Over the years, Registered Agents Inc., a secretive company that made its business setting up other businesses, has registered thousands of companies with people who didn’t appear to exist. Multiple former employees told Wired that the company often used false personas they claimed to set up companies on behalf of clients. An investigation found that thousands of companies listed these allegedly false personas on their registration documents, which were linked to registered agents.
State attorneys general across the United States sent a letter to Meta on Wednesday asking the company to “take immediate action” as complaints about hacked Facebook and Instagram accounts surged to a record high. Data provided by the office of New York Attorney General Letitia James, who is leading the effort, shows that her office received more than 780 complaints in 2023, 10 times the number in 2019. Many of the complaints cited in the letter said Meta did nothing to help. They recovered the stolen accounts. “We refuse to serve as your company’s customer service representatives,” officials wrote in the letter. “Appropriate investment in response and mitigation measures is mandatory.”
Meta, meanwhile, suffered a major outage this week that took most of its platform offline. When it comes back, users are often forced to log back into their accounts. However, last year the company changed the way two-factor authentication works for Facebook and Instagram. Now, any device you’ve used metaservices on regularly in recent years will be trusted by default. The move has experts uneasy. This means your device may no longer require a 2-step verification code to log in. We’ve updated our guidance on how to turn off this setting.
A ransomware attack on healthcare company Change Healthcare has thrown pharmacies across the U.S. into chaos, causing delays in prescription drug deliveries across the country. Last week, a Bitcoin address linked to the group behind the attack, AlphV, received $22 million in cryptocurrency, suggesting that Change Healthcare may have paid the ransom. A spokesman for the company declined to answer whether it was behind the payments.
there are more. Each week, we highlight news we don’t cover in depth ourselves. Click on the title below to read the full story. And stay safe out there.
In January, Microsoft revealed that Nobelium, a notorious Russian state-sponsored hacking group, had penetrated the email accounts of the company’s senior leadership team. Today, the company revealed that the attack is ongoing. The company explained in a blog post that in recent weeks, evidence emerged that hackers were using information leaked from its email system to gain access to source code and other “internal systems.”
It’s unclear exactly what internal systems were accessed by Nobelium, which Microsoft calls Midnight Blizzard, but according to the company, it’s not over yet. The blog post states that hackers are now using “different types of secrets” to further penetrate their systems. “Some of these secrets were shared via email between customers and Microsoft, and when we discovered these secrets in the leaked emails, we have and are contacting those customers to help them take mitigation measures.”
Nobelium was responsible for the SolarWinds attack, a sophisticated 2020 supply chain attack that compromised thousands of organizations, including major U.S. government agencies such as the Department of Homeland Security, Defense, Justice, and Treasury.