All posts in “Tech News”

First American Financial exposed 16 years’ worth of mortgage paperwork, including bank accounts

Brian Krebs has revealed that a company that primarily works in real estate insurance has left as many as 885 million records exposed on its website — going back to 2003. First American Financial Corp’s big mistake should have been obvious to anybody who would have given a second thought to security. If you had the URL for any document on its website, you could simply add or subtract one to a number in the URL to access another document.

Given the type of business this company is in, those records include incredibly private information. Krebs spoke with Ben Shoval, who brought the exposure to his attention and who says the documents potentially included “Social Security numbers, drivers licenses, account statements, and even internal corporate documents if you’re a small business.”

As of today, the company has closed the hole in its website security. Right now, we can’t know whether anybody actually took advantage of this vulnerability. Contrary to how these sorts of data exposure disclosures usually go, First American Financial isn’t even saying that it has no evidence that the records were accessed. In a statement to Krebs, here’s what it said (emphasis below is ours):

First American has learned of a design defect in an application that made possible unauthorized access to customer data. At First American, security, privacy and confidentiality are of the highest priority and we are committed to protecting our customers’ information. The company took immediate action to address the situation and shut down external access to the application. We are currently evaluating what effect, if any, this had on the security of customer information. We will have no further comment until our internal review is completed.

Lots of private data is actually accessible behind URLs that aren’t password-protected, but are still kept relatively safe because their URLs are complex and unguessable. Google Photos, for example, shares images in this way. But even if you grant that it was good practice for First American Financial to make documents available without a password, it’s still incredibly shortsighted to make those URLs so easy to guess.

Krebs characterizes this data exposure as “truly massive — possibly superlative,” and the number of records and the sensitive information they contained certainly backs that claim up.

We’ve reached out to First American Financial for further comment, but right now it’s unclear what steps people could take to check whether their data was leaked. You can find more information about the exposure at Krebs on Security.

Snap is looking into licensing music for users to embed in posts

Snap is in talks with Sony Music Entertainment, Universal Music Group, and Warner Music Group to license songs for users to embed in posts, according to a Wall Street Journal report. The deal would give users access to a broad catalog of songs to post on Snapchat, much like the features available for Instagram Stories and TikTok.

The licensing deal would come at a time when tech companies are increasingly leaning into music features as a core part of their offerings. The popularity of these videos has allowed social media platforms to launch hit songs — Lil Nas X’s “Old Town Road,” which has been the number one song on the Billboard Top 100 for several weeks, first gained popularity through TikTok as a meme.

Facebook secured a licensing deal with the three major record labels back in 2018, allowing users to put licensed music in their videos across all of its platforms, including Facebook, Messenger, Instagram, and Oculus. The company has used the license to roll out features like Lip Sync Live, an obvious copycat of Musical.ly, which was acquired by Chinese giant ByteDance and folded into TikTok last year.

TikTok’s parent company ByteDance is now working on securing more licensing deals as it gears up to launch a music streaming service. Snap’s licensing deal won’t be quite at that scale, but it will be a step toward keeping the app competitive against Facebook and TikTok. As music copyright issues have been a point of contention between record labels and companies like YouTube and Peloton in recent months, it’ll be in Snap’s best interest to secure licenses quickly.

Some OnePlus 7 Pro phones are having strange phantom tap touchscreen problems

By all accounts, the OnePlus 7 Pro is the nicest phone released by the company yet — with a higher price that reflects as much. But some early buyers are reporting that they’ve noticed phantom screen presses, where apps are responding as if something on the screen had been tapped even when the phone is sitting idle.

OnePlus is aware of the issue, according to Android Police, and says it’s treating it as a high priority after managing to successfully reproduce the problem. If you just bought this phone, you’re no doubt hoping that the phantom taps are something that can be eliminated through a software update and aren’t indicative of a deeper hardware dilemma. The OnePlus 7 Pro has a first-of-its-kind OLED screen with a refresh rate of up to 90Hz.

The Verge has been able to reproduce the ghost presses on one of our OnePlus 7 review units. Like some users on the OnePlus forums, it’s most easy to observe the issue with the app CPU-Z. But others have encountered it in Messages and other apps where phantom taps would prove very bothersome.

This doesn’t seem to be a universal problem that’s affecting all OnePlus 7 Pro phones, but we’ll be keeping an eye on the situation and provide any updates that OnePlus offers regarding a fix.

Social Blade shaped YouTube culture, and creators are now banding together to save it

To those outside of YouTube, Social Blade is just another analytics site that tracks subscriber growth or loss. But it’s not. Social Blade has become a crucial component to being a YouTube creator, providing creators with numbers to prove why they matter as a community.

Now, Social Blade’s time might be up. YouTube’s product team is introducing a change to the platform in August that will hide live subscriber counts. The change will affect third-party sites that use YouTube’s API to render their data, including Social Blade. Dozens of YouTube channels dedicated to live-streaming subscriber battles (like T-Series versus PewDiePie) will no longer work because they won’t have access to Social Blade’s data counter. Social Blade was the first site to quantify YouTube culture’s popularity with easy-to-understand data.

That’s why Social Blade’s existence means everything to the community. Its real-time subscriber counter has become the face of success, and sometimes failure. Social Blade’s counter is just as recognizable as some top creators, and quite frankly, its counter is the most aesthetically pleasing. That’s why many people tweeted in support of the site on Thursday night, managing to get “#SaveSocialBlade” trending across the United States.

“If this had come into effect a few months sooner, the whole PewDiePie vs T-Series meme wouldn’t have even been a thing,” popular YouTube meme creator Grandayy tweeted. “#SaveSocialBlade.”

Some of YouTube’s biggest cultural moments have relied on or incorporated Social Blade. T-Series’ meteoric rise was first noticed by Social Blade; beauty guru Tati Westbrook’s fight with makeup superstar James Charles was fought with Social Blade statistics. It’s not just drama, though. Tonight Show host Jimmy Fallon used a live Social Blade counter to celebrate passing 20 million subscribers with his audience. Watching that counter move and cross over into a million, 5 million, or 10 million subscribers is a cultural staple on YouTube — that’s because of Social Blade.

[embedded content]

To say the response from the community to Social Blade’s predicament overwhelmed the team would be an understatement.

“Since we provide most of our services to the community for free as a community service without requiring even a log in most of the time we don’t really even know who is using it,” Social Blade CEO Jason Urgo told The Verge via email. “The amount of people, big and small that have been showing their support and even got us to become a trending topic in a couple of countries last night is just so humbling.”

Many creators used the #SaveSocialBlade hashtag as a way to point out how necessary Social Blade has always been. YouTube has slowly added to its internal studio tool for YouTubers, and is trying to get more people to rely on some of the platform’s internal metric tools that are just being introduced. Killing off a Social Blade’s abilities, however, is the wrong way to go about it.

“To see YouTube effectively killing off Social Blade is painful to watch,” comedian and popular YouTuber Jesse Ridgway tweeted. “We’ve turned to SB for years for live subscriber counts and simplified statistics.”

Urgo told The Verge that a YouTube representative did reach out to the Social Blade team after the hashtag began trending to discuss upcoming API changes. He doesn’t know if that’s going to change anything for his website, but he’s hopeful. YouTubers are mad, and when creators get angry, YouTube tends to listen.

Teenage Engineering’s first record label is a showcase for its delightful synths

Swedish music hardware company Teenage Engineering has developed a cult following around their design-forward synthesizers. Now it’s expanded into another portion of the music industry and launched a record label. Naturally called Teenage Engineering Records, the company says the label only has two rules for releases: “it needs to be a good song,” and the song must use at least one Teenage Engineering instrument.

The label’s first release is “You’re In Love with Your Hair” by newcomer Swedish artist Emil Lennstrand, otherwise known as Buster. This appears to be his first release ever, and Teenage Engineering says he’s currently finishing up a bunch of songs that will be released in the near future. “You’re In Love with Your Hair” was partially made with the 400 — one of Teenage Engineering’s self-assembly modular synths — and immediately starts with a ringing, metallic sound that morphs and mutates as the song progresses.

Teenage Engineering’s 400 synth
Image: Teenage Engineering

Teenage Engineering first debuted the 400 earlier this year. It’s an analog modular synthesizer with a “warm natural analog sound” that’s packed with three oscillators, a 16-step sequencer, filter, LFO, two envelopes, noise, random generator, two VCAs, a mixer, speaker box, and power pack. It comes as a flat pack kit, and requires Ikea-style assembly with folding aluminum panels.

There’s a wide array of instruments available from Teenage Engineering, from its popular Pocket Operator line to the retro-future OP-1 synthesizer, and its flat pack line that includes the 400 and also a monophonic analog synth called the 170. This record label is a smart way to showcase them, make the synths feel accessible, and put a shine on new talent in the process. Take a listen to “You’re In Love with Your Hair” below, or on Spotify.

[embedded content]