Aug
08
2019
--

‘The Operators’: Experts from Airbnb and Carta on building and managing your company’s customer support

Welcome to this transcribed edition of The Operators. TechCrunch is beginning to publish podcasts from industry experts, with transcriptions available for Extra Crunch members so you can read the conversation wherever you are.

The Operators features insiders from companies like Airbnb, Brex, Docsend, Facebook, Google, Lyft, Carta, Slack, Uber, and WeWork sharing their stories and tips on how to break into fields like marketing and product management. They also share best practices for entrepreneurs on how to hire and manage experts from domains outside their own.

This week’s edition features Airbnb’s Global Product Director of Customer and Community Support Platform Products, Andy Yasutake, and Carta’s Head of Enterprise Relationship Management, Jared Thomas.

Airbnb, one of the most valuable private tech companies in the world, has millions of hosts who trust strangers (guests) to come into their homes and hundreds of millions of guests who trust strangers (hosts) to provide a roof over their head. Carta, a $1 Billion+ company formerly known as eShares, is the leading provider of cap table management and valuation software, with thousands of customers and almost a million individual shareholders as users. Customers and users entrust Carta to manage their investments, a very serious responsibility requiring trust and security.

In this episode, Andy and Jared share with Neil how companies like Airbnb, Carta, and LinkedIn think about customer service, how to get into and succeed in the field and tech generally, and how founders should think about hiring and managing the customer support. With their experiences at two of tech’s trusted companies, Airbnb and Carta, this episode is packed with broad perspectives and deep insights.

image1 2

Neil Devani and Tim Hsia created The Operators after seeing and hearing too many heady, philosophical podcasts about the future of tech, and not enough attention on the practical day-to-day work that makes it all happen.

Tim is the CEO & Founder of Media Mobilize, a media company and ad network, and a Venture Partner at Digital Garage. Tim is an early-stage investor in Workflow (acquired by Apple), Lime, FabFitFun, Oh My Green, Morning Brew, Girls Night In, The Hustle, Bright Cellars, and others.

Neil is an early-stage investor based in San Francisco with a focus on companies building stuff people need, solutions to very hard problems. Companies he’s invested in include Andela, Clearbit, Kudi, Recursion Pharmaceuticals, Solugen, and Vicarious Surgical.

If you’re interested in starting or accelerating your marketing career, or how to hire and manage this function, you can’t miss this episode!

The show:

The Operators brings experts with experience at companies like Airbnb, Brex, Docsend, Facebook, Google, Lyft, Carta, Slack, Uber, WeWork, etc. to share insider tips on how to break into fields like marketing and product management. They also share best practices for entrepreneurs on how to hire and manage experts from domains outside their own.

In this episode:

In Episode 5, we’re talking about customer service. Neil interviews Andy Yasutake, Airbnb’s Global Product Director of Customer and Community Support Platform Products, and Jared Thomas, Carta’s Head of Enterprise Relationship Management.


Neil Devani: Hello and welcome to the Operators, where we talk to entrepreneurs and executives from leading technology companies like Google, Facebook, Airbnb, and Carta about how to break into a new field, how to build a successful career, and how to hire and manage talent beyond your own expertise. We skip over the lofty prognostications from venture capitalists and storytime with founders to dig into the nuts and bolts of how it all works here from the people doing the real day to day work, the people who make it all happen, the people who know what it really takes. The Operators.

Today we are talking to two experts in customer service, one with hundreds of millions of individual paying customers and the other being the industry standard for managing equity investments. I’m your host, Neil Devani, and we’re coming to you today from Digital Garage in downtown San Francisco.

Joining me is Jared Thomas, head of Enterprise Relationship Management at Carta, a $1 billion-plus company after a recent round of financing led by Andreessen Horowitz. Carta, formerly known as eShares, is the leading provider of cap table management and valuation software with thousands of customers and almost a million individual shareholders as users. Customers and users trust Carta to manage their investments, a very serious responsibility requiring trust and security.

Also joining us is Andy Yasutake, the Global Product Director of Customer and Community Support Platform Products at Airbnb, one of the most valuable private tech startups today. Airbnb has millions of hosts who are trusting strangers to come into their homes and hundreds of millions of guests who are trusting someone to provide a roof over their head. The number of cases and types of cases that Andy and his team have to think about and manage boggle the mind. Jared and Andy, thank you for joining us.

Andy Yasutake: Thank you for having us.

Jared Thomas: Thank you so much.

Devani: To start, Andy, can you share your background and how you got to where you are today?

Yasutake: Sure. I’m originally from southern California. I was born and raised in LA. I went to USC for undergrad, University of Southern California, and I actually studied psychology and information systems.

Late-90s, the dot com was going on, I’d always been kind of interested in tech, went into management consulting at interstate consulting that became Accenture, and was in consulting for over 10 years and always worked on large systems of implementation of technology projects around customers. So customer service, sales transformation, anything around CRM, as kind of a foundation, but it was always very technical, but really loved the psychology part of it, the people side.

And so I was always on multiple consulting projects and one of the consulting projects with actually here in the Bay Area. I eventually moved up here 10 years ago and joined eBay, and at eBay I was the director of product for the customer services organization as well. And was there for five years.

I left for Linkedin, so another rocket ship that was growing and was the senior director of technology solutions and operations where I had all the kind of business enabling functions as well as the technology, and now have been at Airbnb for about four months. So I’m back to kind of my, my biggest passion around products and in the customer support and community experience and customer service world.

Aug
05
2019
--

Cybereason raises $200 million for its enterprise security platform

Cybereason, which uses machine learning to increase the number of endpoints a single analyst can manage across a network of distributed resources, has raised $200 million in new financing from SoftBank Group and its affiliates. 

It’s a sign of the belief that SoftBank has in the technology, since the Japanese investment firm is basically doubling down on commitments it made to the Boston-based company four years ago.

The company first came to our attention five years ago when it raised a $25 million financing from investors, including CRV, Spark Capital and Lockheed Martin.

Cybereason’s technology processes and analyzes data in real time across an organization’s daily operations and relationships. It looks for anomalies in behavior across nodes on networks and uses those anomalies to flag suspicious activity.

The company also provides reporting tools to inform customers of the root cause, the timeline, the person involved in the breach or breaches, which tools they use and what information was being disseminated within and outside of the organization.

For co-founder Lior Div, Cybereason’s work is the continuation of the six years of training and service he spent working with the Israeli army’s 8200 Unit, the military incubator for half of the security startups pitching their wares today. After his time in the military, Div worked for the Israeli government as a private contractor reverse-engineering hacking operations.

Over the last two years, Cybereason has expanded the scope of its service to a network that spans 6 million endpoints tracked by 500 employees, with offices in Boston, Tel Aviv, Tokyo and London.

“Cybereason’s big data analytics approach to mitigating cyber risk has fueled explosive expansion at the leading edge of the EDR domain, disrupting the EPP market. We are leading the wave, becoming the world’s most reliable and effective endpoint prevention and detection solution because of our technology, our people and our partners,” said Div, in a statement. “We help all security teams prevent more attacks, sooner, in ways that enable understanding and taking decisive action faster.”

The company said it will use the new funding to accelerate its sales and marketing efforts across all geographies and push further ahead with research and development to make more of its security operations autonomous.

“Today, there is a shortage of more than three million level 1-3 analysts,” said Yonatan Striem-Amit, chief technology officer and co-founder, Cybereason, in a statement. “The new autonomous SOC enables SOC teams of the future to harness technology where manual work is being relied on today and it will elevate  L1 analysts to spend time on higher value tasks and accelerate the advanced analysis L3 analysts do.”

Most recently the company was behind the discovery of Operation SoftCell, the largest nation-state cyber espionage attack on telecommunications companies. 

That attack, which was either conducted by Chinese-backed actors or made to look like it was conducted by Chinese-backed actors, according to Cybereason, targeted a select group of users in an effort to acquire cell phone records.

As we wrote at the time:

… hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven years to obtain massive amounts of call records — including times and dates of calls, and their cell-based locations — on at least 20 individuals.

Researchers at Boston-based Cybereason, who discovered the operation and shared their findings with TechCrunch, said the hackers could track the physical location of any customer of the hacked telcos — including spies and politicians — using the call records.

Lior Div, Cybereason’s co-founder and chief executive, told TechCrunch it’s “massive-scale” espionage.

Call detail records — or CDRs — are the crown jewels of any intelligence agency’s collection efforts. These call records are highly detailed metadata logs generated by a phone provider to connect calls and messages from one person to another. Although they don’t include the recordings of calls or the contents of messages, they can offer detailed insight into a person’s life. The National Security Agency  has for years controversially collected the call records of Americans from cell providers like AT&T and Verizon (which owns TechCrunch), despite the questionable legality.

It’s not the first time that Cybereason has uncovered major security threats.

Back when it had just raised capital from CRV and Spark, Cybereason’s chief executive was touting its work with a defense contractor who’d been hacked. Again, the suspected culprit was the Chinese government.

As we reported, during one of the early product demos for a private defense contractor, Cybereason identified a full-blown attack by the Chinese — 10,000 thousand usernames and passwords were leaked, and the attackers had access to nearly half of the organization on a daily basis.

The security breach was too sensitive to be shared with the press, but Div says that the FBI was involved and that the company had no indication that they were being hacked until Cybereason detected it.

May
17
2019
--

Under the hood on Zoom’s IPO, with founder and CEO Eric Yuan

Extra Crunch offers members the opportunity to tune into conference calls led and moderated by the TechCrunch writers you read every day. This week, TechCrunch’s Kate Clark sat down with Eric Yuan, the founder and CEO of video communications startup Zoom, to go behind the curtain on the company’s recent IPO process and its path to the public markets.

Since hitting the trading desks just a few weeks ago, Zoom stock is up over 30%. But the Zoom’s path to becoming a Silicon Valley and Wall Street darling was anything but easy. Eric tells Kate how the company’s early focus on profitability, which is now helping drive the stock’s strong performance out of the gate, actually made it difficult to get VC money early on, and the company’s consistent focus on user experience led to organic growth across different customer bases.

Eric: I experienced the year 2000 dot com crash and the 2008 financial crisis, and it almost wiped out the company. I only got seed money from my friends, and also one or two VCs like AME Cloud Ventures and Qualcomm Ventures.

nd all other institutional VCs had no interest to invest in us. I was very paranoid and always thought “wow, we are not going to survive next week because we cannot raise the capital. And on the way, I thought we have to look into our own destiny. We wanted to be cash flow positive. We wanted to be profitable.

nd so by doing that, people thought I wasn’t as wise, because we’d probably be sacrificing growth, right? And a lot of other companies, they did very well and were not profitable because they focused on growth. And in the future they could be very, very profitable.

Eric and Kate also dive deeper into Zoom’s founding and Eric’s initial decision to leave WebEx to work on a better video communication solution. Eric also offers his take on what the future of video conferencing may look like in the next five to 10 years and gives advice to founders looking to build the next great company.

For access to the full transcription and the call audio, and for the opportunity to participate in future conference calls, become a member of Extra Crunch. Learn more and try it for free. 

Kate Clark: Well thanks for joining us Eric.

Eric Yuan: No problem, no problem.

Kate: Super excited to chat about Zoom’s historic IPO. Before we jump into questions, I’m just going to review some of the key events leading up to the IPO, just to give some context to any of the listeners on the call.

May
16
2019
--

OpenFin raises $17 million for its OS for finance

OpenFin, the company looking to provide the operating system for the financial services industry, has raised $17 million in funding through a Series C round led by Wells Fargo, with participation from Barclays and existing investors including Bain Capital Ventures, J.P. Morgan and Pivot Investment Partners. Previous investors in OpenFin also include DRW Venture Capital, Euclid Opportunities and NYCA Partners.

Likening itself to “the OS of finance,” OpenFin seeks to be the operating layer on which applications used by financial services companies are built and launched, akin to iOS or Android for your smartphone.

OpenFin’s operating system provides three key solutions which, while present on your mobile phone, has previously been absent in the financial services industry: easier deployment of apps to end users, fast security assurances for applications and interoperability.

Traders, analysts and other financial service employees often find themselves using several separate platforms simultaneously, as they try to source information and quickly execute multiple transactions. Yet historically, the desktop applications used by financial services firms — like trading platforms, data solutions or risk analytics — haven’t communicated with one another, with functions performed in one application not recognized or reflected in external applications.

“On my phone, I can be in my calendar app and tap an address, which opens up Google Maps. From Google Maps, maybe I book an Uber . From Uber, I’ll share my real-time location on messages with my friends. That’s four different apps working together on my phone,” OpenFin CEO and co-founder Mazy Dar explained to TechCrunch. That cross-functionality has long been missing in financial services.

As a result, employees can find themselves losing precious time — which in the world of financial services can often mean losing money — as they juggle multiple screens and perform repetitive processes across different applications.

Additionally, major banks, institutional investors and other financial firms have traditionally deployed natively installed applications in lengthy processes that can often take months, going through long vendor packaging and security reviews that ultimately don’t prevent the software from actually accessing the local system.

OpenFin CEO and co-founder Mazy Dar (Image via OpenFin)

As former analysts and traders at major financial institutions, Dar and his co-founder Chuck Doerr (now president & COO of OpenFin) recognized these major pain points and decided to build a common platform that would enable cross-functionality and instant deployment. And since apps on OpenFin are unable to access local file systems, banks can better ensure security and avoid prolonged yet ineffective security review processes.

And the value proposition offered by OpenFin seems to be quite compelling. OpenFin boasts an impressive roster of customers using its platform, including more than 1,500 major financial firms, almost 40 leading vendors and 15 of the world’s 20 largest banks.

More than 1,000 applications have been built on the OS, with OpenFin now deployed on more than 200,000 desktops — a noteworthy milestone given that the ever-popular Bloomberg Terminal, which is ubiquitously used across financial institutions and investment firms, is deployed on roughly 300,000 desktops.

Since raising their Series B in February 2017, OpenFin’s deployments have more than doubled. The company’s headcount has also doubled and its European presence has tripled. Earlier this year, OpenFin also launched it’s OpenFin Cloud Services platform, which allows financial firms to launch their own private local app stores for employees and customers without writing a single line of code.

To date, OpenFin has raised a total of $40 million in venture funding and plans to use the capital from its latest round for additional hiring and to expand its footprint onto more desktops around the world. In the long run, OpenFin hopes to become the vital operating infrastructure upon which all developers of financial applications are innovating.

Apple and Google’s mobile operating systems and app stores have enabled more than a million apps that have fundamentally changed how we live,” said Dar. “OpenFin OS and our new app store services enable the next generation of desktop apps that are transforming how we work in financial services.”

May
13
2019
--

Slack aims to be the most important software company in the world, says CEO

Slack this morning disclosed estimated preliminary financial results for the first quarter of 2019 ahead of a direct listing planned for June 20.

Citing an addition of paid customers, the workplace messaging service posted revenues of about $134 million, up 66% from $81 million in the first quarter of 2018. Losses from operations increased from $26 million in Q1 2018 to roughly $39 million this year.

In addition to filing updated paperwork, the Slack executive team gathered on Monday to make a final pitch to potential shareholders, emphasizing its goal of replacing email within enterprises across the world.

“People deserve to do the best work of their lives,” Slack co-founder and chief executive officer Stewart Butterfield said in a video released alongside a live stream of its investor day event. “This desire of feeling aligned with your team, of removing confusion, of getting clarity; the desire for support in doing the best work of your life, that’s universal, that’s deeply human. It appeals to people with all kinds of roles, in all kinds of industries, at all scales of organization and all cultures.”

“We believe that whoever is able to unlock that potential for people … is going to be the most important software company in the world. We aim to be that company,” he added.”

Slack, valued at more than $7 billion with its last round of venture capital funding, plans to list on the NYSE under the ticker symbol “SK.”

The business filed to go public in April as other well-known tech companies were finalizing their initial public offerings. Following Uber’s disastrous IPO last week, public and private market investors alike will be keeping a close-eye on Slack’s stock market performance, which may determine Wall Street’s future appetite for Silicon Valley’s unicorns.

Though some of the recent tech IPOs performed famously, like Zoom, Uber and Lyft’s performance has served as a cautionary tale for going out in poor market conditions with lofty valuations. Uber began trading last week at below its IPO price of $45 and is today down significantly at just $36 per share. Lyft, for its part, is selling for $47.5 apiece today after pricing at $72 per share in March.

Slack isn’t losing billions per year like Uber, but it’s also not as close to profitability as expected. In the year ending January 31, 2019, Slack posted a net loss of $138.9 million and revenue of $400.6 million. That’s compared to a loss of $140.1 million on revenue of $220.5 million for the year ending January 31, 2018. In its S-1, the company attributed its losses to scaling the business and capitalizing on its market opportunity.

Workplace messaging startup Slack said Monday, February 4, 2019 it had filed a confidential registration for an initial public offering, becoming the latest of a group of richly valued tech enterprises to look to Wall Street. (Photo by Eric BARADAT / AFP) (Photo credit should read ERIC BARADAT/AFP/Getty Images)

Slack currently boasts more than 10 million daily active users across more than 600,000 organizations — 88,000 on the paid plan and 550,000 on the free plan.

Slack has been able to bypass the traditional roadshow process expected of an IPO-ready business, opting for a path to Wall Street popularized by Spotify in 2018. The company plans to complete in mid-June a direct listing, which allows companies to forgo issuing new shares and instead sell directly to the market existing shares held by insiders, employees and investors. The date, however, is subject to change.

Slack has previously raised a total of $1.2 billion in funding from investors, including Accel, Andreessen Horowitz, Social Capital, SoftBank, Google Ventures and Kleiner Perkins.

Apr
10
2019
--

The right way to do AI in security

Artificial intelligence applied to information security can engender images of a benevolent Skynet, sagely analyzing more data than imaginable and making decisions at lightspeed, saving organizations from devastating attacks. In such a world, humans are barely needed to run security programs, their jobs largely automated out of existence, relegating them to a role as the button-pusher on particularly critical changes proposed by the otherwise omnipotent AI.

Such a vision is still in the realm of science fiction. AI in information security is more like an eager, callow puppy attempting to learn new tricks – minus the disappointment written on their faces when they consistently fail. No one’s job is in danger of being replaced by security AI; if anything, a larger staff is required to ensure security AI stays firmly leashed.

Arguably, AI’s highest use case currently is to add futuristic sheen to traditional security tools, rebranding timeworn approaches as trailblazing sorcery that will revolutionize enterprise cybersecurity as we know it. The current hype cycle for AI appears to be the roaring, ferocious crest at the end of a decade that began with bubbly excitement around the promise of “big data” in information security.

But what lies beneath the marketing gloss and quixotic lust for an AI revolution in security? How did AL ascend to supplant the lustrous zest around machine learning (“ML”) that dominated headlines in recent years? Where is there true potential to enrich information security strategy for the better – and where is it simply an entrancing distraction from more useful goals? And, naturally, how will attackers plot to circumvent security AI to continue their nefarious schemes?

How did AI grow out of this stony rubbish?

The year AI debuted as the “It Girl” in information security was 2017. The year prior, MIT completed their study showing “human-in-the-loop” AI out-performed AI and humans individually in attack detection. Likewise, DARPA conducted the Cyber Grand Challenge, a battle testing AI systems’ offensive and defensive capabilities. Until this point, security AI was imprisoned in the contrived halls of academia and government. Yet, the history of two vendors exhibits how enthusiasm surrounding security AI was driven more by growth marketing than user needs.

Apr
05
2019
--

On balance, the cloud has been a huge boon to startups

Today’s startups have a distinct advantage when it comes to launching a company because of the public cloud. You don’t have to build infrastructure or worry about what happens when you scale too quickly. The cloud vendors take care of all that for you.

But last month when Pinterest announced its IPO, the company’s cloud spend raised eyebrows. You see, the company is spending $750 million a year on cloud services, more specifically to AWS. When your business is primarily focused on photos and video, and needs to scale at a regular basis, that bill is going to be high.

That price tag prompted Erica Joy, a Microsoft engineer to publish this Tweet and start a little internal debate here at TechCrunch. Startups, after all, have a dog in this fight, and it’s worth exploring if the cloud is helping feed the startup ecosystem, or sending your bills soaring as they have with Pinterest.

For starters, it’s worth pointing out that Ms. Joy works for Microsoft, which just happens to be a primary competitor of Amazon’s in the cloud business. Regardless of her personal feelings on the matter, I’m sure Microsoft would be more than happy to take over that $750 million bill from Amazon. It’s a nice chunk of business, but all that aside, do startups benefit from having access to cloud vendors?

Mar
28
2019
--

Microsoft gives 500 patents to startups

Microsoft today announced a major expansion of its Azure IP Advantage program, which provides its Azure users with protection against patent trolls. This program now also provides customers who are building IoT solutions that connect to Azure with access to 10,000 patents to defend themselves against intellectual property lawsuits.

What’s maybe most interesting here, though, is that Microsoft is also donating 500 patents to startups in the LOT Network. This organization, which counts companies like Amazon, Facebook, Google, Microsoft, Netflix, SAP, Epic Games, Ford, GM, Lyft and Uber among its close to 400 members, is designed to protect companies against patent trolls by giving them access to a wide library of patents from its member companies and other sources.

“The LOT Network is really committed to helping address the proliferation of intellectual property lawsuits, especially ones that are brought by non-practicing entities, or so-called trolls,” Microsoft  CVP and Deputy General Counsel Erich Andersen told me. 

This new program goes well beyond basic protection from patent trolls, though. Qualified startups who join the LOT Network can acquire Microsoft patents as part of their free membership and as Andersen stressed, the startups will own them outright. The LOT network will be able to provide its startup members with up to three patents from this collection.

There’s one additional requirement here, though: To qualify for getting the patents, these startups also have to meet a $1,000 per month Azure spend. As Andersen told me, though, they don’t have to make any kind of forward pledge. The company will simply look at a startup’s last three monthly Azure bills.

“We want to help the LOT Network grow its network of startups,” Andersen said. “To provide an incentive, we are going to provide these patents to them.” He noted that startups are obviously interested in getting access to patents as a foundation of their companies, but also to raise capital and to defend themselves against trolls.

The patents we’re talking about here cover a wide range of technologies as well as geographies. Andersen noted that we’re talking about U.S. patents as well as European and Chinese patents, for example.

“The idea is that these startups come from a diverse set of industry sectors,” he said. “The hope we have is that when they approach LOT, they’ll find patents among those 500 that are going to be interesting to basically almost any company that might want a foundational set of patents for their business.”

As for the extended Azure IP Advantage program, it’s worth noting that every Azure customer who spends more than $1,000 per month over the past three months and hasn’t filed a patent infringement lawsuit against another Azure customer in the last two years can automatically pick one of the patents in the program’s portfolio to protect itself against frivolous patent lawsuits from trolls (and that’s a different library of patents from the one Microsoft is donating to the LOT Network as part of the startup program).

As Andersen noted, the team looked at how it could enhance the IP program by focusing on a number of specific areas. Microsoft is obviously investing a lot into IoT, so extending the program to this area makes sense. “What we’re basically saying is that if the customer is using IoT technology — regardless of whether it’s Microsoft technology or not — and it’s connected to Azure, then we’re going to provide this patent pick right to help customers defend themselves against patent suits,” Andersen said.

In addition, for those who do choose to use Microsoft IoT technology across the board, Microsoft will provide indemnification, too.

Patent trolls have lately started acquiring IoT patents, so chances are they are getting ready to make use of them and that we’ll see quite a bit of patent litigation in this space in the future. “The early signs we’re seeing indicate that this is something that customers are going to care about in the future,” said Andersen.

Mar
11
2019
--

Dozens of companies leaked sensitive data thanks to misconfigured Box accounts

Security researchers have found dozens of companies inadvertently leaking sensitive corporate and customer data because staff are sharing public links to files in their Box enterprise storage accounts that can easily be discovered.

The discoveries were made by Adversis, a cybersecurity firm, which found major tech companies and corporate giants had left data inadvertently exposed. Although data stored in Box enterprise accounts is private by default, users can share files and folders with anyone, making data publicly accessible with a single link. But Adversis said these secret links can be discovered by others. Using a script to scan for and enumerate Box accounts with lists of company names and wildcard searches, Adversis found more than 90 companies with publicly accessible folders.

Not even Box’s own staff were immune from leaking data.

The company said while much of the data is legitimately public and Box advises users how to minimize risks, many employees may not know the sensitive data they share can be found by others.

Worse, some public folders were scraped and indexed by search engines, making the data found more easily.

In a blog post, Adversis said Box administrators should reconfigure the default access for shared links to “people in your company” to reduce accidental exposure of data to the public.

Adversis said it found passport photos, bank account and Social Security numbers, passwords, employee lists, financial data like invoices and receipts and customer data among the data found. The company contacted Box to warn of the larger exposures of sensitive data, but noted that there was little overall improvement six months after its initial disclosure.

“There is simply too much out there and not enough time to resolve each individually,” he said.

Adversis provided TechCrunch with a list of known exposed Box accounts. We contacted several of the big companies named, as well as those known to have highly sensitive data, including:

  • Amadeus, the flight reservation system maker, which left a folder full of documents and application files associated with Singapore Airlines. Earlier this year, researchers found flaws that made it easy to change reservations booked with Amadeus.
  • Apple had several folders exposed, containing what appeared to be non-sensitive internal data, such as logs and regional price lists.
  • Television network Discovery had more than a dozen folders listed, including database dumps of millions of customers names and email addresses. The folders also contained some demographic information and developer project files, including casting contracts and notes and tax documents.
  • Edelman, the global public relations firm, had an entire project proposal for working with the New York City mass transit division, including detailed proposal plans and more than a dozen resumes of potential staff for the project — including their names, email addresses, and phone numbers.
  • Nutrition giant Herbalife left several folders exposed containing files and spreadsheets on about 100,000 customers, including their names, email addresses and phone numbers.
  • Opportunity International, a nonprofit aimed at ending global poverty, exposed in a massive spreadsheet a list of donor names, addresses and amount given.
  • Schneider Electric left dozens of customer orders accessible to anyone, including sludge works and pump stations for several towns and cities. Each folder had an installation “sequence of operation” document, which included both default passwords and in some cases “backdoor” access passwords in case of forgotten passwords.
  • PointCare, a medical insurance coverage management software company, had thousands of patient names and insurance information exposed. Some of the data included the last four digits of Social Security numbers.
  • United Tissue Network, a whole-body donation nonprofit, exposed body donor information and personal information of donors in a vast spreadsheet, including the prices of body parts.

Box, which initially had no comment when we reached out, had several folders exposed. The company exposed signed non-disclosure agreements on their clients, including several U.S. schools, as well as performance metrics of its own staff, the researchers said.

Box spokesperson Denis Roy said in a statement: “We take our customers’ security seriously and we provide controls that allow our customers to choose the right level of security based on the sensitivity of the content they are sharing. In some cases, users may want to share files or folders broadly and will set the permissions for a custom or shared link to public or ‘open’. We are taking steps to make these settings more clear, better help users understand how their files or folders can be shared, and reduce the potential for content to be shared unintentionally, including both improving admin policies and introducing additional controls for shared links.”

The cloud giant said it plans to reduce the unintended discovery of public files and folders.

Amadeus, Apple, Box, Discovery, Herbalife, Edelman and PointCare all reconfigured their enterprise accounts to prevent access to their leaking files after TechCrunch reached out.

Amadeus spokesperson Alba Redondo said the company decommissioned Box in October and blamed the exposure on an account that was “misconfigured in public mode,” which has now been corrected and external access to it is now closed. “We continue to investigate this issue and confirm there has been no unauthorized access of our system,” said the spokesperson, without explanation. “There is no evidence that confidential information or any information containing personal data was impacted by this issue,” the spokesperson added.

When we asked Amadeus how it concluded there was no improper access, another spokesperson, Ben Hunt, said: “We have the full audit trail for Box and access of these files — none of the files have been downloaded outside of either Amadeus or authorized customers.”

The spokesperson declined to explain its statement when told files were downloaded to verify their contents.

PointCare chief executive Everett Lebherz confirmed its leaking files had been “removed and Box settings adjusted.” Edelman’s global marketing chief Michael Bush said the company was “looking into this matter.”

Herbalife spokesperson Jennifer Butler said the company was “looking into it,” but we did not hear back after several follow-ups. (Butler declared her email “off the record,” which requires both parties agree to the terms in advance, but we are printing the reply as we were given no opportunity to reject the terms.)

When reached, an Apple spokesperson did not comment by the time of publication.

Discovery, Opportunity International, Schneider Electric and United Tissue Network did not return a request for comment.

Data “dumpster diving” is not a new hobby for the skilled, but it’s a necessary sub-industry to fix an emerging category of data breaches: leaking, public and exposed data that shouldn’t be. It’s a growing space that we predicted would grow as more security researchers look to find and report data leaks.

This year alone, we’ve reported data leaks at Dow Jones, Rubrik, NASA, AIESEC, Uber, the State Bank of India, two massive batches of Indian Aadhaar numbers, a huge leak of mortgage and loan data and several Chinese government surveillance systems.

Adversis has open-sourced and published its scanning tool.

Feb
04
2019
--

Workplace messaging platform Slack has confidentially filed to go public

Slack, the provider of workplace communication and collaboration tools, has submitted paperwork with the Securities and Exchange Commission to go public later this year, the company announced on Monday.

This is its first concrete step toward becoming a publicly listed company, five years after it launched.

Headquartered in San Francisco, Slack has raised more than $1 billion in venture capital investment, including a $427 million funding round in August. The round valued the business at $7.1 billion, cementing its position as one of the most valuable privately held businesses in the U.S.

The company counted 10 million daily active users around the world and 85,000 paying users as of January 2019. According to data provided (via email) by SensorTower, Slack’s new users on mobile increased roughly 21 percent last quarter compared to Q4 2017, while total installs on mobile grew 24 million. The company recorded 8 million installs in 2018, up 21 percent year-over-year.

Slack’s investors include SoftBank’s Vision Fund, Dragoneer Investment Group, General Atlantic, T. Rowe Price Associates, Wellington Management, Baillie Gifford, Social Capital and IVP, as well as early investors Accel and Andreessen Horowitz.

Slack is one of several tech unicorns on deck to go public this year. Uber and Lyft have both similarly filed confidentially to go public in what are expected to be traditional initial public offerings. Slack, however, is expected to pursue a direct listing, following in Spotify’s footsteps. Instead of issuing new shares, Slack will sell directly to the market existing shares held by insiders, employees and investors, a move that will allow it to bypass a roadshow and some of Wall Street’s exorbitant IPO fees.

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com