Cyber Saturday—Denver Votes on Blockchain, Facebook Password Snafu, ‘LockerGoga’ Ransomware

Leek soup. Facebook accidentally stored hundreds of millions of people's passwords in plaintext. Elsevier, the scientific journal publisher, accidentally exposed subscribers' email addresses and passwords. Motherboard says it has been trying to alert an unnamed consumer spyware company that it has leaked 20 gigabytes of users' audio and video files, but the company has not replied after the reporters' weeks of attempts to get in touch. By the way, if you're wondering what the owner of a company feels like after accidentally leaking millions of people's personal information, Wired has you covered.

Out of control. Facebook, YouTube, and other tech concerns utterly failed to keep copies of the Christchurch massacre from proliferating on their sites, a failing that speaks to the magnitude of the content moderation problem they face. The New York Times' editorial board is calling on these companies to limit their "own usability and reach" in the interest of public safety. Meanwhile, the creator of 8chan, a den of Nazi-inspired hatred where the shooter allegedly posted a comment before committing his heinous acts, told the Wall Street Journal he has misgivings about how the site has devolved into a cesspit of hatred. If society is going to address the rampant spread of toxic speech online, then the internet needs "to be totally redesigned and re-engineered with more censorship in mind," he said.

Norwegian wouldn't. Norway's Norsk Hydro, one of the world's biggest aluminum companies, succumbed to a crippling ransomware attack that affected global plant operations on Tuesday. Recorded Future, a threat intelligence firm, published some insights about the type of malware, called LockerGoga, while Kevin Beaumont, an information security expert, explained how the attack likely went down. With help from Microsoft, Norsk has begun restoring its systems from backups. Relatedly, two other businesses, Hexion and Momentive, both American chemical companies, were hit by similar attacks, reports Motherboard.

News you can use. Google released a couple of tools to curb the spread of misinformation online. The first helps news organizations tag "debunking" stories to give them a search engine boost, while the second offers a database of these fact-checking stories which journalists can draw from in their reporting. Facebook's WhatsApp is also testing a fake news-fighting tool that reveals the original source of media shared and forwarded within the app.

Share today's Cyber Saturday with a friend:

http://fortune.com/newsletter/cybersaturday/

Looking for previous Data Sheets? Click here

Private eyes. World governments are increasingly buying spyware, intelligence, and disinformation services from a crop of shady private firms, many based in the Middle East. The New York Times delved into this bustling, mercenary market in an investigation this week. Political regimes are using tools created by companies such as NSO Group and DarkMatter for all sorts of purposes, ranging from hacking drug cartels and terrorist groups to spying on journalists and political dissidents.

Today even the smallest countries can buy digital espionage services, enabling them to conduct sophisticated operations like electronic eavesdropping or influence campaigns that were once the preserve of major powers like the United States and Russia. Corporations that want to scrutinize competitors' secrets, or a wealthy individual with a beef against a rival, can also command intelligence operations for a price, akin to purchasing off-the-shelf elements of the National Security Agency or the Mossad.

NSO and a competitor, the Emirati firm DarkMatter, exemplify the proliferation of privatized spying. A monthslong examination by The New York Times, based on interviews with current and former hackers for governments and private companies and others as well as a review of documents, uncovered secret skirmishes in this burgeoning world of digital combat.

Facebook Left Hundreds of Millions of Passwords Unencrypted. Here's How to Change Yours Right Now by Alyssa Newcomb

House Oversight Committee Investigating Jared Kushner's Use of WhatsApp for Foreign Communications by Renae Reints

Tesla Accuses Former Employees and Start-Up Zoox of Stealing Trade Secrets In Lawsuit by Erin Corbett

Most Companies Aren't Ready for California's Tough New Privacy Law by Danielle Abril

Jeff Bezos Texts May Have Been Leaked to the National Enquirer by Girlfriend's Brother by Don Reisinger

New Zealand Criticizes Facebook's Handling of Mosque Attack Footage by Grace Dobush

FUDdruckers. The cybersecurity market is so overcrowded that vendors are resorting to intensely aggressive scare tactics to grab the attention of corporate security executives: lies, blackmail, and other unsavory ploys, reports CNBC. One common method is to frame minor issues as emergencies, and then to pivot into sales pitches. The overload of misdirection may be damaging the security postures of big businesses: "as one executive said, 'I distrust most of them [vendors], so it's possible I miss the people who may be trying to raise actual issues.'"