# 620 million accounts stolen from 16 hacked websites now for sale on dark web, seller boasts

**[theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/](https://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/)**

Chris Williams

**[Security](https://www.theregister.co.uk/security/)**

## Dubsmash, Armor Games, 500px, Whitepages, ShareThis, and more said to be up for grabs for $$$s in BTC

[Chris Williams, Editor in Chief Mon 11 Feb 2019 // 23:55 UTC](https://www.theregister.co.uk/Author/Chris-Williams)
**48**

Exclusive Some 617 million online account details stolen from 16 hacked websites are on
sale from today on the dark web, according to the data trove's seller.

For less than $20,000 in Bitcoin, it is claimed, the following pilfered account databases can
be purchased from the Dream Market cyber-souk, located in the Tor network:

Dubsmash (162 million), MyFitnessPal (151 million), MyHeritage (92 million), ShareThis (41
million), HauteLook (28 million), Animoto (25 million), EyeEm (22 million), 8fit (20 million),
Whitepages (18 million), Fotolog (16 million), 500px (15 million), Armor Games (11 million),
BookMate (8 million), CoffeeMeetsBagel (6 million), Artsy (1 million), and DataCamp
(700,000).

Sample account records from the multi-gigabyte databases seen by The Register appear to
be legit: they consist mainly of account holder names, email addresses, and passwords.
These passwords are hashed, or one-way encrypted, and must therefore be cracked before
they can be used.

There are a few other bits of information, depending on the site, such as location, personal
details, and social media authentication tokens. There appears to be no payment or bank
card details in the sales listings.

### Who are the buyers?

These silos of purportedly purloined information are aimed at spammers and credential
stuffers, which is why copies are relatively cheap to buy. The stuffers will take usernames
and passwords leaked from one site to log into accounts on other websites where the users
have used the same credentials.


-----

So, for example, someone buying the purported 500px database could decode the weaker
passwords in the list, because some were hashed using the obsolete MD5 algorithm, and
then try to use the email address and cracked password combinations to log into, say,
strangers' Gmail or Facebook accounts, where the email address and passwords have been
reused.

All of the databases are right now being touted separately by one hacker, who says he or
she typically exploited security vulnerabilities within web apps to gain remote-code execution
and then extract user account data. The records were swiped mostly during 2018, we're told,
and went on sale this week.

The seller, who is believed to be located outside of the US, told us the Dubsmash data has
been purchased by at least one person.

Some of the websites – particularly MyHeritage, MyFitnessPal, and Animoto – were known
to have been hacked as they warned their customers last year that they had been
compromised, whereas the others are seemingly newly disclosed security breaches. In other
words, this is the first time we've heard these other sites have been allegedly hacked. This
also marks the first time this data, for all of the listed sites, has been peddled publicly, again if
all the sellers' claims are true.

### Is this legit?

A spokesperson for MyHeritage confirmed samples from its now-for-sale database are real,
[and were taken from its servers in October 2017, a cyber-break-in it told the world about in](https://www.theregister.com/2018/06/09/what_got_breached_this_week_ticket_portals_dna_sites_and_atlantas_police_cameras/)
2018. ShareThis, CoffeeMeetsBagel, 8fit, 500px, DataCamp, and EyeEm also confirmed
their account data was stolen from their servers and put up for sale this week in the seller's
collection. This lends further credibility to the data trove.

Last week, half a dozen of the aforementioned sites were listed on Dream Market by the
seller: when we spotted them, we alerted Dubsmash, Animoto, EyeEm, 8fit, Fotolog, and
500px that their account data was potentially being touted on the dark web.

Over the weekend, the underground bazaar was mostly knocked offline, apparently by a
distributed denial-of-service attack. On Monday this week, the underworld marketplace
returned to full strength, and the seller added the rest of the sites. We contacted all of them
to alert them, and ask for a response. Meanwhile, Dream Market has been smashed offline
again.

Here's a summary of what is, or briefly was, purported to be on sale:


-----

**Dubsmash: 161,549,210 accounts for 0.549 BTC ($1,976) total**
11GB of data taken in December 2018. Each account record contains the user ID,
SHA256-hashed password, username, email address, language, country, plus for
some, but not all the users, the first and the last name. This alleged security breach
has not been previously publicly disclosed. Dubsmash is a video-messaging
application popular with millennials and younger folk.

New York City-based Dubsmash has hired law firm Lewis Brisbois to probe the online
sale. Partner Simone McCormick told us:

Our office has been retained to assist Dubsmash in this matter. Thank you for your
alert. We immediately launched an investigation. We plan to notify any and all
individuals as appropriate. Again, thank you for bringing this to our attention.


-----

**500px: 14,870,304 accounts for 0.217 BTC ($780) total**
1.5GB of data taken July 2018. Each account record contains the username, email
address, MD5-, SHA512- or bcrypt-hashed password, hash salt, first and last name,
and if provided, birthday, gender, and city and country. 500px is a social-networking site
for photographers and folks interested in photography.

"Our engineering team is currently investigating and if we can confirm there was a
breach we will take the necessary steps to inform our users as per GDPR standards,"
500px spokesperson Stephanie Newell told us.

**Update: 500px staff are now notifying their users that the site was indeed hacked, and**
will reset everyone's passwords, starting with the ones weakly hashed using MD5.

"We are able to confirm a breach occurred," Newell told us. "Our engineers
immediately launched a comprehensive review of our systems and have since taken
every precaution to secure them. All areas of vulnerability have been identified and
fixed during our internal investigation, and we’ve found no evidence to date of any
recurrence of the issue.

"We are currently working on notifying our entire user base, however, given the amount
of users affected, this task will span one day at minimum. We’ve taken every
precaution to ensure our users' data is safe. A system-wide password reset is currently
underway for all users, prioritized in order of accounts with the highest potential risk,
and we have already forced a reset of all MD5-encrypted passwords."

In addition, 500px, which is based in Canada, said it has taken the following steps to
shore up its security:

- Vetted access to our servers, databases, and other sensitive data-storage services.

- Analyzed and are continuing to monitor our source code, both public-facing and
internal, to improve our security protocols and protect against security issues.

- We have partnered with leading experts in cyber security to further secure our
website, mobile apps, internal systems, and security processes.

- Modifications to our our internal software development process.

- Reviewing the PII [personally identifying information] data we collect from users and
how it is used on our platform.

- We are continuing to upgrade our network infrastructure. Over the last 12 months, we
have undertaken a major upgrade to our network infrastructure—this project is nearing
completion, and will also offer a significant increase in security.


-----

**EyeEm: 22,360,765 accounts for 0.289 BTC ($1,040) total**
1.7GB of data taken February 2018. Each account record contains an email address
and SHA1-hashed password, although about three million are missing an email
address. This security breach has not been previously publicly disclosed. Germanybased EyeEm is an online hangout for photographers. A spokesperson did not respond
to a request for comment.

**Update: EyeEm has** [told its customers it was hacked, and forced a reset of their](https://twitter.com/ryanzhiyou/status/1095442154665566208)
passwords.

**8fit: 20,180,667 accounts for 0.2025 BTC ($728) total**
1.9GB of data taken July 2018. Each account record contains an email address,
bcrypted-hashed password, country, country code, Facebook authentication token,
Facebook profile picture, name, gender, and IP address. This security breach has not
been previously publicly disclosed. Germany-headquartered 8fit offers customized
workout and diet plans for healthy fitness types.

8fit CEO Aina Abiodun told us her team is investigating, adding: "I need to get back to
you on this and can't comment immediately."

**Update: 8fit has** [confessed to its users that it was hacked, and is resetting their](https://8fit.zendesk.com/hc/en-us/articles/360017746394-Notice)
passwords.

**Fotolog: 16 million accounts for 0.52 BTC ($1,872) total**
5.9GB of data taken in December 2018. There are five SQL databases containing
information including email addresses, SHA256-hashed passwords, security questions
and answers, full names, locations, interests, and other profile information. This alleged
security breach has not been previously publicly disclosed. Fotolog, based in Spain, is
another social network for photography types. A spokesperson did not respond to a
request for comment.

**Animoto 25,402,283 accounts for 0.318 BTC ($1,144) total**
2.1GB of data taken in 2018. Each account record contains a user ID, SHA256-hashed
password, password salt, email address, country, first and last name, and date of birth.
[This security breach was publicly disclosed by the NYC-headquartered business in](https://www.theregister.com/2018/08/18/security_roundup/)
2018, though this is the first time the data has gone on sale, we understand.

"We provided notification about an incident potentially affecting customers back in
August 2018 after we identified unusual activity on our system," spokesperson
Rebecca Brooks told us. "After identifying the suspicious activity, we immediately took
the systems offline and implemented numerous security controls to help prevent an
incident like this from happening again."


-----

**MyHeritage 92,284,478 accounts for 0.549 BTC ($1,976) total**
3.6GB of data taken October 2017. Each account record contains an email address,
SHA1-hashed password and salt, plus the date of account creation. This security
[breach was publicly disclosed by the business last year, though this is the first time the](https://blog.myheritage.com/2018/06/myheritage-statement-about-a-cybersecurity-incident/#)
data has gone on sale, we're told. No DNA or similar sensitive information was taken.
MyHeritage, based in Israel, is a family-tree-tracing service that studies customers'
genetic profiles.

A spokesperson told us:

The date, the number of users affected, and the type of information [in the 2018
disclosure] correspond almost exactly to [the for-sale database], so this does not look
like a new breach. It seems likely that the perpetrator(s) of the October 2017 breach or
someone who obtained the data from them is now trying to sell it. We will investigate
this immediately and report the attempted sale to the authorities so they can try to trace
the perpetrators. Until this moment, we have not seen any evidence of circulation or
usage or abuse of the breached email addresses and hashed passwords, and this is
the first time a mention of them has surfaced since June 4 2018.

**MyFitnessPal 150,633,038 accounts for 0.289 BTC ($1,040) total**
3.5GB of data taken February 2018. Each account record contains a user ID,
username, email address, SHA1-hashed password with a fixed salt for the whole table,
[and IP address. This security breach was publicly disclosed by the business last year.](https://content.myfitnesspal.com/security-information/notice.html)
This may be the first time it has gone on public sale. Under-Armor-owned MyFitnessPal
does what it says on the tin: it's an app that tracks diet and exercise. A spokesperson
did not respond to a request for comment.

**Update: Spokesperson Erin Wendell has told us the biz made every user reset their**
password following the discovery of the intrusion last year. If you reused your old
MyFitnessPal password with other sites, now would be a good time to change your
password on those other services, if you have not done so already.

"We responded swiftly to alert users and have since required all MyFitnessPal users
who had not changed their passwords since that March 29, 2018 announcement, to
reset their passwords," Wendell said.

"As a result, passwords previously used for MyFitnessPal at the time of the data
security issue are no longer valid on MyFitnessPal, and we continue to encourage
strong password practices including unique and complex passwords for all their
accounts to enable users to further protect themselves."


-----

**Artsy 1,070,000 accounts for 0.0289 BTC ($104) total**
184MB of data taken April 2018. Each account record contains an email address,
name, IP addresses, location, and SHA512-hashed password with salt. This security
breach has not been previously publicly disclosed. Artsy, located in NYC, is an online
home for collecting and organizing art. A spokesperson did not respond to a request for
comment.

**Update: Artsy has emailed its users to confirm its data was stolen and sold online. It is**
in the process of investigating how it happened.

**Armor Games 11,013,617 accounts for 0.2749 BTC ($988) total**
1.8GB of data taken late December 2018. Each account record contains a username,
email address, SHA1-hashed password and salt, date of birth, gender, location, and
other profile details. This alleged security breach has not been previously publicly
disclosed. California-based Armor Games is a portal for a ton of browser-based games.
A spokesperson did not respond to requests for comment.

**Bookmate 8,026,992 accounts for 0.159 BTC ($572) total**
1.7GB of data taken July 2018. Each account record typically contains a username, an
email address, SHA512 or bcrypt-hashed password with salt, gender, date of birth, and
other profile details. This alleged security breach has not been previously publicly
disclosed. British Bookmate makes book-reading apps. A spokesperson did not
respond to a request for comment.


-----

**CoffeeMeetsBagel 6,174,513 accounts for 0.13 BTC ($468) total**
673MB of data taken late 2017 and mid-2018. Each account record contains typically a
full name, email address, age, registration date, and gender. This security breach has
not been previously publicly disclosed. CoffeeMeetsBagel is a dating website.

Jenn Takahashi, spokesperson for the CoffeeMeetsBagel, told us: "We are not aware
of a breach at this time, but our security team is looking into this now." She also said
the San-Francisco-based biz does not store passwords, and uses third-party sites for
authentication.

"We have engaged with our legal team and forensic security experts to identify any
issues and ensure we have the best security stance moving forward," Takahashi
added.

**Update: CoffeeMeetsBagel has confirmed at least some user account data was stolen**
by a hacker who broke into the biz's systems as recently as May 2018, as we reported.

"On February 11, 2019, we learned that an unauthorized party gained access to a
partial list of user details, specifically names and email addresses prior to May 2018,"
the company said in a statement.

"Once we became aware, we immediately launched a comprehensive investigation
with the help of experienced forensic experts. We are currently working on notifying the
affected user base. The security of our users’ information is important to us, and we
apologize for any inconvenience this may have caused."


-----

**DataCamp 700,000 accounts for 0.013 BTC ($46.8) total**
82MB of data taken December 2018. Each account record contains an email address,
bcrypt-hashed password, location, and other profile details. This security breach has
not been previously publicly disclosed. US-based DataCamp teaches people data
science and programming. A spokesperson told us they are "looking into" the online
sale.

"We take this matter seriously and want to further verify if this is indeed the case," said
the biz's Lode Vanacken. "We will also investigate access and audit logs to see if we
can trace back any potential unauthorised access. If indeed further investigation shows
this data to be valid we will communicate with you and with the affected end-users."

**[Update: Vanacken has told us DataCamp is resetting users' passwords after](https://support.datacamp.com/hc/en-us/articles/360017716074)**
confirming its data was stolen. "We have notified the users we believe were affected or
potentially affected via email," he said.

"Out of an abundance of caution, we are logging out all DataCamp users who may
have been affected, and, if they use a password as their authentication method, we are
invalidating their passwords and prompting them to reset their passwords.

"We continue to monitor for suspicious activity and to make enhancements to our
systems to detect and prevent unauthorized access to user information."

**HauteLook 28 million accounts for 0.217 BTC ($780) total**
1.5GB of data taken during 2018. Each account record contains an email address,
bcrypt-hashed password, and name. This alleged security breach has not been
previously publicly disclosed. HauteLook is an online store for fashion, accessories,
and so on. A spokesperson for the Los Angeles-based biz did not respond to a request
for comment.

**ShareThis 41,028,098 accounts for 0.217 BTC ($780) total**
2.7GB of data taken early July 2018. Each account record contains a name, username,
email address, DES-hashed password, gender, date of birth, and other profile info. This
security breach has not been previously publicly disclosed. Palo Alto-based ShareThis
makes a widget for sharing links to stuff with friends. A spokesperson did not respond
to a request for comment.

**Update: ShareThis has written to its users, alerting them that the site was hacked,**
likely in July 2018, and that email addresses, password hashes, and some dates-ofbirth was stolen and put up for sale online.


-----

**Whitepages 17,775,679 accounts for 0.434 BTC ($1560) total**
2.9GB of data taken 2016. Each account record contains an email address, SHA1- or
bcrypt-hashed password, and first and last name. This alleged security breach has not
been previously publicly disclosed. Whitepages is a Seattle-based online telephone
and address directory. A spokesperson did not respond to a request for comment.

The seller told The Register they have as many as 20 databases to dump online, while
keeping some others back for private use, and that they have swiped roughly a billion
accounts from servers to date since they started hacking in 2012.

Their aim is to make "life easier" for hackers, by selling fellow miscreants usernames and
password hashes to break into other accounts, as well as make some money on the side,
and highlight to netizens that they need to take security seriously – such as using two-factor
authentication to protect against password theft. The thief also wanted to settle a score with
a co-conspirator, by selling a large amount of private data online.

The hacker previously kept stolen databases private, giving them only to those who would
swear to keep the data secret.

"I don't think I am deeply evil," the miscreant told us. "I need the money. I need the leaks to
be disclosed.

"Security is just an illusion. I started hacking a long time ago. I'm just a tool used by the
system. We all know measures are taken to prevent cyber attacks, but with these upcoming
dumps, I'll make hacking easier than ever." ®

### Updates below

This article was revised at 0430 UTC on Tuesday, February 12 to include confirmation from
500px that it was hacked, as we reported.

Also on Tuesday, EyeEm informed its users it had been hacked. We understand similar
disclosures are due to land this week from ShareThis and others.

On Wednesday, February 13, DataCamp informed us it is resetting its users' passwords after
"some user data was exposed by a third party who gained criminal unauthorized access to
one of our systems."

Also on Wednesday, CoffeeMeetsBagel told us it is alerting its users to its security breach,
we added a statement from MyFitnessPal, and 8fit admitted to its customers that it was
hacked.

On Thursday, February 14, Artsy emailed its users to confirm its internal data was stolen and
put up for sale, as reported. "On February 11, 2019, we became aware that account
information for some of our users was made available on the internet," the biz wrote. "We are


-----

still investigating the precise causes of the incident, and together with our engineering team,
we are working with a leading cyber forensics firm to assist us."

On Friday, February 15, ShareThis confirmed it was hacked, too.

On 1 March, [Armor Games 'fessed up to a breach.](https://www.theregister.com/2019/03/04/armor_games_breach_disclosure/)

### Other stories you might like

Experts: AI should be recognized as inventors in patent law

Plus: Police release deepfake of murdered teen in cold case, and more

[Katyanna Quach Sat 28 May 2022 // 11:23 UTC 20](https://www.theregister.co.uk/Author/Katyanna-Quach)
In-brief Governments around the world should pass intellectual property laws that grant
rights to AI systems, two academics at the University of New South Wales in Australia
argued.

Alexandra George, and Toby Walsh, professors of law and AI, respectively, believe
failing to recognize machines as inventors could have long-lasting impacts on
economies and societies.

"If courts and governments decide that AI-made inventions cannot be patented, the
[implications could be huge," they wrote in a comment article published in Nature.](https://www.nature.com/articles/d41586-022-01391-x)
"Funders and businesses would be less incentivized to pursue useful research using AI
inventors when a return on their investment could be limited. Society could miss out on
the development of worthwhile and life-saving inventions."

[Continue reading](https://www.theregister.co.uk/2022/05/28/experts_ai_patent_law/?td=keepreading-btm)


-----

Declassified and released: More secret files on US govt s emergency doomsday
powers

Nuke incoming? Quick break out the plans for rationing, censorship, property seizures,
and more

[Katyanna Quach Sat 28 May 2022 // 08:51 UTC 50](https://www.theregister.co.uk/Author/Katyanna-Quach)
More papers describing the orders and messages the US President can issue in the
event of apocalyptic crises, such as a devastating nuclear attack, have been
declassified and released for all to see.

These government files are part of a larger collection of records that discuss the
nature, reach, and use of secret Presidential Emergency Action Documents: these are
executive orders, announcements, and statements to Congress that are all ready to
sign and send out as soon as a doomsday scenario occurs. PEADs are supposed to
give America's commander-in-chief immediate extraordinary powers to overcome
extraordinary events.

PEADs have never been declassified or revealed before. They remain hush-hush, and
their exact details are not publicly known.

[Continue reading](https://www.theregister.co.uk/2022/05/28/documents_reveal_secretive_government_plans/?td=keepreading-btm)
Stolen university credentials up for sale by Russian crooks, FBI warns

Forget dark-web souks, thousands of these are already being traded on public bazaars

[Jessica Lyons Hardcastle Fri 27 May 2022 // 22:34 UTC](https://www.theregister.co.uk/Author/Jessica-Lyons-Hardcastle)
Russian crooks are selling network credentials and virtual private network access for a
"multitude" of US universities and colleges on criminal marketplaces, according to the
FBI.

According to a warning issued on Thursday, these stolen credentials sell for thousands
of dollars on both dark web and public internet forums, and could lead to subsequent
cyberattacks against individual employees or the schools themselves.

"The exposure of usernames and passwords can lead to brute force credential stuffing
computer network attacks, whereby attackers attempt logins across various internet
sites or exploit them for subsequent cyber attacks as criminal actors take advantage of
users recycling the same credentials across multiple accounts, internet sites, and
[services," the Feds' alert [PDF] said.](https://www.ic3.gov/Media/News/2022/220526.pdf)

[Continue reading](https://www.theregister.co.uk/2022/05/27/fbi_warning_stolen_university_credentials/?td=keepreading-btm)


-----

Big Tech loves talking up privacy – while trying to kill privacy legislation

Study claims Amazon, Apple, Google, Meta, Microsoft work to derail data rules

[Thomas Claburn in San Francisco Fri 27 May 2022 // 21:48 UTC 9](https://www.theregister.co.uk/Author/Thomas-Claburn)
Amazon, Apple, Google, Meta, and Microsoft often support privacy in public
statements, but behind the scenes they've been working through some common
organizations to weaken or kill privacy legislation in US states.

[That's according to a report this week from news non-profit The Markup, which said the](https://themarkup.org/privacy/2022/05/26/tech-industry-groups-are-watering-down-attempts-at-privacy-regulation-one-state-at-a-time)
corporations hire lobbyists from the same few groups and law firms to defang or drown
state privacy bills.

The report examined 31 states when state legislatures were considering privacy
legislation and identified 445 lobbyists and lobbying firms working on behalf of Amazon,
Apple, Google, Meta, and Microsoft, along with industry groups like TechNet and the
State Privacy and Security Coalition.

[Continue reading](https://www.theregister.co.uk/2022/05/27/big_tech_privacy/?td=keepreading-btm)
SEC probes Musk for not properly disclosing Twitter stake

Meanwhile, social network's board rejects resignation of one its directors

[Katyanna Quach Fri 27 May 2022 // 21:26 UTC 13](https://www.theregister.co.uk/Author/Katyanna-Quach)
America's financial watchdog is investigating whether Elon Musk adequately disclosed
his purchase of Twitter shares last month, just as his bid to take over the social media
company hangs in the balance.

[A letter [PDF] from the SEC addressed to the tech billionaire said he "[did] not appear"](https://www.sec.gov/Archives/edgar/data/1418091/000000000022003713/filename1.pdf)
[to have filed the proper form detailing his 9.2 percent stake in Twitter "required 10 days](https://www.theregister.com/2022/04/04/elon_musk_twitter/)
from the date of acquisition," and asked him to provide more information. Musk's
shares made him one of Twitter's largest shareholders. The letter is dated April 4, and
was shared this week by the regulator.

Musk quickly moved to try and buy the whole company outright in a deal initially worth
[over $44 billion. Musk sold a chunk of his shares in Tesla worth $8.4 billion and bagged](https://www.theregister.com/2022/05/05/musk_twitter_ellison/)
[another $7.14 billion from investors to help finance the $21 billion he promised to put](https://www.theregister.com/2022/04/21/musk_twitter_funding/)
forward for the deal. The remaining $25.5 billion bill was secured via debt financing by
Morgan Stanley, Bank of America, Barclays, and others. But the takeover is not going
smoothly.

[Continue reading](https://www.theregister.co.uk/2022/05/27/the_sec_is_probing_elon/?td=keepreading-btm)


-----

Cloud security unicorn cuts 20% of staff after raising $1.3b

Time to play blame bingo: Markets? Profits? Too much growth? Russia? Space aliens?

[Jessica Lyons Hardcastle Fri 27 May 2022 // 19:19 UTC 14](https://www.theregister.co.uk/Author/Jessica-Lyons-Hardcastle)
Cloud security company Lacework has laid off 20 percent of its employees, just months
after two record-breaking funding rounds pushed its valuation to $8.3 billion.

A spokesperson wouldn't confirm the total number of employees affected, though told
_The Register that the "widely speculated number on Twitter is a significant_
overestimate."

[The company, as of March, counted more than 1,000 employees, which would push](https://venturebeat.com/2022/03/17/cybersecurity-has-53-unicorns-here-are-10-to-watch/)
the jobs lost above 200. And the widely reported number on Twitter is about 300
employees. The biz, based in Silicon Valley, was founded in 2015.

[Continue reading](https://www.theregister.co.uk/2022/05/27/lacework_cuts_jobs/?td=keepreading-btm)

Talos names eight deadly sins in widely used industrial software

Entire swaths of gear relies on vulnerability-laden Open Automation Software (OAS)

[Jeff Burt Fri 27 May 2022 // 18:30 UTC 2](https://www.theregister.co.uk/Author/Jeff-Burt)
A researcher at Cisco's Talos threat intelligence team found eight vulnerabilities in the
Open Automation Software (OAS) platform that, if exploited, could enable a bad actor
to access a device and run code on a targeted system.

The OAS platform is widely used by a range of industrial enterprises, essentially
facilitating the transfer of data within an IT environment between hardware and
software and playing a central role in organizations' industrial Internet of Things (IIoT)
efforts. It touches a range of devices, including PLCs and OPCs and IoT devices, as
well as custom applications and APIs, databases and edge systems.

Companies like Volvo, General Dynamics, JBT Aerotech and wind-turbine maker AES
are among the users of the OAS platform.

[Continue reading](https://www.theregister.co.uk/2022/05/27/talos-aos-vulnerabilities/?td=keepreading-btm)


-----

Despite global uncertainty, $500m hit doesn t rattle Nvidia execs

CEO acknowledges impact of war, pandemic but says fundamentals ‘are really good’

[Dylan Martin Fri 27 May 2022 // 16:08 UTC 1](https://www.theregister.co.uk/Author/Dylan-Martin)
Nvidia is expecting a $500 million hit to its global datacenter and consumer business in
the second quarter due to COVID lockdowns in China and Russia's invasion of
Ukraine. Despite those and other macroeconomic concerns, executives are still
optimistic about future prospects.

"The full impact and duration of the war in Ukraine and COVID lockdowns in China is
difficult to predict. However, the impact of our technology and our market opportunities
remain unchanged," said Jensen Huang, Nvidia's CEO and co-founder, during the
company's first-quarter earnings call.

Those two statements might sound a little contradictory, including to some investors,
[particularly following the stock selloff yesterday after concerns over Russia and China](https://www.theregister.com/2022/05/26/nvidia_q1fy2023_outlook/)
prompted Nvidia to issue lower-than-expected guidance for second-quarter revenue.

[Continue reading](https://www.theregister.co.uk/2022/05/27/nvidia_shrugs_off_global_chaos/?td=keepreading-btm)
Another AI supercomputer from HPE: Champollion lands in France

That's the second in a week following similar system in Munich also aimed at
researchers

[Dan Robinson Fri 27 May 2022 // 15:30 UTC 3](https://www.theregister.co.uk/Author/Dan-Robinson)
HPE is lifting the lid on a new AI supercomputer – the second this week – aimed at
building and training larger machine learning models to underpin research.

Based at HPE's Center of Excellence in Grenoble, France, the new supercomputer is
to be named Champollion after the French scholar who made advances in deciphering
Egyptian hieroglyphs in the 19th century. It was built in partnership with Nvidia using
AMD-based Apollo computer nodes fitted with Nvidia's A100 GPUs.

Champollion brings together HPC and purpose-built AI technologies to train machine
learning models at scale and unlock results faster, HPE said. HPE already provides
HPC and AI resources from its Grenoble facilities for customers, and the broader
research community to access, and said it plans to provide access to Champollion for
scientists and engineers globally to accelerate testing of their AI models and research.

[Continue reading](https://www.theregister.co.uk/2022/05/27/hpe_champollion_supercomputer/?td=keepreading-btm)


-----

Workday nearly doubles losses as waves of deals pushed back

Figures disappoint analysts as SaaSy HR and finance application vendor navigates
economic uncertainty

[Lindsay Clark Fri 27 May 2022 // 14:30 UTC 11](https://www.theregister.co.uk/Author/Lindsay-Clark)
HR and finance application vendor Workday's CEO, Aneel Bhusri, confirmed deal wins
expected for the three-month period ending April 30 were being pushed back until later
in 2022.

The SaaS company boss was speaking as Workday recorded an operating loss of
[$72.8 million in its first quarter [PDF] of fiscal '23, nearly double the $38.3 million loss](https://www.workday.com/content/dam/web/en-us/documents/investor/workday-fiscal-2023-first-quarter-investor-presentation.pdf)
recorded for the same period a year earlier. Workday also saw revenue increase to
$1.43 billion in the period, up 22 percent year-on-year.

However, the company increased its revenue guidance for the full financial year. It said
revenues would be between $5.537 billion and $5.557 billion, an increase of 22 percent
on earlier estimates.

[Continue reading](https://www.theregister.co.uk/2022/05/27/workday_near_doubles_losses_as/?td=keepreading-btm)
UK monopoly watchdog investigates Google's online advertising business

Another probe? Mountain View is starting to look like a pincushion at this rate

[Richard Currie Fri 27 May 2022 // 14:00 UTC 8](https://www.theregister.co.uk/Author/Richard-Currie)
The UK's Competition and Markets Authority is lining up yet another investigation into
Google over its dominance of the digital advertising market.

This latest inquiry, [announced Thursday, is the second major UK antitrust investigation](https://www.gov.uk/government/news/google-probed-over-potential-abuse-of-dominance-in-ad-tech)
into Google this year alone. In March this year the UK, together with the European
[Union, said it wished to examine Google's "Jedi Blue" agreement with Meta to allegedly](https://www.theregister.com/2022/03/11/cma_ec_blue_jedi/)
favor the former's Open Bidding ads platform.

[The news also follows proposals last week by a bipartisan group of US lawmakers to](https://www.theregister.com/2022/05/19/senate_ctda_advertising/)
create legislation that could force Alphabet's Google, Meta's Facebook, and Amazon to
divest portions of their ad businesses.

[Continue reading](https://www.theregister.co.uk/2022/05/27/cma_google_ad_dominance/?td=keepreading-btm)


-----