The Verge - All Posts

    First American Financial exposed 16 years’ worth of mortgage paperwork, including bank accounts

    First American Financial exposed 16 years’ worth of mortgage paperwork, including bank accounts


    Brian Krebs has revealed that a company that primarily works in real estate insurance has left as many as 885 million records exposed on its website — going back to 2003. First American Financial Corp’s big mistake should have been obvious to anybody...

    Brian Krebs has revealed that a company that primarily works in real estate insurance has left as many as 885 million records exposed on its website — going back to 2003. First American Financial Corp’s big mistake should have been obvious to anybody who would have given a second thought to security. If you had the URL for any document on its website, you could simply add or subtract one to a number in the URL to access another document.

    Given the type of business this company is in, those records include incredibly private information. Krebs spoke with Ben Shoval, who brought the exposure to his attention and who says the documents potentially included “Social Security numbers, drivers licenses, account statements, and even internal corporate documents if you’re a small business.”

    As of today, the company has closed the hole in its website security. Right now, we can’t know whether anybody actually took advantage of this vulnerability. Contrary to how these sorts of data exposure disclosures usually go, First American Financial isn’t even saying that it has no evidence that the records were accessed. In a statement to Krebs, here’s what it said (emphasis below is ours):

    First American has learned of a design defect in an application that made possible unauthorized access to customer data. At First American, security, privacy and confidentiality are of the highest priority and we are committed to protecting our customers’ information. The company took immediate action to address the situation and shut down external access to the application. We are currently evaluating what effect, if any, this had on the security of customer information. We will have no further comment until our internal review is completed.

    Lots of private data is actually accessible behind URLs that aren’t password-protected, but are still kept relatively safe because their URLs are complex and unguessable. Google Photos, for example, shares images in this way. But even if you grant that it was good practice for First American Financial to make documents available without a password, it’s still incredibly shortsighted to make those URLs so easy to guess.

    Krebs characterizes this data exposure as “truly massive — possibly superlative,” and the number of records and the sensitive information they contained certainly backs that claim up.

    We’ve reached out to First American Financial for further comment, but right now it’s unclear what steps people could take to check whether their data was leaked. You can find more information about the exposure at Krebs on Security.

    Snap is looking into licensing music for users to embed in posts

    Snap is looking into licensing music for users to embed in posts


    Snap is in talks with Sony Music Entertainment, Universal Music Group, and Warner Music Group to license songs for users to embed in posts, according to a Wall Street Journal report. The deal would give users access to a broad catalog of songs to post on...

    Snap is in talks with Sony Music Entertainment, Universal Music Group, and Warner Music Group to license songs for users to embed in posts, according to a Wall Street Journal report. The deal would give users access to a broad catalog of songs to post on Snapchat, much like the features available for Instagram Stories and TikTok.

    The licensing deal would come at a time when tech companies are increasingly leaning into music features as a core part of their offerings. The popularity of these videos has allowed social media platforms to launch hit songs — Lil Nas X’s “Old Town Road,” which has been the number one song on the Billboard Top 100 for several weeks, first gained popularity through TikTok as a meme.

    Facebook secured a licensing deal with the three major record labels back in 2018, allowing users to put licensed music in their videos across all of its platforms, including Facebook, Messenger, Instagram, and Oculus. The company has used the license to roll out features like Lip Sync Live, an obvious copycat of Musical.ly, which was acquired by Chinese giant ByteDance and folded into TikTok last year.

    TikTok’s parent company ByteDance is now working on securing more licensing deals as it gears up to launch a music streaming service. Snap’s licensing deal won’t be quite at that scale, but it will be a step toward keeping the app competitive against Facebook and TikTok. As music copyright issues have been a point of contention between record labels and companies like YouTube and Peloton in recent months, it’ll be in Snap’s best interest to secure licenses quickly.

    Some OnePlus 7 Pro phones are having strange phantom tap touchscreen problems

    Some OnePlus 7 Pro phones are having strange phantom tap touchscreen problems


    By all accounts, the OnePlus 7 Pro is the nicest phone released by the company yet — with a higher price that reflects as much. But some early buyers are reporting that they’ve noticed phantom screen presses, where apps are responding as if something...

    By all accounts, the OnePlus 7 Pro is the nicest phone released by the company yet — with a higher price that reflects as much. But some early buyers are reporting that they’ve noticed phantom screen presses, where apps are responding as if something on the screen had been tapped even when the phone is sitting idle.

    OnePlus is aware of the issue, according to Android Police, and says it’s treating it as a high priority after managing to successfully reproduce the problem. If you just bought this phone, you’re no doubt hoping that the phantom taps are something that can be eliminated through a software update and aren’t indicative of a deeper hardware dilemma. The OnePlus 7 Pro has a first-of-its-kind OLED screen with a refresh rate of up to 90Hz.

    The Verge has been able to reproduce the ghost presses on one of our OnePlus 7 review units. Like some users on the OnePlus forums, it’s most easy to observe the issue with the app CPU-Z. But others have encountered it in Messages and other apps where phantom taps would prove very bothersome.

    This doesn’t seem to be a universal problem that’s affecting all OnePlus 7 Pro phones, but we’ll be keeping an eye on the situation and provide any updates that OnePlus offers regarding a fix.

    Social Blade shaped YouTube culture, and creators are now banding together to save it

    Social Blade shaped YouTube culture, and creators are now banding together to save it


    To those outside of YouTube, Social Blade is just another analytics site that tracks subscriber growth or loss. But it’s not. Social Blade has become a crucial component to being a YouTube creator, providing creators with numbers to prove why they...

    To those outside of YouTube, Social Blade is just another analytics site that tracks subscriber growth or loss. But it’s not. Social Blade has become a crucial component to being a YouTube creator, providing creators with numbers to prove why they matter as a community.

    Now, Social Blade’s time might be up. YouTube’s product team is introducing a change to the platform in August that will hide live subscriber counts. The change will affect third-party sites that use YouTube’s API to render their data, including Social Blade. Dozens of YouTube channels dedicated to live-streaming subscriber battles (like T-Series versus PewDiePie) will no longer work because they won’t have access to Social Blade’s data counter. Social Blade was the first site to quantify YouTube culture’s popularity with easy-to-understand data.

    That’s why Social Blade’s existence means everything to the community. Its real-time subscriber counter has become the face of success, and sometimes failure. Social Blade’s counter is just as recognizable as some top creators, and quite frankly, its counter is the most aesthetically pleasing. That’s why many people tweeted in support of the site on Thursday night, managing to get “#SaveSocialBlade” trending across the United States.

    “To see YouTube effectively killing off Social Blade is painful to watch.”

    “If this had come into effect a few months sooner, the whole PewDiePie vs T-Series meme wouldn’t have even been a thing,” popular YouTube meme creator Grandayy tweeted. “#SaveSocialBlade.”

    Some of YouTube’s biggest cultural moments have relied on or incorporated Social Blade. T-Series’ meteoric rise was first noticed by Social Blade; beauty guru Tati Westbrook’s fight with makeup superstar James Charles was fought with Social Blade statistics. It’s not just drama, though. Tonight Show host Jimmy Fallon used a live Social Blade counter to celebrate passing 20 million subscribers with his audience. Watching that counter move and cross over into a million, 5 million, or 10 million subscribers is a cultural staple on YouTube — that’s because of Social Blade.

    To say the response from the community to Social Blade’s predicament overwhelmed the team would be an understatement.

    “Since we provide most of our services to the community for free as a community service without requiring even a log in most of the time we don’t really even know who is using it,” Social Blade CEO Jason Urgo told The Verge via email. “The amount of people, big and small that have been showing their support and even got us to become a trending topic in a couple of countries last night is just so humbling.”

    Many creators used the #SaveSocialBlade hashtag as a way to point out how necessary Social Blade has always been. YouTube has slowly added to its internal studio tool for YouTubers, and is trying to get more people to rely on some of the platform’s internal metric tools that are just being introduced. Killing off a Social Blade’s abilities, however, is the wrong way to go about it.

    “To see YouTube effectively killing off Social Blade is painful to watch,” comedian and popular YouTuber Jesse Ridgway tweeted. “We’ve turned to SB for years for live subscriber counts and simplified statistics.”

    Urgo told The Verge that a YouTube representative did reach out to the Social Blade team after the hashtag began trending to discuss upcoming API changes. He doesn’t know if that’s going to change anything for his website, but he’s hopeful. YouTubers are mad, and when creators get angry, YouTube tends to listen.

    Teenage Engineering’s first record label is a showcase for its delightful synths

    Teenage Engineering’s first record label is a showcase for its delightful synths


    Swedish music hardware company Teenage Engineering has developed a cult following around their design-forward synthesizers. Now it’s expanded into another portion of the music industry and launched a record label. Naturally called Teenage Engineering...

    Swedish music hardware company Teenage Engineering has developed a cult following around their design-forward synthesizers. Now it’s expanded into another portion of the music industry and launched a record label. Naturally called Teenage Engineering Records, the company says the label only has two rules for releases: “it needs to be a good song,” and the song must use at least one Teenage Engineering instrument.

    The label’s first release is “You’re In Love with Your Hair” by newcomer Swedish artist Emil Lennstrand, otherwise known as Buster. This appears to be his first release ever, and Teenage Engineering says he’s currently finishing up a bunch of songs that will be released in the near future. “You’re In Love with Your Hair” was partially made with the 400 — one of Teenage Engineering’s self-assembly modular synths — and immediately starts with a ringing, metallic sound that morphs and mutates as the song progresses.

    Image: Teenage Engineering Teenage Engineering’s 400 synth

    Teenage Engineering first debuted the 400 earlier this year. It’s an analog modular synthesizer with a “warm natural analog sound” that’s packed with three oscillators, a 16-step sequencer, filter, LFO, two envelopes, noise, random generator, two VCAs, a mixer, speaker box, and power pack. It comes as a flat pack kit, and requires Ikea-style assembly with folding aluminum panels.

    There’s a wide array of instruments available from Teenage Engineering, from its popular Pocket Operator line to the retro-future OP-1 synthesizer, and its flat pack line that includes the 400 and also a monophonic analog synth called the 170. This record label is a smart way to showcase them, make the synths feel accessible, and put a shine on new talent in the process. Take a listen to “You’re In Love with Your Hair” below, or on Spotify.

    Amazon still hasn’t fully given up on its mall kiosks

    Amazon still hasn’t fully given up on its mall kiosks


    Amazon can’t seem to decide whether it wants its own mini-stores inside shopping malls. After the company decided earlier this year to close the many kiosks it had maintained at malls, a few new ones have sprung up. As Business Insider notes,...

    Amazon can’t seem to decide whether it wants its own mini-stores inside shopping malls. After the company decided earlier this year to close the many kiosks it had maintained at malls, a few new ones have sprung up. As Business Insider notes, Amazon’s revamped mall presence is being called “Presented by Amazon.”

    Unlike the previous mall kiosks, which were showcases for Amazon’s Echo, Kindle e-readers, Fire TV, and other first-party hardware, this new approach offers “a themed selection of top brands, frequently updated and presented to you by Amazon.” So, as with its Amazon 4-star retail stores, it sounds like the selection at Presented by Amazon will be rotated out on a regular basis — and it won’t be limited to Amazon’s own products.

    Image: Amazon

    There are only four Presented by Amazon locations at the moment, with two in California and one each in Illinois and Nevada. Amazon was operating 87 mall kiosks as of March before announcing that they’d all be closing down. “After much review, we came to the decision to discontinue our pop-up kiosk program, and are instead expanding Amazon Books and Amazon 4-star, where we provide a more comprehensive customer experience and broader selection,” a spokesperson told The Verge at the time.

    But clearly Amazon thinks putting itself in malls is still a worthwhile effort. The retailer’s website shows one Presented by Amazon space as being outdoors, but others are very much traditional kiosks, such as this one at the Century City mall.

    Aside from 4-star, Amazon also continues to open new locations for its Amazon Go stores, most recently in New York City. Last month, the company said it would start accepting cash at the Go stores, which were originally positioned as wholly automated and cashier-free.

    Taika Waititi’s live-action Akira movie gets May 2021 release date

    Taika Waititi’s live-action Akira movie gets May 2021 release date


    Thor: Ragnarok director Taika Waititi’s next big-budget project, a live-action version of the beloved manga series Akira, finally has a release date, The Wrap reports: May 21st, 2021. Waititi’s project, which is being distributed by Warner Bros.,...

    Thor: Ragnarok director Taika Waititi’s next big-budget project, a live-action version of the beloved manga series Akira, finally has a release date, The Wrap reports: May 21st, 2021.

    Waititi’s project, which is being distributed by Warner Bros., was first announced in 2017. The announcement came just before Waititi’s first major blockbuster film, Thor: Ragnarok, was released. Although Waititi built up a cult-like fan base around himself thanks to movies like What We Do in the Shadows and Eagle vs Shark, the Akira announcement made longtime fans of the manga series — and the critically acclaimed 1988 anime adaptation — nervous. Waititi told Dazed magazine in April 2018 that he was more than aware of the concern.

    “What I wanted to do was an adaptation of the books, ’cos a lot of people are like, ‘Don’t touch that film!’ and I’m like, ‘I’m not remaking the film, I want to go back to the book,’” Waititi told Dazed. “A lot of the people freaking out haven’t even read the books, and there are six gigantic books to go through. It’s so rich.”

    The project also has the support of original manga author Katsuhiro Otomo. Otomo told Forbes in 2017 that although he was ready to step away from Akira, he’s okay with other people adapting his work. His one condition, however, is being allowed “to check and approve the scenario” for a live-action adaptation. Otomo struggled with adapting the work as a live-action film himself, but it sounds like he’ll work closely with Waititi to bring the story to light.

    Recent live-action adaptations of popular manga and anime haven’t exactly gone well. Netflix’s Death Note was panned by critics for not understanding the tone of the source material, and Rupert Sanders’ live-action adaptation of Ghost in the Shell was too reliant on the original anime movie to the point that it didn’t work. Ghost in the Shell also received backlash for casting Scarlett Johansson, with the studio facing accusations of whitewashing.

    Fans are still hesitant, but Waititi has more than proved since the announcement that if any director can do it, it’s him. Thor: Ragnarok was critically praised, and set Waititi up as a director not scared to take on a project or franchise with a strong built-in fan base. Though even he suggested in 2018 that he hadn’t “really started to get my head around it yet.”

    It’s too early to say what Waititi’s Akira will look like, but considering the director’s history, it might be safe to feel optimistic. Warner Bros. certainly is. When it releases on May 21st, 2021, Akira will have to go head to head with an untitled Marvel movie and John Wick 4.

    CrossFit storms off Facebook and Instagram, citing long list of grievances

    CrossFit storms off Facebook and Instagram, citing long list of grievances


    CrossFit, the branded workout regimen, deleted its Facebook and Instagram pages earlier this week and explained the reasoning through an impassioned press release. The announcement lists various reasons for the indefinite suspension of its accounts,...

    CrossFit, the branded workout regimen, deleted its Facebook and Instagram pages earlier this week and explained the reasoning through an impassioned press release. The announcement lists various reasons for the indefinite suspension of its accounts, including accusations that Facebook’s News Feeds are “censored and crafted to reflect the political leanings of Facebook’s utopian socialists.”

    The issue stemmed from the deletion of a South Africa-based Facebook group, Banting 7 Day Meal Plans, which the company says happened without warning or explanation. The group, which is unrelated to CrossFit but has 1.6 million members espousing the benefits of a low-carb, high-fat diet like CrossFit’s recommended nutritional regimen, has since been reinstated. But the damage was done, and the deletion was the final straw in addition to CrossFit’s wariness over how Facebook handles user data.

    The company describes itself as a contrarian group that “stands steadfastly and often alone against an unholy alliance of academia, government, and multinational food, beverage, and pharmaceutical companies.” It appears that CrossFit regularly finds itself up against the world, as this latest announcement was categorized in a section of the website labeled “Battles.” Its position as a dissenting voice in the fitness industry is why CrossFit believes that it could be a target: “Facebook’s action should give any serious person reason to pause, especially those of us engaged in activities contrary to prevailing opinion.”

    CEO Greg Glassman told the Morning Chalk Up, a CrossFit blog, that Facebook “doesn’t comport with my community standards for privacy and decency, so we’re out.” His list of grievances with the social networking site is extensive, but are generally fair criticisms. Below is the list of “publicly sourced complaints” in full, which he believes may jeopardize the security of the CrossFit community:

    1. Facebook collects and aggregates user information and shares it with state and federal authorities, as well as security organizations from other countries.

    2. Facebook collaborates with government security agencies on massive citizen surveillance programs such as PRISM.

    3. Facebook censors and removes user accounts based on unknown criteria and at the request of third parties including government and foreign government agencies.

    4. Facebook collects, aggregates, and sells user information as a matter of business. Its business model allows governments and businesses alike to use its algorithmically conjured advertising categories as sophisticated data-mining and surveillance tools.

    5. Facebook’s news feeds are censored and crafted to reflect the political leanings of Facebook’s utopian socialists while remaining vulnerable to misinformation campaigns designed to stir up violence and prejudice.

    6. Facebook, as a matter of business and principle, has weak intellectual property protections and is slow to close down IP theft accounts.

    7. Facebook has poor security protocols and has been subject to the largest security breaches of user data in history.

    And finally,

    8. Facebook is acting in the service of food and beverage industry interests by deleting the accounts of communities that have identified the corrupted nutritional science responsible for unchecked global chronic disease. In this, it follows the practices of Wikipedia and other private platforms that host public content but retain the ability to remove or silence—without the opportunity for real debate or appeal—information and perspectives outside a narrow scope of belief or thought. In this case, the approved perspective has resulted in the deaths of millions through preventable diseases. Facebook is thus complicit in the global chronic disease crisis.

    So there you have it! You’ll still be able to keep up with CrossFit clips on YouTube or Twitter, but say goodbye to seeing CrossFit influencers post their gains on Facebook or Instagram.

    Hulu has ordered a horror anthology series based on North American Lake Monsters

    Hulu has ordered a horror anthology series based on North American Lake Monsters


    Hulu has ordered a new horror anthology series based on Nathan Ballingrud’s short-story collection North American Lake Monsters, according to Deadline. It’ll be produced by Babak Anvari and Lucan Toh, the creative team behind the horror film Wounds,...

    Hulu has ordered a new horror anthology series based on Nathan Ballingrud’s short-story collection North American Lake Monsters, according to Deadline. It’ll be produced by Babak Anvari and Lucan Toh, the creative team behind the horror film Wounds, which debuted at the Sundance Film Festival in January. They’re already familiar with Ballingrud’s work: Wounds is based on another Ballingrud story, The Visible Filth. Anvari wrote and directed the movie, and Toh was one of the producers. The film stars Dakota Johnson, Armie Hammer, and Zazie Beetz.

    The North American Lake Monsters series is planned as an eight-episode season, produced by Mary Laws, who produced AMC’s Preacher and co-wrote Nicolas Winding Refn’s film The Neon Demon. Hulu says the series will explore the plights of people “driven to desperate acts in an attempt to repair their lives, ultimately showing there is a thin line between man and beast.” Their stories will feature “encounters with Gothic beasts, including fallen angels and werewolves.”

    ‘North American Lake Monsters’ is an outstanding showcase for short horror

    That’s an apt description of Ballingrud’s collection. North American Lake Monsters (the series probably won’t share the same name as the collection; it’s just being called Untitled Mary Laws Project) gathers nine of Ballingrud’s short stories, featuring a man facing werewolves, a Lovecraftian adventure in the arctic, some very scary vampires, and a father and daughter who deal with the discovery of a beached lake monster.

    The collection is an outstanding showcase for short horror. The individual stories are fantastic examples of how to pace a story and build a sense of tension, using the supernatural to frame the relatable problems people face everyday. There’s been a glut of good anthology-style shows out there on streaming services — Netflix’s Black Mirror, CBS’s The Twilight Zone, HBO’s Room 104, Amazon’s Electric Dreams, and Hulu’s Dimension 404 — and if it’s done right, this series could be a stand-out entry. If it does well, Hulu would do well to also look at Ballingrud’s latest collection, Wounds, which hit stores back in April.

    Elon Musk’s Boring Company staged a race between a Tesla in a tunnel and one on the road

    Elon Musk’s Boring Company staged a race between a Tesla in a tunnel and one on the road


    The Boring Company, Elon Musk’s tunneling venture, staged a race recently between two Tesla vehicles: one on the road in normal traffic, and the other in the 1.14-mile tunnel that runs underneath SpaceX’s headquarters in Hawthorne, Calif. Suffice to...

    The Boring Company, Elon Musk’s tunneling venture, staged a race recently between two Tesla vehicles: one on the road in normal traffic, and the other in the 1.14-mile tunnel that runs underneath SpaceX’s headquarters in Hawthorne, Calif. Suffice to say, it wasn’t much of a contest.

    The tunnel Tesla was the clear victor, emerging out onto the road a full 3 minutes and 8 seconds before the one took surface streets. In fact, the car in the tunnel reached the finish line before the car in traffic even got passed the first red light.

    Wanna race? pic.twitter.com/zDNpdsdHaM

    — The Boring Company (@boringcompany) May 24, 2019

    Most notably, the Tesla in the tunnel hit a maximum speed of 127 mph. That’s significantly faster than what the Boring Company demonstrated for reporters and city officials (including our own Liz Lopatto) at a lavish event back in December. Those rides were also incredibly bumpy, which Musk attributed to a faulty paving machine. This one seemed to be smoother — at least according to the video footage.

    The race was posted to Twitter less than 24 hours after the Boring Company received its first approval to dig a pair of tunnels beneath the Las Vegas Convention Center. The $48.6 million project is slated to be completed in time for the Consumer Electronics Show in January 2021 — though Musk has suggested it could be up and running by the end of the year.

    The tunneling project began with a 2016 tweet

    The Boring Company first began with a 2016 tweet, in which Musk wrote, “Traffic is driving me nuts. Am going to build a tunnel boring machine and just start digging...” It has since grown to include the test tunnel in Hawthorne, the recently approved Las Vegas “people mover,” a $1 billion bid for a Chicago tunnel to O’Hare Airport that’s on the skids, and a Washington, DC-to-Baltimore tunnel, which is currently undergoing an environmental assessment.

    Transportation advocates, though, are worried that a new tunnel network for cars will just create more above-ground congestion, especially as vehicle queue up to enter the tunnel. Musk has also been criticized for building tunnels that only accommodate cars rather than vehicles with greater capacity to carry more people.

    The Boring Company staged this race to answer a simple question: which is faster, the road or the tunnel? But as The Verge’s deputy editor Thomas Ricker aptly notes, this is a false comparison and is the “equivalent of bragging about 5G speeds before any phones are released to consumers.”