaluru; Editing by Gopakumar Warrier and Rashmi Aich

How the FAA Decides When to Ground a Jet Like Boeing’s 737 MAX 8

When an Ethiopian Airlines Boeing 737 MAX 8 jet crashed shortly after takeoff from Addis Ababa on Sunday morning, killing all 157 people aboard, observers quickly noted that the circumstances resembled those of another flight. In October, Lion Air Flight 610 crashed into the Java Sea, killing all 181 passengers and eight crew. Both flights plummeted a few minutes after takeoff, in good weather. And both were on 737 MAX 8 jets, the plane Boeing started delivering in 2017 to replace the outgoing 737 as the workhorse of the skies. Since 2017, Boeing has delivered 387 MAX 8s and 9s. It has taken orders for 4,400 more, from more than 100 customers.

As of Tuesday evening, various foreign aviation regulators and airlines had decided that after the two crashes, the plane shouldn’t be in the air. Officials in the European Union, China, Indonesia, Singapore, Australia, and the United Arab Emirates have all grounded the planes. Of the 59 operators that fly the new 737, at least 30 have parked it.

In the US, though, Boeing’s plane is free to fly. American Airlines, Southwest Airlines, and United Airlines are still putting their 737 MAX jets—74 in total—in the air. (So is Air Canada.) And the Federal Aviation Administration—the agency that oversees American airspace—says that’s just fine.

Which might seem strange, since the FAA is notoriously safety-conscious. Planes in search of an airworthiness certificate must meet stringent standards; the certification process usually takes years. And it gets results: Just one person has died in American airspace on a commercial airplane since 2009. But, it seems, the agency has not yet found reason to ground the new 737.

In a statement Tuesday, acting FAA administrator Daniel Elwell said the agency is looking at all the available data from 737 operators around the world, and that the review “thus far shows no systematic performance issues and provides no basis to order grounding aircraft.” Elwell said the FAA “would take immediate appropriate action” should such problems be identified. The FAA and the National Transportation Safety Board both have teams at the crash site outside Addis Ababa to investigate and collect data.

The agency did note in a directive published Monday that it would probably mandate flight control system enhancements that Boeing is already working on, come April. And after the Lion Air crash, the FAA made a Boeing safety warning mandatory for US airlines.

“We have full confidence in the safety of the 737 MAX,” Boeing said in its own statement Tuesday. “Based on the information currently available, we do not have any basis to issue new guidance to operators.”

A number of senators, including Ted Cruz of Texas, Elizabeth Warren of Massachusetts, and Dianne Feinstein of California, have called for the US to ground the aircraft. But it’s the FAA chief who has final say. (Elwell has been the acting administrator since January 2018, though Politico reports that the Trump Administration is close to nominating Delta Air Lines executive Steve Dickson as administrator.) He doesn’t make that decision alone, says Clint Balog, a flight test pilot and human factors expert with the College of Aeronautics at Embry-Riddle University. Any grounding goes through a “semi-formal” process, full of discussions with experts on the specific aircraft and crash situation, both in- and outside the federal government.

“The FAA looks at all of this information and decides, ‘OK, if it’s just likely that there’s a significant problem here, it doesn’t matter what the cost to the traveling public is—we have to put safety first and ground this aircraft,’” Balog says. “However, if they look and say, ‘Well, jeez, grounding this aircraft is going to be a monumental cost to the world and we simply don’t have enough information to know what the risk really is with this aircraft, do we really want to ground it at this point in time?’”

The FAA has grounded aircraft before. In 1979, the FAA grounded all McDonnell Douglas DC-10s (and forbid the aircraft from US airspace) after a crash in Chicago killed 273 people. An investigation found the problem was maintenance issues, not the aircraft design, the FAA lifted the prohibition just over a month later.

In early 2013, the FAA grounded Boeing’s 787 Dreamliner, after two lithium ion-battery related fires in the aircraft. “We are issuing this [directive] because we evaluated all the relevant information and determined the unsafe condition described previously is likely to exist or develop in other products of the same type design,” the FAA wrote in its emergency airworthiness directive. It didn’t let the jet take to the sky again until Boeing found and corrected its design issues. (That happened in April.)

So far, though, we have little concrete information on whatever might be going on with the 737 MAX. The investigation into the Ethiopia crash is in its earliest stages. Indonesia’s civil aviation authority has released a preliminary report on the Lion Air crash, but has not issued any findings on what caused it.

Based on its directives, the FAA hasn’t “seen any red flags that are significant enough” to ground the aircraft, Balog says. So he’d have no problem getting on a 737 MAX-8. “More importantly, I would have no problem having my family get on a 737 MAX-8 at this point.”


More Great WIRED Stories

Elon Musk Says Tweeting Is Free Speech in His SEC Battle

Elon Musk will not go quietly. On Monday night, lawyers representing the Tesla CEO submitted a filing to a federal judge in New York arguing that she should deny the Securities and Exchange Commission’s request to hold Musk in contempt of court for—what else?—a tweet. Musk’s legal team argued the SEC overreached in its request, and claimed the agency is trying to violate his First Amendment right to free speech.

If the judge, Alison Nathan of the Southern District Court of New York, does hold Musk in contempt of court, she would decide the penalty. “If the SEC prevails, there is a good likelihood that the District Court will fine Mr. Musk and that it will put him on a short leash, with a strong warning that further violations could result in Mr. Musk being banned for some period of time as an officer or director of a public company,” Peter Haveles, a trial lawyer with the law firm Pepper Hamilton, told WIRED last month.

This latest chapter in Musk’s ongoing legal spat with the SEC dates back to the evening of February 19, 7:15 pm Eastern Time to be exact, when Musk wrote on Twitter, “Tesla made 0 cars in 2011, but will make around 500k in 2019.” About four and a half hours later—at 11:41 pm ET—Musk corrected himself, tweeting, “Meant to say annualized production rate at the end of 2019 probably around 500k, i.e. 10k cars/week. Deliveries for the year still estimated to be around 400k.”

Musk is the head of a publicly traded company, so making a mistake about his business on Twitter—which investors treat as a valid source of news like any other—is already less than ideal. But Musk and Tesla also reached a settlement with the SEC in September over another tweet containing misinformation about the electric carmarker’s operations. That was after Musk tweeted that he planned on taking Tesla private, and that he had the “funding secured.” He soon revealed he did not have that funding secured, and Tesla announced it would stay public.

In the ensuing deal with the SEC, Musk gave up his role as Tesla’s chairman for at least three years. He and Tesla each paid a $20 million fine. And Musk and Tesla agreed that the CEO’s tweets about the carmaker would be truthful, and reviewed by a team of Tesla lawyers before sending. According to the filing, Tesla’s general counsel and an assigned “disclosure counsel” are in charge of approving Musk’s Tesla tweets. The lawyers write that “the disclosure counsel and other members of Tesla’s legal department have reviewed the updated controls and procedures with Musk on multiple occasions.”

In December, Musk said on CBS’s 60 Minutes that he does not respect the SEC, and that the only tweets of his that require pre-approval are those that can affect Tesla’s stock price. Asked how Tesla could know which tweets would do that, Musk said, “Well, I guess we might make some mistakes. Who knows?” The SEC cited that interview in its motion for a contempt of court charge, writing that “Musk has not made a diligent or good faith effort to comply” with the terms of his settlement.

Now, though, Musk and the SEC are debating what that “pre-approval” actually means. Tesla’s lawyers say nobody pre-approved the tweet in question, but that it shouldn’t matter, because it had already made public the information about those production numbers: in an earnings call, in end-of-year financial results, and in an SEC filing submitted on the day Musk sent out the tweets in question. Musk did not receive pre-approval before sending that tweet because it “was simply Musk’s shorthand gloss on and entirely consistent with prior public disclosures detailing Tesla’s anticipated production volume,” according to the filing.

Moreover, the Musk team argues, the SEC’s attempt to limit Musk’s tweeting is a violation of his First Amendment rights to free speech.

The Musk legal team also argues that the CEO has really worked very hard since the SEC settlement to be careful about his tweeting behavior. It wrote that Musk’s less frequent tweeting about Tesla “is a reflection of his commitment to adhering the Order and avoiding unnecessary disputes with the SEC.” In fact, it says the correction tweet, the one sent four-and-a-half hours later, “is precisely the kind of diligence that one would expect from someone who is endeavoring to comply with the Order.”


More Great WIRED Stories

23andMe’s New Diabetes Test Has Experts Asking Who It’s For

On Sunday, the DNA testing company 23andMe revealed a new genetic analysis that it says will tell its customers if they have an elevated risk of developing the most common, and preventable, form of diabetes. The report—which has not been cleared by the FDA and is not intended to diagnose type 2 diabetes—arrives as the disease is becoming an intractable public health crisis in the US. One in four healthcare dollars goes to treating diabetes and its related complications. The situation is especially dire for African Americans and Native American populations, where obesity is rampant and one out of every seven or eight people has the disease.

Which is why it’s a little disappointing that 23andMe’s test is tuned to be most useful for skinny white people.

Unlike 23andMe’s other health reports, which inspect one or two genes for mutations with big, well-understood effects, its new diabetes test uses something called a polygenic risk score. It’s calculated by summing together each of the small risk contributions made at thousands of locations across a person’s genome. Alone, each one might increase your chances of getting a disease about as much as walking through a body scanner at the airport—but taken together, or in certain combinations, the risk can start to add up.

The algorithms that calculate polygenic risk scores aren’t new—they were largely pioneered in the mid-2000s. What’s new is the ability to derive them using huge genetic databases like 23andMe’s. Those databases, however, are overwhelmingly white. Because polygenic scores perform best for people with the same ethnic background as the DNA data used to train the algorithms, 23andMe’s new diabetes test isn’t as accurate for folks of non-European ancestry. It performs especially poorly for black Americans—barely better than a coin flip.

It’s a problem the company’s own vice president of research (a Chinese woman married to a Mexican man) recently wrote about, in a column for Stat. Through research collaborations with academics, the company is trying to fill out those sparse parts of its database, but the process is slow.

On its new diabetes test, the company used a machine learning trick called Platt scaling to recalibrate the polygenic score it had created in a European cohort for its other ancestry groups. “It’s a common shortcut, but it smashes down the level of risk you can convey to people,” says Ali Torkamani, a geneticist at the Scripps Research Translational Institute who studies polygenic risk scores and health outcomes. For the Hispanic, east and south Asian groups, he says it shouldn’t make too much of a difference. “For users of African American descent that score is not at all relevant.” Would such a shortcut be safe for a clinical test—one that people use to make decisions about their health? “No, not for an African American individual,” says Torkamani.

Because of these limitations, many of the polygenic risk tests already on the market are race-restricted. A test for Alzheimer’s developed by scientists at UC San Diego, for example, carries language advising you to only use it if you’re of European ancestry. In 2017, Salt Lake City-based Myriad Genetics added a polygenic “riskScore” to its physician-ordered breast cancer test, which more than 200,000 women have since taken, all of them of European ancestry.

Jerry Lanchbury, Myriad’s chief medical officer, says that adding the polygenic risk score sharpens the test’s performance for high-risk women. “If you’re in that high-risk category you may qualify for enhanced screenings or even surgical preventative offerings, so it’s a big deal,” says Lanchbury. To make it available to women of other ethnicities, the company has recruited 14,000 women of Hispanic descent and shown it can generate a risk score for that group, which it hopes to offer later this year. Recruiting is underway for an African American cohort as well.

The Bay Area’s Color Genomics also recently announced a plan to enroll 100,000 volunteers from historically underrepresented groups to better assess the risk of heart attack.

Starting Monday, qualified 23andMe customers will be able to access their polygenic risk score for diabetes—a single number that represents their chances of getting diabetes based on age, ethnicity, and DNA. It also determines if a user gets labeled as having a ‘typical’ or ‘increased’ likelihood of getting diabetes as compared to other users in the database. 23andMe drew that line where the amount of risk carried in a person’s DNA exceeded the diabetes risk associated with being overweight—the single biggest risk factor for the disease. The company expects that about 22 percent of 23andMe research participants—roughly one million current customers—will learn they have an increased likelihood for developing diabetes at some point in their lives. (The new number will only be available to customers who have compatible DNA chips—roughly those who joined in the last two years.)

If 23andMe’s customer base reflected the US population, two-thirds of them would be overweight or obese and already at an increased risk for diabetes. It should come as no surprise to them that they need to avoid sugary, processed foods and get regular exercise. That’s why Torkamani says the new genetic test will be most useful for the small subset of people who don’t have any clinical risk factors—they look lean and healthy, they exercise, they’re under the age of 45. “If they don’t know anything about how their blood glucose levels are responding to food, they may have no idea of an underlying issue that could devolve into type 2 diabetes later on,” says Torkamani.

The trouble is, if you already have a healthy lifestyle, there’s not much you can do with that information. It’s not like heart disease, where you can start taking cholesterol-lowering drugs. Torkamani says one thing would be to start getting regular blood tests. Among other things, 23andMe suggests you sign up for a digital coaching program through the company’s newest partner, Lark. In January, 23andMe customers got the option to integrate their genetic information with Lark’s AI-powered chatbots for an additional fee. One of those bots delivers a CDC-recognized diabetes prevention program, which some insurance companies cover.

Unlike its other genetic health risk tests, 23andMe developed its diabetes report under the FDA’s guidelines for low-risk general wellness devices, products that promote a healthy lifestyle—which can be beneficial for all people regardless of their genetic disposition. ”Like all of our reports, we hold this report to high scientific standards,” said a 23andMe spokesperson, who also noted that a type 2 diabetes test was one of the reports most often requested by customers. “It’s built using data from 2.5 million individuals, which we believe to be the largest cohort ever used to develop a genetic model for type 2 diabetes.”

Other experts express skepticism of such actions. “There’s so little value in these scores that I have no idea what people should do with it,” says Cecile Janssens, an epidemiologist at Emory University who studies how genomics enters health practice. “You might as well just look in a mirror, that’s as good a predictor for diabetes as all your genes put together.”

She started looking at polygenic risk scores in the early 2000s, right after the Human Genome Project wrapped up and before 23andMe was even a “Google for DNA” in Anne Wojcicki’s eye. But Janssens says she got bored with the field because there hadn’t been any real progress in close to a decade. Then all of a sudden, in the last two years polygenic risk scores started popping up again. This time, they included millions of variants with effects so tiny that earlier studies on only a few thousand people couldn’t detect them. “The only trouble is they don’t add anything to the predictions,” she says. “Diseases like type 2 diabetes don’t become more heritable just because we’ve got better technology.”

The resurgence of polygenic risk scores has reignited old party lines in the research community and drawn some new ones. Depending on one’s side, polygenic risk scores are either going to revolutionize complex disease prevention by creating more precise pools of risk (the Torkamani camp), or they’re mostly rubbish (Janssen). The scientific validity of polygenic risk scores is still up for debate, but with 23andMe bringing it back to the mainstream, the discussion is becoming more urgent. Because if there’s one thing researchers know, it’s that no amount of tiny type at the bottom of the page will dissuade people from making decisions on risk scores in their grasp, however uncertain they might be.


More Great WIRED Stories

Facebook Will Crack Down on Anti-Vaccine Content

As Clark County, Washington, combats an ongoing measles outbreak, Facebook announced Thursday that it’s diminishing the reach of anti-vaccine information on its platform. It will no longer allow it to be promoted through ads or recommendations, and will make it less prominent in search results. The social network will not take down anti-vaccine posts entirely, however. The company also said it was exploring ways to give users more context about vaccines from “expert organizations.”

The decision was widely anticipated: Facebook, along with YouTube and Amazon, has faced criticism from journalists and lawmakers in recent weeks for allowing vaccine misinformation to flourish on their sites. Facebook also told media outlets in February that it was looking into how it should address anti-vaccination content.

Last month, Adam Schiff, a Democratic representative from California, sent letters to the CEOs of YouTube and Facebook demanding they answer questions about the spread of anti-vaccine information on their company’s platforms. He followed up with a similar letter to Amazon CEO Jeff Bezos last week. On Wednesday, an 18-year-old from Ohio testified before the Senate that his mother primarily read misinformation about vaccines on Facebook and opted not to inoculate him. (A major study released Monday found no link between the MMR vaccine—which protects against measles, mumps, and rubella—and autism.)

In a blog post written by Monika Bickert, Facebook’s vice president of global policy management, Facebook said it will begin rejecting ads that include false information about vaccinations. The company also removed targeting categories such as “vaccine controversies” from its advertising tools. Last month, the Daily Beast reported that more than 150 anti-vaccine ads had been bought on Facebook, which often targeted women over 25. Some of the ads were shown to users “interested in pregnancy.” In total, they were viewed at least 1.6 million times. YouTube similarly announced last month that it would begin preventing ads from running on videos featuring anti-vaccine content.

Facebook will also reduce the ranking of pages and groups that spread misinformation about vaccines in search results and in its News Feed. In February, The Guardian found that anti-vaccination propaganda often ranked higher and outperformed accurate information from more reliable sources on Facebook.

The social network’s effort to fight vaccine disinformation extends to Instagram, where the company says it will stop recommending content that includes vaccine misinformation on the app’s Explore page. Instagram will also stop displaying vaccination misinformation in hashtag search results. It’s not clear how long these new controls will take to roll out: An Instagram search for #vaccine Thursday afternoon surfaced the hashtag #vaccineskill as the number one result, for instance. Last month, Pinterest received praise for its decision to stop displaying search results for vaccines entirely, even if they are medically accurate. (In 2017, Pinterest previously banned “anti-vaccination advice” from its platform.)

As The Atlantic has pointed out, the majority of anti-vaccination content on Facebook appears to originate from only a handful of fringe sources. It likely won’t require a herculean effort for Facebook to tackle this strain of misinformation. The question is why the company waited until it became the subject of media reports and criticism from lawmakers to finally act.

Facebook increased its efforts to fight false information more broadly on the platform in the wake of the 2016 presidential election, including with initiatives like third-party fact-checking. The company admits it won’t catch everything, and demonstrably fake stories still do go viral. While there is little public data about user behavior on Facebook, researchers have found signs that the reach of fake news declined between 2016 and 2018 midterm elections. (Though they also say there remains plenty to be concerned about when it comes to misinformation.)

It’s not yet clear whether the proliferation of anti-vaccination content online has led to a significant decrease in vaccination rates in the United States. Unscientific information about vaccines has been circulating on- and offline for well over a decade. But as Slate has pointed out, the number of children under 3 who have received their first dose of the MMR vaccination has remained steady for years, according to data from the Centers for Disease Control and Prevention. The World Health Organization named vaccine hesitancy one of its “ten threats to global health in 2019,” but cites “complacency and inconvenience in accessing vaccines” as two of the key reasons why people choose not to vaccinate, in addition to “lack of confidence.”

There’s still little doubt that social media platforms like Facebook, but also YouTube and Amazon, have indeed made anti-vaccination talking points more accessible to wider audiences. Its proponents were aided by recommendation and search ranking algorithms, which often promoted anti-vax content to the top of the pile. Facebook’s announcement today is further acknowledgment of its role in that ecosystem, and the idea that free speech is not the same as free reach.


More Great WIRED Stories

An Email Marketing Company Left 809 Million Records Exposed Online

By this point, you’ve hopefully gotten the message that your personal data can end up exposed in all sorts of unexpected internet backwaters. But increased awareness hasn’t slowed the problem. In fact, it’s only grown bigger—and more confounding.

Last week, security researchers Bob Diachenko and Vinny Troia discovered an unprotected, publicly accessible MongoDB database containing 150 gigabytes of detailed, plaintext marketing data—including 763 million unique email addresses. The pair are going public with their findings today. The trove is not only massive but also unusual; it contains data about individual consumers as well as what appears to be “business intelligence data,” like employee and revenue figures from various companies. This diversity may stem from the information’s source. The database, owned by the “email validation” firm Verifications.io, was taken offline the same day Diachenko reported it to the company.

While you’ve likely never heard of them, validators play a crucial role in the email marketing industry. They don’t send out marketing emails on their own behalf, or facilitate automated mass email campaigns. Instead, they vet a customer’s mailing list to ensure that the email addresses in it are valid and won’t bounce back. Some email marketing firms offer this mechanism in-house. But fully verifying that an email address works involves sending a message to the address and confirming that it was delivered—essentially spamming people. That means evading protections of internet service providers and platforms like Gmail. (There are less invasive ways to validate email addresses, but they have a tradeoff of false positives.) Mainstream email marketing firms often outsource this work rather than take on the risk of having their infrastructure blacklisted by spam filters, or lowering their online reputation scores.

“Companies have email lists and want to start emailing them, but they’re not sure how valid they are,” says Troia, who founded the firm Night Lion Security. “So they go to a company that will essentially send out spam.” Troia speculates, but has not confirmed, that the database may be so large and varied because it comprises all of Verification.io’s customers’ data. WIRED was unable over the course of several days to contact the company or CEO Vlad Strelkov. On Monday, the entire Verifications.io website went offline and has not been restored since.

Record Setter

In general, the 809 million total records in the Verifications.io trove include standard information like names, email addresses, phone numbers, and physical addresses. But many also include things like gender, date of birth, personal mortgage amount, interest rate, Facebook, LinkedIn, and Instagram accounts associated with email addresses, and characterizations of people’s credit scores (like average, above average, and so on). Meanwhile, other records in the collection seem related to generating sales leads at businesses, including company names, annual revenue figures, fax numbers, company websites, and industry identifiers for categorizing companies called “SIC” and “NAIC” codes.

The data doesn’t contain Social Security numbers or credit card numbers, and the only passwords in the database are for Verifications.io’s own infrastructure. Overall, most of the data is publicly available from various sources, but when criminals can get their hands on troves of aggregated data, it makes it much easier for them to run new social engineering scams, or expand their target pool.

In the exposed database, the researchers also found some of what appear to be Verifications.io’s own internal tools like test email accounts, hundreds of SMTP (email sending) servers, the text of emails, anti-spam evasion infrastructure, keywords to avoid, and IP addresses to blacklist. Diachenko suggests that in the Verifications.io work flow, customers would upload an Excel spreadsheet listing the email addresses to validate, and then Verifications.io would run their tests and return lists of clean addresses and ones that bounced back. It’s possible, given the piecemeal nature of the data and evidence that it was imported from numerous different Excel files, that Verifications.io also retained some or all of the data it received from customers after concluding its email address checks.

The researchers validated samples of the data with companies listed as Verifications.io customers. Troia says his own information appears in the database. WIRED spoke to the proprietor of an email marketing firm who confirmed the validity of a segment of the data. WIRED also checked for four individuals, but did not find them listed. Diachenko and Troia also note that they have no way to know whether anyone discovered and downloaded the Verifications.io data while it was publicly available and fully exposed.

“I have no idea if anyone else accessed this besides us,” Troia says. “But it was definitely out there for anyone to grab.”

‘Another Day on the Internet’

Much remains unknown about the database and Verifications.io, because the company is difficult to track. When the researchers initially contacted the company through a messaging portal on its site to disclose the database exposure, someone responded with an unsigned note. “Thank you for reporting the issue. We appreciate you reaching out and informing us,” the reply said. “This is our company database built with public information, not client data. We were able to quickly secure the database. Goes to show, even with 12 years of experience you can’t let your guard down.”

Much of the data in the database is publicly available, though it’s not clear that all of it is. When the researchers asked in the portal for the name of the owner of the company and the legal name of the company, someone wrote back declining to answer.

It is also unclear where Verifications.io is based. Most of its materials list Boca Raton, Florida, but some of its web assets are registered in California and Delaware. The Verifications.io website lists addresses in Estonia, but some of those matched up with what appear to be a museum and a government building.

Security researcher Troy Hunt is adding the Verifications.io data to his service HaveIBeenPwned, which helps people check whether their data has been compromised in data exposures and breaches. He says that 35 percent of the trove’s 763 million email addresses are new to the HaveIBeenPwned database. The Verifications.io data dump is also the second-largest ever added to HaveIBeenPwned in terms of number of email addresses, after the 773 million in the repository known as Collection 1, which was added earlier this year. Hunt says some of his own information is included in the Verifications.io exposure.

“The main takeaway for me is that this is just another case where someone has my data, and hundreds of millions of other people’s data, and I’ve absolutely no idea how they got it,” Hunt says. “I’d never heard of the company until now and I certainly can’t ever recall consenting to their use of my data. Of course, it’s entirely possible that buried in some other service’s terms and conditions it says they’re allowed to pass my data around in this fashion, but that’s not really consistent with my expectations of how my data should be used.”

As with recent data exposures from the business data aggregator Apollo and the marketing firm Exactis, there’s not a lot you can do to individually protect yourself when vast repositories of data compiled from both public and private sources leak. Check HaveIBeenPwned to see if your data was in the Verifications.io exposure, and continue your general vigilance about using strong, unique passwords, monitoring your financial statements, and giving out your Social Security number as infrequently as possible. But also know that none of those measures provide a full solution to this society-scale problem.

The disjointed nature of the exposed Verifications.io data speaks to the chaotic state of the data industry overall. People’s personal information is shared by massive companies like Facebook, bought and sold by shady marketers, or stolen from data giants and doomed to circulate endlessly in the purgatory of criminal forums. The churn makes it difficult for consumers to control who has their data and where it ends up. As Hunt puts it, “Sadly, it’s just another day on the internet.”


More Great WIRED Stories

Britain's Hunt promises 'doctrine of deterrence' against cyberattacks on democracy

LONDON (Reuters) – British foreign minister Jeremy Hunt will set out on Thursday a “doctrine of deterrence”, including economic and diplomatic counter-measures, to prevent cyberattacks that threaten to turn elections into “tainted exercises”.

Britain’s Foreign Secretary Jeremy Hunt is seen outside of Downing Street in London, Britain, March 5, 2019. REUTERS/Peter Nicholls

Britain will try to prosecute those responsible for cyber crimes, part of a growing response by the West against countries that hope to influence elections through disinformation and voter manipulation, he will say in a speech in Glasgow.

“We will always seek to discover which state or other actor was behind any malign cyber activity, overcoming any efforts to conceal their tracks,” Hunt will say, according to pre-released extracts of his speech.

Western countries issued coordinated denunciations of Russia in October for running what they described as a global hacking campaign. Russia has denied the allegations.

In the United States, a federal special counsel is investigating Russian interference in the 2016 presidential election and possible collusion with Donald Trump’s campaign. Moscow has denied any meddling and the U.S. president has said there was no collusion.

Hunt will say there has been no evidence that foreign states have interfered with British votes but that unnamed hostile states are intent on using cyberspace to undermine Western democracies.

“Events have demonstrated how our adversaries regard free elections – and the very openness of a democratic system – as key vulnerabilities to be exploited … authoritarian regimes possess ways of undermining free societies that yesterday’s dictators would have envied,” he will say.

The British response could include the public naming and shaming of any perpetrator together with allies, exposing how the action was carried out and prosecuting those responsible to show they are not above the law.

Hunt will also say that Britain, as part of the European Union, agreed last year to impose sanctions to stiffen its response to cyberattacks and to rush through new curbs on online campaigning by political parties.

“After Brexit, the UK will be able to impose cyber-related sanctions on a national basis,” he will say.

Reporting by Elizabeth Piper; Editing by Frances Kerry

Amazon to close U.S. pop-up stores, focus on opening more book stores

FILE PHOTO: The logo of Amazon is seen at the company logistics centre in Boves, France, August 8, 2018. REUTERS/Pascal Rossignol

(Reuters) – Amazon.com Inc will close all of its U.S. pop-up stores and focus instead on opening more book stores, a company spokesperson said on Wednesday.

The company’s shares closed down 1.4 percent, while shares of bookseller Barnes & Noble Inc ended 8.9 percent lower.

Amazon’s 87 pop-up stores in the United States are expected to close by the end of April, the Wall Street Journal reported earlier on Wednesday, citing some of the employees at the stores.

The news underscores how the online retailer is still working out its brick-and-mortar strategy.

Pop-up stores for years helped Amazon showcase novel products like its voice-controlled Echo speakers, but the company is now able to market those products and more at its larger chain of Whole Foods stores, acquired in 2017, and cashierless Amazon Go stores, which opened to the public last year.

The online retail giant will also open more “4-star stores” – stores that sell items rated 4-stars or higher by Amazon customers, the spokesperson added.

“After much review, we came to the decision to discontinue our pop-up kiosk program, and are instead expanding Amazon Books and Amazon 4-star, where we provide a more comprehensive customer experience and broader selection.”

Reporting by Uday Sampath in Bengaluru; Editing by Maju Samuel