Tech Brew Ride Home - Tue. 07/30 - The Capital One Breach Is A Weird One
Episode Date: July 30, 2019Another day, another data breach… but this Capital One breach has some odd new wrinkles, the Android smartphone industry continues to be a tough gig for most manufacturers, I’m ready for smart con...tact lenses and apparently, the YouTube creator community is ready for a union. Sponsors: WeWorkRemotely.com PaintYourLife.com: Text the word TECH to 48-48-48 Links: Capital One says data breach affected 100 million credit card applications (Washington Post) Amazon's cloud was at the heart of the big Capital One hack, even though it doesn't seem to be at fault (Business Insider) Sony and LG still struggled to sell smartphones in Q2 2019, surprising nobody (Android Police) Scientists create contact lenses that zoom on command (Engadget) Techstars raises $42 million from SVB and Foundry Group to accelerate its growth in Europe and beyond (Tech.eu) Israel's New Top Unicorn: Monday.com Hits $1.9 Billion Valuation With $150 Million Raise (Forbes) Real estate platform Compass raises another $370M on a $6.4B valuation en route to an IPO (TechCrunch) PBS & PBS Kids Coming to YouTube TV Later This Year (The Streamable) The YouTubers Union Is Not Messing Around (Motherboard) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco.
Hey, who did this to you?
What happened next turned the story into a political firestorm.
Reports have identified the victim as Bob Lee, the founder of Cash App.
From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16.
Welcome to the TechMeme right home for Tuesday, July 30th, 2019.
I'm Brian McCullough today.
Another day, another data breach, but this Capital One breach has some odd new wrinkles.
The Android smartphone industry continues to be a tough gig for most manufacturers.
I'm ready for smart contact lenses.
And apparently, the YouTube creator community is ready for a union.
Here's what you missed today in the world of tech.
Capital One has announced a data breach affecting 106 million.
U.S. and Canadian customers with most of the info accessed from credit card applications.
Capital One says no credit card numbers or logging credentials were compromised, nor they say,
did the vast majority of the affected applications contain social security numbers.
But still, quoting the Washington Post, the hack appears to be one of the largest data breaches
ever to hit a financial services firm. In 2017, the credit reporting company Equifax
disclosed that hackers had stolen the personal information of 147 million people.
Last week, it reached a $700 million settlement with U.S. regulators over that breach, end quote.
Yes, indeed. That Equifax settlement is very much in the news. Have you gone online yet to claim your $125?
Straight up editorializing here, please take the $125. Don't agree to the free credit reporting service.
Because first of all, what, you're going to trust again checking notes here.
The company that lost your data originally, don't give them the satisfaction of winning your business after screwing up.
Make them cut you a check.
That's the only thing that feels like justice, right?
But back to this Capital One breach.
You know, I sometimes avoid reporting on data breaches because they're seemingly won every single day.
I'd be doing them every single episode of this show.
this is different because it is so large and because it's a credit card company slash bank.
And also the details here are just a little weird.
This is not your run-of-the-mill hack.
In conjunction with these headlines, the FBI has said that it has arrested a Seattle area woman won Page A. Thompson
and charged her with computer fraud and abuse, according to court records.
Various outlets are reporting that Thompson is a former Amazon employee, quoting now from Business Insider.
In the criminal complaint against Thompson, we get some technical detail into how it allegedly went down.
A, quote, firewall misconfiguration left one of Capital One's cloud servers vulnerable to Thompson,
prosecutor said in the complaint, allowing her to send commands that allowed her to access the sensitive data in question.
The complaint doesn't name the cloud provider used by Capital One in this instance,
referring to it only as cloud computing company.
However, a screenshot of a Slack conversation included in the complaint appears to show Thompson referring to
S3, which is the name of Amazon Web Services cloud storage product for developers. A spokesperson for
Amazon Web Services confirmed to Bloomberg that AWS had stored the data, but according to the New York
Times, quote, Amazon said it had found no evidence that its underlying cloud services were compromised, end
quote. In 2016, Capital One signed a deal to make Amazon Web Services its, quote, predominant cloud
computing provider. The complaint alleges Thompson was able to use that misconfiguration referred to
above to send a command that somehow allowed her to obtain security credentials to a specific
account which she was able to use to access, quote, certain of Capital One's folders at the
cloud computing company, end quote, prosecutors allege, end quote. But do note that the complaint
does not suggest that AWS was at fault for Thompson's again alleged intrusion, nor does there
seem to be evidence that Capital One was somehow negligent. Quote, this type of vulnerability is not
specific to the cloud. The elements of infrastructure involved are common to both cloud and on-premises
data center environments, Capital One said in a press release on the data breach. The speed with which
we were able to diagnose and fix this vulnerability and determine its impact was enabled by our
cloud operating model, end quote. Let's check in with the Android ecosystem, at least on the
hardware side. As ever, Samsung seems to be basically the only Android manufacturer that can reliably make
money in the smartphone game.
There's Samsung, and then there's basically everyone else.
In Q2 of 2019, for example, LG reported mobile division sales of $1.38 billion, which is down
21% year over year, though it is a slight 6% increase quarter over quarter.
And quoting Android Police, it's a similar story over at Sony, whose sales in the electronics,
products, and solutions division that smartphones are now a part of reached 770.
$76 million, marking a 15% decrease year-on-year.
The Japanese company attributes the poor performance to a drop in shipments of not just
smartphones, but also televisions and digital cameras, to areas that Sony usually does
better in.
The negative impact of foreign exchange rates also contributed to a decrease in operating
income, but the mobile communications department is at least cutting costs in an attempt
to balance the books, end quote.
Sony, in fact, only shipped 900,000 smartphone units, which is a lot of the cost.
is less than half of what it did in the same quarter last year. As Charles Arthur snarked on Twitter,
quote, wow, Sony breaks the million smartphone shipped measure, but in the wrong direction,
meant to go above it people, not below, end quote. And I didn't cover this, but Google recently
said that it doubled its pixel unit sales year over year, but of course, Google has never
shared actual sales numbers for its flagship pixel Android phones, so it's not
clear if doubling sales is as impressive as it sounds. As the Virges Dan Seifert tweeted, quote,
so they sold two? Jokes aside, doubled pixel sales doesn't really impress when you take
into account that Google already said pixel sales were terrible before the 3A. The 3A was launched
on three times as many carriers slash distribution points as the two or three. It launched for half
the price of the three. There was nothing else launched in May to compete with it. And so,
based on those factors. If the 3A was popular, it would have had far more than, quote, double
pixel sales. But since Google doesn't say how many it did or more accurately didn't sell,
it can get away with generalizations, end quote. For the second day in a row, let me tell you
about a cool concept that I would sure love to see show up eventually in the real world.
How about this for an idea, smart contact lenses? Now, of course, in science fiction, we're all
waiting for some sort of smart contact lenses that have AR in them,
something that can overlay data into our field of vision.
And we're nowhere near that yet, but get a load of this.
Imagine contact lenses that could zoom on command.
That's right, blink twice and you could see far away or up close, quoting Gizmodo.
Scientists at the University of California, San Diego, have created a prototype contact lens that is controlled by the eyes movements.
wearers can make the lenses zoom in or out by simply blinking twice.
A paper detailing the team's findings was published this month in advanced functional materials.
The biomimetic lenses are made of stretchy polymer films that respond to the electric signals generated by your eyes when they make a movement such as blinking, known as electrocolographic signals.
Humans are even capable of emitting the electric impulses when they're sleeping.
Even if your eye cannot see anything, many people can still move their eyeball and generate this electrocoloographic signal, said lead researcher, Shangjiang Kai to new scientist, end quote.
Now this is still extremely experimental prototype stuff, so we're still years away, or maybe even decades away from this coming to a functional consumer product, but still would want.
Let's do a quick wrap-up of notable raises.
TechStars is that worldwide network of startup accelerators and entrepreneurial mentoring programs.
And it has raised $42 million led by SVB Financial Group, quoting TechEU.
The company's investment activity now includes 49 accelerator programs in 35 cities across 16 countries,
deploying $80 million into nearly 500 startups on an annual basis.
Founded in 2006, TechStars' current portfolio of 1900 companies is said to attract an annual $2 billion in downstream investment from the venture capital industry.
And by operating approximately 1,000 annual startup weekend events in 600 cities across 120 countries, tech stars seems to be on the forefront of startup ecosystems worldwide, end quote.
Next, workplace collaboration platform Monday.com is advertising all over the New York City subway.
But that's not the news.
It has raised $150 million series D, led by Sapphire Ventures, at a $1.9 billion valuation, quoting from Forbes, founded by Mann and Iran Zinman as DePulse in 2014.
Monday has emerged as one of the leaders in work software that helps teams track projects and assign tasks to individuals and groups, a category known as project management.
80,000 paying businesses use Monday today, up from 35,000 a year ago, and including businesses like Phillips, WeWork, and Wix.com.
More than half of monthly users engage with Monday's software daily, according to Zinman.
And Monday.com says it will close this year with more than 150 integrations with other work tools, end quote.
Apparently Monday's annualized revenue grew from $18 million to $50 million in 2018, and it might grow again to hit $100,000.
$120 million this year. So, yeah, that is the sort of growth that will get you places.
Similarly, and finally, real estate platform Compass has raised $370 million at a $6.4 billion
valuation less than a year after raising a $400 million round at a $4.4 billion valuation.
Can you say late-stage investing?
Compass is expected to go public sometime in the next 24 months.
And again, with numbers like this, it probably should.
Crunch says that revenues at Compass are up 250% year over year.
YouTube TV has reached a deal to carry any PBS member station that chooses to partner with it.
The tie-ups will begin later this year and marks the first time that live TV streaming
partnerships for PBS have become a thing because PBS has been one of the last holdouts
for making deals with streaming platforms, quoting the streamable, quote,
Last year, PBS shared the holdup that streaming services want a national feed.
But PBS chief digital and marketing officer Ira Rubinstein said, quote, that doesn't work for us, end quote.
PBS was looking to be treated like a local network affiliate, where member channels can also show their local content.
By coming to a deal for all member stations, they can now freely choose whether they want to join the service.
In March, Rubinstein said, streaming services, quote, don't want to deal with only 10 markets.
they want the top 50 markets.
He said he hoped to announce deals by the end of the year,
so it is likely that the channel will come to more than just YouTube TV.
For those with other services, PBS does offer an on-demand service called PBS Passport.
For $60 a year, you get access to episodes from PBS programs like American Experience, American Masters,
Antiques Roadshow, Nature, Nova, and Masterpiece, including all six seasons of Downton Abbey.
In March, PBS launched a service called PBS Living, which should be.
includes both classic and newer PBS series,
focused on food, cooking, culture, and home.
The service, which costs $2.99 after a seven-day free trial,
includes shows like the French chef, this old house,
Antiques Roadshow, as well as no passport required, and Milk Street, end quote.
And finally today, there is apparently a YouTuber's union.
And at first, seeing that headline, I was like, what?
That can't be real.
but there is a YouTuber's union and it has partnered with IGMetall, Europe's largest trade union,
to launch a campaign to voice concerns about video monetization and distribution on the video platform on behalf of creators.
Quote, in recent years, YouTube creators have consistently spoken out about changes to the massive platform that they say they are rarely consulted on that affect their ability to make money.
For example, YouTube has repeatedly changed how it handles copyright takedown requests, allowing copyright holders to assert copyright on and monetized videos that they didn't upload, for example.
YouTube has also controversially demonetized or issued content warnings to some innocuous channels.
One of the creators leading the unionization charge, George Sprave, has had his popular slingshot videos removed by YouTube.
Quote, we aren't demanding things that cut into profits or are unrealistic.
We want fairness. We want transparency. We want to be treated like partners.
And we want personal communication instead of anonymous communication, Sprave told Motherboard.
In a video announcing the move, IG Metals' Vice President Christine Benner,
and Sprave said that the partnership meant, quote,
A completely new time begins. It is no longer the case that we are helpless against YouTube.
With the IG Metall, we have a strong, strong partner.
Benner added, quote,
we know from experience that together we can achieve a lot, end quote.
Again, this comes back to YouTube's weird dichotomy around automation.
YouTube has always wanted everything to just be plug-and-play automatic, all controlled by algorithms.
They just want to trigger ads for a universe of content like they do on search, which is highly automated, even totally scientific.
And yet when advertisers complain that their ads are showing up,
up next to shady videos, YouTube has had to placate them personally and by hand.
YouTube also increasingly treats advertisers in the vein of old school admin,
whining and dining their business, giving them upfronts and previews and the like.
At the same time, YouTube also wants it both ways with creators.
They just want everybody to throw up their crazy vlogs and videos,
and it's on the creators to build an audience.
But they increasingly also want to handhold and help high-profile influencers and creators,
until they don't like the crazy antics those high-profile influencers and creators get into.
See the concerns of advertisers I spoke of just previously.
And they have to make nice with smaller creators when those creators complain that they're not big enough deals to get the love and white glove attention from YouTube.
I've said this before, that most major content platforms need to give up the ghosts and admit that they are in the curation of content business.
but this is by far the most true for YouTube.
YouTube, you're Hollywood.
Learn the Hollywood lesson.
If you're in the business of dealing with talent,
that is a personal relationship-based business.
You cannot automate your way out of it.
So cool job opening alert because if you took this job,
you'd essentially work with me every day,
at least inside a Slack channel.
That's because for the first time in two years,
Techmeme.com. The website is hiring editors. Editors work part-time at TechMeme, and they work remotely
from anywhere in the world. They help decide what goes on TechMeme.com, in what order,
and how it should be headlined, et cetera. In other words, you help decide what is news every
day in tech. No experience is required to become an editor other than just knowing the tech
space, knowing tech news and the tech industry, generally having a sense of
the big tech news sites. And I should say that being a tech meme editor is a great entree
into the tech journalism field. There's a whole universe of people in tech news right now who got
their start as tech meme editors. So if this is of interest to you at all, go to techmeme.com
forward slash jobs and send in an application. Talk to you tomorrow.