Tech Brew Ride Home - Wed. 03/23 – Maybe Apple Should Just Start A Bank

Episode Date: March 23, 2022

Customers are getting frustrated with Okta over that potential Lapsus$ hack. Apple’s acquisition of an open banking startup is interesting. Yuga Labs is the (forgive me) 800lb gorilla of the NFT spa...ce. And why Zuckerberg’s personal remote work regimen might explain why he’s so obsessed with having meetings in VR. Links: Linkedin.com/ride Links: The Third-Party Okta Hack Leaves Customers Scrambling (Wired) Apple acquires UK open banking startup Credit Kudos (The Block) Apple Buys UK Fintech Start-Up Credit Kudos (CNBC) El Salvador postpones bitcoin bond issue, expects better conditions (Reuters) Bored Ape Yacht Club creator raises $450 million to build an NFT metaverse (The Verge) Crypto investor Katie Haun raises $1.5 billion, the largest debut fund ever by a female VC (CNBC) Mark Zuckerberg and Meta’s Leadership Take Remote Work to the Extreme (WSJ) Zoom’s new virtual avatars let you show up to your next meeting as a dog (The Verge) Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco. Hey, who did this to you? What happened next turned the story into a political firestorm. Reports have identified the victim as Bob Lee, the founder of Cash App. From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16. Welcome to the Tech meme right home for Wednesday, March 23rd, 2022. I'm Brian McCullough today. Customers are getting frustrated with Octa over that potential lapsus hack. Apple's acquisition of an open banking startup is interesting. Yuga Labs is the, forgive me, 800-pound gorilla of the NFT space, and why Mark Zuckerberg's personal remote work regimen might explain why he's so obsessed with having meetings in VR. Here's what you miss today in the world of tech. Let's follow up on yesterday's big infosec headlines. Octa has confirmed an attacker accessed an engineer's laptop in January, consistent with posted screenshots by Lapsis,
Starting point is 00:01:15 as customers of Octa struggled to grasp their exposure to this potential hack. And that's the point. Octa is the service that you use to help you keep your stuff secure, your people secure, so lots of folks are wondering to what degree this has exposed them. Octa says the, quote, maximum potential impact of its security breach was 366 customers whose data was accessed by outside contractor SITEL. ACTA has more than 15,000 clients in total, quoting Wired. In an expanded statement on Tuesday afternoon, Octa's chief security officer David Bradbury said categorically, quote, the Octa service has not been breached, end quote.
Starting point is 00:01:55 The details that have emerged, though, including from Bradbury's statement itself, paint a confusing picture, and the conflicting information has made it difficult for Octa customers and others who depend on them to assess their risk and the extent of the damage. There are two big unknowns when it comes to the Octa incident, the specific nature of the incident and how it might impact Octa customers, says Keith McCammon, Chief Security Officer at the Network Security and Incident Response firm Red Canary. This is exactly the type of situation that leads customers to expect more proactive notification of security incidents that impact their products or customers, end quote. On Tuesday evening, about eight hours after posting an initial statement,
Starting point is 00:02:35 ACTA updated the notice with some expanded information. Specifically, the company admitted that roughly 2.5% of its customers, quote, have potentially been impacted, adding that their data, quote, may have been viewed or acted upon, end quote. The company says it has contacted all those organizations, likely more than 350 of them, given that ACTA reported having more than 14,000 customers as of February. Bradbury's original statement said that the company only received analysis of the January incident this week from the private forensics firm it hired to assess the situation. The timing coincides with Lapsis' decision to release screenshots via telegram that claim to detail its Octa administrative account access from late January. The company's expanded statement
Starting point is 00:03:20 opens by saying that it, quote, detected an unsuccessful attempt to compromise the account of a customer support engineer working for a third-party provider, end quote. But apparently some attempt was successful because Bradbury goes on to say that the incident report recently revealed, quote, a five-day window of time between January 16 and 21, where an attacker had access to a support engineer's laptop, end quote. The statement adds that during those five days, attackers would have had the full access that support engineers are granted, which does not include the ability to create or delete users, download customer databases, or access existing user passwords, but does include access to Jira tickets, lists of users, and crucially, the ability
Starting point is 00:04:01 to reset passwords for multi-factor authentication tokens. The latter is the main mechanism Lapsis' hackers would have likely abused to take over Octa tokens at Target organizations and infiltrate. Octa says that it is contacting customers who may have been impacted. On Tuesday, though, companies including the internet infrastructure from Cloudflare raised the question of why they were hearing about the incident from tweets and criminal screenshots rather than from Octa itself. The identity management company seems to maintain, though, that compromising a third-party affiliate in some way is not a direct breach. In Octa's statement, they said they were not breached and that the attacker's attempts were unsuccessful, yet they openly admit that attackers had access to customer data, says
Starting point is 00:04:44 independent security researcher Bill Demer Kappi. If Octa knew since January that an attacker may have been able to access confidential customer data, why did they never inform any of their customers? And quote. Meanwhile, Microsoft has confirmed that Lapsis compromised, quote, a single account and stole portions of source code for some products, but says that no Microsoft customer code or data was involved, and quote. It's always interesting when Apple makes an acquisition,
Starting point is 00:05:18 since they do so so quietly and so comparatively rarely, but this might be more interesting than most. Apple has acquired UK banking startup credit kudos, which offers APIs for lenders. Sources say the deal is valued at around $150 million. Now, what's interesting here is that this is an open banking company, which, well, let's explain that, quoting the block. The startup offers insights and scores on loan applicants drawn from bank data, specifically transaction and loan outcome data, sourced via the UK's open banking framework. Its API can offer lenders faster decision-making, less risk, and increased acceptance rates, according to its website.
Starting point is 00:05:56 Launched in 2015 by founders Freddie Kelly and Matt Schofield. Credit kudos became the latest in a string of big European open banking acquisitions in the past year, albeit the first to be snapped up by a tech giant. Up till now, card network operators, MasterCard, and Visa have been driving consolidation in the sector. In June 2021, Visa paid $1.8 billion, roughly $2.15 billion at the time, for Swedish open banking firm Tink, an acquisition that was finalized earlier this month. In September, MasterCard announced the acquisition of Aya, a Danish open banking startup. It is not yet clear what Apple has planned for credit kudos. The Silicon Valley-based company currently offers financial products
Starting point is 00:06:36 primarily through its mobile wallet Apple pay and in the form of a credit card that it began rolling out in August 2019, end quote. And quoting from CNBC, the company operates in a nascent space in the world of FinTech known as open banking, where third-party firms securely linked to people's bank accounts to extract information and make payments on their behalf, provided they've given consent to do so. The trend has gained momentum in Europe in recent years, thanks to FinTech-friendly rules introduced in 2018, that aimed to increase competition in the payments industry. It has ignited huge interest from investors with Silicon Valley startup Plaid being valued at $13.4 billion in a funding round last year. Plad had previously agreed to be bought by Visa, but scrapped those plans
Starting point is 00:07:18 following an antitrust lawsuit from the U.S. government. Visa subsequently acquired Tink, a Swedish company that competes with Plaid for $2.1 billion. Based in London, credit kudos develops software that uses customers banking data to make more informed credit checks on loan applications. It is a challenger to the big credit reporting agencies which include Equifax, Experian, and TransUnion, end quote. So, let's speculate. This could just be an entree for Apple to offer an Apple card in the UK, or maybe this is their way to take the Apple Card International, but also, quoting Simon Taylor on Twitter, thoughts on Apple acquiring UK open banking company. Apple buy now, pay later? Credit kudos could make underwriting and pay instant. Will Apple try to acquire a U.S.
Starting point is 00:08:04 open banking company? Everyone is trying to build the Apple Watch for money, but what if Apple built the Apple Watch for money? End quote. Quick check back in on El Salvador. as the country has postponed its $1 billion Bitcoin-backed bond planned for March 15th through 20th, citing unfavorable market conditions. Quoting Reuters, the launch of the bond could be postponed until September, as Bitcoin has swooned since hitting a record high above $67,000, 500 in early November. It lost almost half of its value by January 22, and traded at 42,609 on Tuesday, according to refinative ICON data.
Starting point is 00:08:49 Now is not the time to issue the bond, according to finance minister Alejandro Zelia, who said that the ideal date to go on the market is the first half of the year during an interview with a local television channel. In May or June, the market variants are a little different at the latest in September. After September, if you go out to the international market, it is difficult to raise capital, he added, end quote. Yuga Labs, the owner of three of the top NFT brands, including Bored Ape Yacht Club, has raised $450 million. at a $4 billion valuation, led by A16Z to build an NFT media empire. Quoting the Verge. The team describes its Metaverse project called Otherside as an MMORP meant to connect the broader NFT universe. They hope to create, quote, an interoperable world that is gamified and completely decentralized, says Wiley Aranow, a co-founder of Bored Ape Yacht Club, who goes by the pseudonym Gordon Garner.
Starting point is 00:09:51 We think the real Ready Player One experience will be. be player run, end quote. The announcement comes just weeks after Yuga Labs made a major move to consolidate the NFT space acquiring Cryptopunks and Meibits from Larva Labs. The acquisition put three of the most lucrative NFT collections under one roof and gave Yuga Labs a bigger roster of IP to pull from when crafting its game and Metaverse plans. The company also launched a cryptocurrency ape coin last week. The token will be governed independently and used as the primary currency in Yuga Labs' 's properties. Uga Labs is partnering with, quote, a few different game studios to bring other side to life, says CEO Nicole Munez. The game won't be limited to board ape holders, and the company
Starting point is 00:10:32 plans to create development tools that allow NFTs from other projects to work inside their world. We're opening the door to effectively a walled garden and saying, everybody welcome, end quote. To me, Yuga Labs combined with these other emerging Web3 companies are an important counterweight to companies like META. Chris Dixon, who leads Andresen Horowitz's crypto arm, tells the verge. There's a dystopian future where META is this kind of dominant digital experience provider, and all of the money and control goes to that company, end quote. Interestingly, Andresen Horowitz's co-founder, Mark Andresen is on META's board of directors and invested early in Facebook.
Starting point is 00:11:07 Yuga Labs has been financially successful to date. A leaked pitch deck indicates the company made $137 million last year primarily by taking a cut of the transactions tied to its NFT brands, with an astounding 95% profit margin. Yuga Labs declined to comment on figures from the deck. But the company has built fairly little at this point. Its NFT collections have 40,000 users at most, according to OpenC's data, and the company has only released one game for a limited period of time. That means Yuga Labs is essentially being given hundreds of millions of dollars to build
Starting point is 00:11:38 a gaming company, or at least the Web 3ified 2020 version of one, from scratch, off the back of a hugely lucrative art project, end quote. Speaking of Andresen and crypto, Katie Hahn, who left A16Z in 2021, has raised a one and a half billion fund, the largest debut fund by a female VC ever, allotting $500 million for early stage and $1 billion for late stage startups, quoting CNBC. Hahn Ventures kickoff marks the largest debut venture fund ever raised by a solo female founding partner, according to Pitchbook. Former investment banker Mary Meeker held the prior record with a $1.3 billion fund after spinning out from Kleiner Perkins.
Starting point is 00:12:26 Han Ventures will invest in both startup equity and in some cases the cryptocurrencies issued by those startups, also known as tokens. Han, a former federal prosecutor became Andresen's first female general partner in 2018, where she co-led its multiple cryptocurrency funds alongside Chris Dixon. Andresen Horowitz will be a limited partner in Han's newest venture, while Mark Andresen, the firm's founder and Dixon all personally contributed to her new endeavor. Her exit caught many in Silicon Valley off guard. While it was a dream job, Han said the departure was about taking more risk and, quote, stepping out of her comfort zone, end quote. I would also note that Han is also on the board of Coinbase. So maybe this makes Mark Zuckerberg's obsession with having meetings in VR make more sense. According to the Wall Street Journal, Metas, top executives are embracing remote work with gusto. As sources say, Zuckerberg spends extended periods in Hawaii and, Cheryl Sandberg is taking a sabbatical this spring, and, well, quoting the journal,
Starting point is 00:13:30 the company's management team, including Chief Executive Mark Zuckerberg, is scattering to locations far from its Silicon Valley headquarters in an extreme test of the limits of remote work. Naomi Gleet, the company's head of product and one of its longest tenured employees, has relocated to New York. Chief Marketing Officer Alex Schultz plans to move to the UK, and Guy Razen. The company's vice president of integrity will be moving to Israel in the near future, according to a company spokesman. Meanwhile, Javier Olivan, Mata's chief growth officer, has split his time between California and Europe, but is planning to spend more time abroad, the spokesman said.
Starting point is 00:14:04 Mata last week said that it will be doubling its Madrid office in Mr. Olivan's home country of Spain to add 2,000 people over the next five years. Adam Oseri, the head of Instagram in recent months, has been traveling and working remotely from locations including Hawaii, Los Angeles, and Cape Cod, according to people familiar with the matter, and the executive's social media posts. The spokesman said that Mr. Mosaeri has no plans to relocate permanently. Mr. Zuckerberg has also been spending more time away from the company's headquarters in Menlo Park, California, according to people familiar with the matter. Mr. Zuckerberg regularly spends extended periods at his compound in Hawaii and his other homes
Starting point is 00:14:38 outside the Bay Area, the people said. In the short term, Mr. Zuckerberg will also be without the counsel of his longtime number two, chief operating officer Cheryl Sandberg, who is taking a sabbatical this spring as part of the company's program to offer 30 days of paid leave every five years, end quote. Finally today, look, depending on your definition, lots of folks can be like, hey, the metaverse is already here. We don't have to wait for meta to make it. I'm mostly joking in this case, but, you know, Zoom has launched avatars, which lets users show up to Zoom meetings as emoji-like animals and plans to add new video filter avatar options in the future. So, show up in your
Starting point is 00:15:23 meeting as a dolphin or something? That beats Zuckerberg's VR meetings with folks with no legs, quoting the verge. Zoom sees this feature as useful for a lot of different scenarios. In its press release, it mentions showing up with an avatar filter on could, quote, bring some fun to your team-building meetings or help pediatricians seem less intimidating to younger children. There's also the idea that it could help alleviate Zoom fatigue. At least one study has indicated that constantly looking at yourself to make sure you're presentable and reacting appropriately is part of what makes being in video calls all day so tiring. If your Zoom box is showing a giraffe that's mirroring your facial expressions,
Starting point is 00:16:02 that's a lot harder to scrutinize than your actual face. To turn on avatars, Zoom instructs users to click the carrot button, the little up arrow button next to the start, stop video button, then click choose video filter, then pick the animal you want to show up as from the avatars tab. Apparently you can even decide whether your avatar will be wearing a hoodie or a t-shirt. It would just be immersion breaking if you showed up as a fox not appropriately dressed for the weather. You can also optionally choose to always apply the filter whenever you enter a meeting if you want, end quote.
Starting point is 00:16:43 I'm going to record an Internet History podcast episode in a couple of hours, something that I haven't done in a long while, with an exciting former Apple person. Don't worry, I'll share it here with you, too, eventually. Talk to you tomorrow. I don't know.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.