A guide to Virtual Beings and how they impact our world

Money from big tech companies and top VC firms is flowing into the nascent “virtual beings” space. Mixing the opportunities presented by conversational AI, generative adversarial networks, photorealistic graphics, and creative development of fictional characters, “virtual beings” envisions a near-future where characters (with personalities) that look and/or sound exactly like humans are part of our day-to-day interactions.

Last week in San Francisco, entrepreneurs, researchers, and investors convened for the first Virtual Beings Summit, where organizer and Fable Studio CEO Edward Saatchi announced a grant program. Corporates like Amazon, Apple, Google, and Microsoft are pouring resources into conversational AI technology, chip-maker Nvidia and game engines Unreal and Unity are advancing real-time ray tracing for photorealistic graphics, and in my survey of media VCs one of the most common interests was “virtual influencers”.

The term “virtual beings” gets used as a catch-all categorization of activities that overlap here. There are really three separate fields getting conflated though:

  1. Virtual Companions
  2. Humanoid Character Creation
  3. Virtual Influencers

These can overlap — there are humanoid virtual influencers for example — but they represent separate challenges, separate business opportunities, and separate societal concerns. Here’s a look at these fields, including examples from the Virtual Beings Summit, and how they collectively comprise this concept of virtual beings:

Virtual companions

Virtual companions are conversational AI that build a unique 1-to-1 relationship with us, whether to provide friendship or utility. A virtual companion has personality, gauges the personality of the user, retains memory of prior conversations, and uses all that to converse with humans like a fellow human would. They seem to exist as their own being even if we rationally understand they are not.

Virtual companions can exist across 4 formats:

  1. Physical presence (Robotics)
  2. Interactive visual media (social media, gaming, AR/VR)
  3. Text-based messaging
  4. Interactive voice

While pop culture depictions of this include Her and Ex Machina, nascent real-world examples are virtual friend bots like Hugging Face and Replika as well as voice assistants like Amazon’s Alexa and Apple’s Siri. The products currently on the market aren’t yet sophisticated conversationalists or adept at engaging with us as emotional creatures but they may not be far off from that.

Source: Tech Crunch

Ordermark, the online-delivery order management service for restaurants, raises $18 million

Los Angeles-based Ordermark, the online delivery management service for restaurants founded by the scion of the famous, family-owned Canters Deli, said it has raised $18 million in a new round of funding.

The round was led by Boulder-based Foundry Group. All of Ordermark’s previous investors came back to provide additional capital for the company’s new funding, including: TenOneTen Ventures, Vertical Venture Partners, Mucker Capital, Act One Ventures, and Nosara Capital, which led the Series A funding.

“We created Ordermark to help my family’s restaurant adapt and thrive in the mobile delivery era, and then realized that as a company, we could help other restaurants experiencing the same challenges. We’ve been gratified to see positive results come in from our restaurant customers nationwide,” said Alex Canter, in a statement.

A fourth generation restauranteur, Canter built the technology on the back of his family deli’s own needs. The company has integrated with point of sale systems, kitchen displays, and accounting tools, and with last mile delivery companies.

As the company expands it’s looking to increase its sales among the virtual restaurants powered by cloud kitchens and delivery services like Uber Eats, Seamless/Grubhub and others, the company said in a statement.

Although the business isn’t profitable, Ordermark is now in over 3,000 restaurants. The company has integrations with over fifty ordering services.

Source: Tech Crunch

Porsche Taycan reservations surpass 30,000 ahead of world debut

Porsche has secured 30,000 deposits for the Taycan more than a month before the German automaker will unveil the all-electric sports cars, numbers that suggest there’s enough to demand to support the company’s plans to produce 40,000 units in its first year.

The latest reservation numbers were cited by Bloomberg and Porsche HR head Andreas Haffner in an interview with German business publication Handelsblatt.

Porsche initially targeted 20,000 Taycan electric vehicles for the first year of production. But interest in the vehicle prompted the automaker to double its planned annual production to 40,000 in its first year. Reservations require a 2,500 euro deposit ($2,785).

If Porsche is able to produce and then deliver 40,000 Taycans in its first year of production, the electric sports car would leap ahead of some of its iconic internal combustion models, including the 718 Boxster and the 911. Porsche sold 35,573 911s and 24,750 718 vehicles globally in 2018.

The Taycan would still trail Porsche’s other popular crossover and SUV models such as the Cayenne and Macan.

The Taycan could also put pressure on the Tesla Model S, the popular luxury electric sedan that has long dominated this niche in the industry. Tesla combines Model S and X delivery numbers. In 2018, the company delivered 99,394 Model S and X vehicles.

The Model S has had a number of updates since production began in 2012, but it hasn’t had a significant facelift since April 2016 when the front fascia was changed to look more like the Model X.

Tesla CEO Elon Musk said earlier this month that the company doesn’t plan to “refresh” its Model X or Model S vehicles. In automotive speak, refreshed typically means small revisions to a vehicle model that extend beyond the typical yearly updates made by manufacturers. A refresh is not a major redesign, although there’s often a noticeable change to the vehicle model.

The company will make minor ongoing changes to the luxury electric sedan and sport utility vehicle, Musk said at that time. Even with those continuous updates, potential customers could opt for the newer Taycan.

Porsche isn’t resting on the novelty of its first electric vehicle to drive sales. The company is rolling out other incentives, notably plans to give owners of the Taycan three years of free charging at hundreds of Electrify America public stations across the United States. Electrify America is the entity set up by Volkswagen as part of its settlement with U.S. regulators over its diesel emissions cheating scandal.day.

The automaker also is making an additional $70 million investment to add DC fast chargers to Porsche dealerships.

Source: Tech Crunch

Tesseract makes spacecraft propulsion smaller, greener, stronger

Launch vehicles and their enormous rocket engines tend to receive the lion’s share of attention when it comes to space-related propulsion, but launch only takes you to the edge of space — and space is a big place. Tesseract has engineered a new rocket for spacecraft that’s not only smaller and more efficient, but uses fuel that’s safer for us down here on the surface.

The field of rocket propulsion has been advancing constantly for decades, but once in space, there’s considerably less variation. Hydrazine is a simple and powerful nitrogen-hydrogen fuel that’s been in use since the ’50s, and engines using it (or similar “hypergolic” propellants) power many a spacecraft and satellite today.

There’s just one problem: Hydrazine is horribly toxic and corrosive. Handling it must be done in a special facility, using extreme caution and hazmat suits, and very close to launch time — you don’t want a poisonous explosive sitting around any longer than it has to. As launches and spacecraft multiply and costs drop, hydrazine handling remains a serious expense and danger.

Alternatives for in-space propulsion are being pursued, like Accion’s electrospray panels, Hall effect thrusters (on SpaceX’s Starlink satellites) and light sails — but ultimately, chemical propulsion is the only real option for many missions and craft. Unfortunately, research into alternative fuels that aren’t so toxic hasn’t produced much in the way of results — but Tesseract says the time has come.

“There was some initial research done at China Lake Naval Station in the ’90s,” said co-founder Erik Franks, but it fizzled out when funds were reallocated. “The timing also wasn’t right because the industry was still dominated by very conservative defense contractors who were content with the flight-proven toxic propellant technology.”

rigel thruster test

A live fire test of Tesseract’s Rigel engine.

The lapsed patents for these systems, however, pointed the team in the right direction. “The challenge for us has been going through the whole family of chemicals and finding which works for us. We’ve found a really good one — we’re keeping it as kind of a trade secret but it’s cheap, and really high-performance.”

You wouldn’t want to rinse your face with it, but you can fuel a spacecraft wearing Gore-Tex coveralls instead of a hermetically sealed hazmat suit. Accidental exposure doesn’t mean permanent tissue damage like it might with hydrazine.

The times have changed, as well. The trend in space right now is away from satellites that cost hundreds of millions and stay in geosynchronous orbit for decades, and toward smaller, cheaper birds intended to last only five or 10 years.

More spacecraft being made by more people makes safer, greener alternatives more attractive, of course: lower handling costs, less specialized facilities and so on further democratize the manufacturing and preparation processes. But there’s more to it than that.

If all anyone wanted was to eliminate hydrazine-based propulsion, they could replace the engine with an electric option like a Hall effect thruster, which gets its thrust from charged particles exiting the assembly and imparting an infinitesimal force in the opposite direction — countless times per second, of course. (It adds up.)

But these propulsion methods, while they have a high specific impulse — a measurement of how much force is generated per unit of fuel — they produce very little thrust. It’s like suggesting someone take a solar-powered car with a max speed of 5 MPH instead of a traditional car with a V6. You’ll get there, and economically, but not in a hurry.

Consider that a satellite, once brought to low orbit by a launch vehicle, must then ascend on its own power to the desired altitude, which may be hundreds of kilometers above. If you use a chemical engine, that could be done in hours or days, but with electric, it might take months. A military comsat meant to stay in place for 20 years can spare a few months at the outset, but what about the thousands of short-life satellites a company like Starlink plans to launch? If they could be operational a week after launch rather than months, that’s a non-trivial addition to their lifespan.

“If you can get rid of the toxicity and handling costs of conventional chemical propulsion, but maintain performance, we think green chemical is a clear winner for the new generation of satellites,” Franks said. And that’s what they claim to have created. Not just on paper either, obviously; here’s a video of a fire test from earlier this year.

“It’s also important at end of life, where doing a long, slow spiral deorbit, repeatedly crossing the orbits of other satellites, dramatically increases the risk of collision,” he continued. “For responsibly managing these large, planned constellations the ability to quickly deorbit at end of life will be especially important to avoid creating an unsustainable orbital debris problem.”

Tesseract has only seven full-time employees, and was a part of Y Combinator’s Summer 2017 class. Since (and before) then they’ve been hard at work engineering the systems they’ll be offering, and building relationships with aerospace.


A render of Tesseract’s two flagship products — Adhara on the left and Polaris on the right.

They’ve raised a $2 million seed round, but you don’t have to be a rocket scientist to know that’s not the kind of money that puts things into space. Fortunately, the company already has its first customers, one of which is still in stealth but plans to launch a Moon mission next year (and you better believe we’re following up on that hot tip). The other is Space Systems/Loral, or SSL, which has signed a $100 million letter of intent.

There are two main products Tesseract plans to offer. Polaris is a “kickstage,” essentially a short-range spacecraft used to deliver satellites to more distant orbits after being taken up to space by a launch vehicle. It’s powered by the company’s larger Rigel engines; this is the platform purportedly headed to the Moon, and you can see it propelling a clutch of 6U smallsats on the right in the image above.

But Franks thinks the money is elsewhere. “The systems we think will be a bigger market opportunity are the smallsat propulsion systems,” he said. Hence the second product, Adhara, a propulsion bus for smaller satellites and craft that the company is focusing on keeping straightforward, compact and, of course, green. (It’s the smaller rig in the image above; the thrusters are named Lyla.)

“We’ve heard from customers that complete, turnkey systems are what they mostly want, rather than buying components from many vendors and doing all the systems integration themselves like the old-school satellite manufacturers have historically done,” Franks said. So that’s what Adhara is for: “Keep it simple, bolt it on there, let it maneuver where it needs to go.”

Engineering these engines was no cakewalk, naturally, but Tesseract wasn’t reinventing the wheel. The principles are very similar to traditional engines, so development costs weren’t ridiculous.

The company isn’t pretending these are the only solutions that make sense now. If you need to have the absolute lowest mass or volume dedicated to propulsion, or don’t really care if it takes a week or a year to get where you’re going, electric propulsion is still probably a better deal. And for major missions that require high delta-V and don’t mind dealing with the attendant dangers, hydrazine is still the way to go. But the market that’s growing the most is neither one of these, and Tesseract’s engines sit in a middle ground that’s efficient, compact and far less dangerous to work with.

Source: Tech Crunch

Report: Lyft COO Jon McNeill is leaving

Shortly after going public, Lyft is losing one of its top executives, according to a new report from Bloomberg.

Jon McNeill, who joined the ride-hailing business from Tesla about 18 months ago, is reportedly stepping down. Lyft declined to comment.

Lyft’s stock (Nasdaq: LYFT) is down nearly 3% on the news. Despite a turbulent first month on the public market, Lyft has traded up the past three months, closing Friday up about 1%, at $65.52 per share, with a market cap of $18.55 billion.

Of his COO pick, Lyft CEO and co-founder Logan Green said in a statement provided to TechCrunch last year that “Jon is a world-class leader who brings deep experience as a highly successful entrepreneur and executive.”

“Last year, the Lyft community experienced more growth than in all previous years combined, growing rides by 2.3x and increasing market share by more than 50%. Jon is the right leader to build upon this momentum with his unique background of starting companies from scratch and managing at scale.”

Source: Tech Crunch

Reports claims all three new iPhones planned for 2020 will support 5G

Apple analyst Ming-Chi Kuo — sometimes described as “the most accurate Apple analyst in the world” — has written a new note to investors saying that the three iPhones expected to launch in 2020 will feature support for 5G. In previous Kuo reports, it’s said the 2020 iPhones could be available in new sizes: a 5.4 and 6.7-inch high-end iPhones with OLED displays, along with a 6.1-inch model with an OLED display.

Previously, he predicted that only two of the three new iPhones slated for 2020 would support 5G. But with well-spec’d Androids flooding the market, he says it looks like Apple will offer 5G in all models in order to better compete. He’s also confirmed the view that Apple will be able to throw more resources into developing the 5G iPhone now that it has acquired Intel’s smartphone modem chip business.

The report, leaked to MacRumors, contains this quote:

We now believe that all three new 2H20 iPhone models will support 5G for the following reasons. (1) Apple has more resource for developing the 5G iPhone after the acquisition of Intel baseband business. (2) We expect that the prices of 5G Android smartphones will decline to $249-349 USD in 2H20. We believe that 5G Android smartphones, which will be sold at $249-349 USD, will only support Sub-6GHz. But the key is that consumers will think that 5G is the necessary function in 2H20. Therefore, iPhone models which will be sold at higher prices have to support 5G for winning more subsidies from mobile operators and consumers’ purchase intention. (3) Boosting 5G developments could benefit Apple’s AR ecosystem.

The report expects all three 2020 iPhone models to support both mmWave and Sub-6GHz spectrum (two different kinds of 5G) for the US market. Whether Apple will launch a 5G iPhone that only supports Sub-6GHz, allowing for a lower price and thus making it suitable for the Chinese market, remains unclear.

mmWave is the ‘fastest 5G’ that’s most often referred to, but as it is suited to denser, urban areas, it will not be used as much in rural or suburban areas, where mid-bands and low-bands, called sub-6GHz 5G, will be employed. All are banks are faster than 4G, with mmWave the fastest.

Apple will use modem chips from Qualcomm in its 2020 5G iPhones, while it works on its own modem chips, due in 2021.

Source: Tech Crunch

Original Content podcast: Our love for ‘Queer Eye’ isn’t quite as strong

It’s been barely more than a year since the “Queer Eye” revival premiered on Netflix, but the series is already back for its fourth season.

This time around, the Fab Five finds new makeover subjects in Kansas City (with a detour to Quincy, Illinois, where hairstylist Jonathan Van Ness grew up), offering their custom mix of lifestyle tips and intense emotional conversations. In many ways, the new season serves as a reminder that “Queer Eye” remains one of the most compelling titles in Netflix’s reality TV lineup.

At the same time, some of our excitement is wearing off. That’s not to say that the show is weaker, exactly — but the formula is becoming more familiar, and the contrivance of whirlwind life changes all taking place in a handful of days feels a little harder to swallow.

We also had reservations about Karamo’s big decision in “Disabled But Not Really,” where he asks the episode’s subject Wesley to meet with the man who shot and paralyzed him years earlier. It makes for suspenseful and moving TV, and Wesley seems to find the conversation rewarding, but we argued about whether the sequence felt more contrived and exploitative than helpful.

In addition to reviewing the latest season of “Queer Eye,” we also discussed our first impressions of the new Netflix science fiction series “Another Life,” which Jordan was particularly excited about because it stars Katee Sackhoff of “Battlestar Galactica.” This, in turn, led to our thoughts on the new trailer for “Star Trek: Picard.”

You can listen in the player below, subscribe using Apple Podcasts or find us in your podcast player of choice. If you like the show, please let us know by leaving a review on Apple. You can also send us feedback directly. (Or suggest shows and movies for us to review!)

And if you’d like to skip ahead, here’s how the episode breaks down:
0:00 Intro
0:28 “Another Life” first impressions
17:32 “Queer Eye” season 4 review

Source: Tech Crunch

What will happen when the bad times come?

Here in America we are now in the longest economic expansion in history. That doesn’t mean it’s about to end. But it does raise the question: what happens when it does? When the economic cycle finally inverts into recession, perhaps unexpectedly and with no obvious cause, perhaps because of some geopolitical crisis? We know what happens to the overall economy — but what happens to the tech sector?

Last time around, the answer was: “surprisingly little.” Late 2008 saw widespread expectations that tech was about to crater along with all other sectors. This was the era of Sequoia Capital’s infamous “R.I.P. Good Times” deck. They could hardly have been more wrong.

Instead the Great Recession everywhere else was more of a speed bump in Silicon Valley. In fact it was arguably the birth of the modern startup boom. The number of startups tracked by CrunchBase rose rapidly from 1200 in 2007, by at least 25% every year, to 5700 five years later.

Meanwhile, YoY revenue growth at Google did drop into single digits in 2008-09 … but only for a few quarters, never actually stalled, and quickly returned to 20%+. Amazon growth never fell below double digits. Apple’s went negative for one lonesome quarter, but otherwise stayed north of 20%.

Go back a little further, though, and you come to the dot-com crash, in which tech was — of course, and rightly — hit hard. This was not entirely a bad thing. Even at the time it was clear that to some extent the chaff was being sifted from the industry, albeit at widespread painful personal cost. However, that unpleasant correction set the stage for the nonstop growth since.

So: will the next downturn parallel 2008, or 2001? Will tech growth slow but not stop, or has the time come again for a great economic threshing which will separate wheat from chaff? Or will the next downturn take its own, very different shape? Tech is both much larger now, and much more tightly woven into every other sector.

One could argue a recession will accelerate the demise of legacy businesses and systems, and their replacement with newer, more efficient, software- / API- / AI-driven ones, so the tech industry will actually see a net benefit from any downturn. I’m skeptical of this vulture theory, though. A sinking tide ultimately lowers all boats.

Still, the Big Five — Alphabet, Amazon, Apple, Facebook, Microsoft — will probably sail though relatively untouched. They may stop hiring as aggressively (Google has grown by 18,000 employees to 107,000 in just the last year) but they have enough cash on hand, and diverse enough revenue streams, to weather a storm. Even Google is no longer totally reliant on ads, now that it’s making $8 billion/year from GCP.

The one possible exception is Facebook, which remains the most precarious of the Big Five, given the increasing vitriol it attracts, its relative lack of room to grow in wealthy markets, and, probably most important, the fact it remains a one-trick revenue pony. Could the next recession see Facebook drop from Big Five status? Very possibly.

Lesser companies, though — those outside of tech proper, and even the herd of growth-stage unicorns — will almost certainly be forced into major layoffs. Will the newly-laid-off flock back to school, as happened in 2008? Or will they rush to roll the dice with new startups? Given the rising costs of, and increasing skepticism aimed at, traditional higher education, it seems likely that instead we’ll suddenly see an enormous bloom of new startups.

On the one hand, this means more ideas flung at the proverbial wall, and so more innovation. But on the other, these will presumably mostly be low-cost web / app startups, which as I’ve argued before are increasingly played out, from people who are founding them as a reaction to being laid off rather than because they have a vision they can’t ignore, in a downturn during which funding will presumably grow ever harder to acquire.

There’s a school of thought which says more startups is always better, and another which says that bad startups are like an algal bloom, choking the oxygen (money, attention, talent) from the ambient environment and making things worse for the overall ecosystem. It seems likely that the next downturn will serve as a natural experiment testing these hypotheses. Let’s hope the former is more true. And if (but only if) you have your own burning startup idea in you, it might be best to beat the eventual recessionary rush.

Source: Tech Crunch

Week in Review: Regulation boogaloo

Hello, weekenders. This is Week-in-Review, where I give a heavy amount of analysis and/or rambling thoughts on one story while scouring the rest of the hundreds of stories that emerged on TechCrunch this week to surface my favorites for your reading pleasure.

Last week, I talked about how services like Instagram had moved beyond letting their algorithms take over the curation process as they tested minimizing key user metrics such as “like” counts on the platform.

John Taggart/Bloomberg via Getty Images

The big story

The big news stories this week intimately involved the government poking its head into the tech industry. What was clear between the two biggest stories, the DoJ approving the Sprint/T -Mobile merger and the FTC giving Facebook a $5 billion slap on the wrist, is that big tech has little to worry about its inertia being contained.

It seems the argument from Spring and T-Mobile that it was better to have three big telecom companies in the U.S. rather than two contenders and two pretenders, seems to have stuck. Similarly, Facebook seems to have done a worthy job of indicating that it will handle the complicated privacy stuff but that they’ll let the government orgs see what they’re up to.

Fundamentally, none of these orgs seem to want to harm the growth of these American tech companies and I have a tough time believing that perspective is going to magically get more toothy in some of these early antitrust investigations. The government might be making a more concerted effort to understand how these businesses are structured, but even focusing solely on something like the cloud businesses of Microsoft, Google and Amazon, I have little doubt that the government is going to spend an awfully long time in the observation phase.

The danger is erraticism and for that the worst government fear for tech isn’t a three-letter agency, it’s the Twitter ramblings of POTUS.

feedback -> @lucasmtny

Onto the rest of the week’s news.

Intel and Apple logos


Trends of the week

Here are a few big news items from big companies, with green links to all the sweet, sweet added context:

  • Apple dropping $1 billion on Intel’s modem business
    Apple is snapping up a missing link in its in-house component production with the $1B purchase of most of Intel’s modem business. This follows a dramatic saga between Intel, Qualcomm and Apple over the past year, but Apple will be making its own smartphone modems the question is when they actually end up in new iPhones. Read more here.
  • Microsoft dropping $1 billion on OpenAI
    Microsoft announced this week that it is dumping $1 billion into Sam Altman’s OpenAI research group. The partnership is pretty major, but it’s just one of the interesting avenues Microsoft is using to ensure its Azure services gain notable customers. Read more here.
  • Galaxy Fold is coming back!
    After a very embarrassing soft launch, Samsung which managed to make it a several devices beyond the Note 7 before another garbage fire is trying its hand at the Galaxy Fold again and will be releasing it sometime in September. It seems like the carriers are a little dubious of the prospect and T-Mobile has already opted out of carrying it. Read more here.

darkened facebook logo

GAFA Gaffes [Facebook Edition!!]

How did the top tech companies screw up this week? This clearly needs its own section, in order of badness:

  1. Facebook gets five:
    [Facebook settles with FTC: $5 billion and new privacy guarantees]
  2. FTC isn’t quite done with Facebook:
    [Facebook says it’s under antitrust investigation by the FTC]
  3. Facebook dismissed CA warnings:
    [Facebook ignored staff warnings about sketchy Cambridge Analytica in September 2015]
  4. Facebook left kids vulnerable:
    [Facebook fails to keep Messenger Kids safety promise]

Extra Crunch

Our premium subscription service had another week of interesting deep dives. This week, my colleague Danny spoke with some top VCs about why fintech startups have been raising massive amounts of cash and he seemed to walk away with some interesting impressions.

Why fintech VC mega rounds have become so common

“…The biggest challenge that has faced fintech companies for years — really, the industry’s consistent Achilles’ heel — is the cost of acquiring a customer. Financial customer relationships are incredibly valuable, and the cost of acquiring a user for any product is among the most expensive in every major channel.

And those costs are going up…”

Here are some of our other top reads for premium subscribers.

We’re excited to announce The Station, a new TechCrunch newsletter all about mobility. Each week, in addition to curating the biggest transportation news, Kirsten Korosec will provide analysis, original reporting and insider tips. Sign up here to get The Station in your inbox beginning in August.

Source: Tech Crunch

A mistakenly exposed password let a hacker access internal Comodo files

A hacker gained access to internal files and documents owned by security company and SSL certificate issuer Comodo by using an email address and password mistakenly exposed on the internet.

The credentials were found in a public GitHub repository owned by a Comodo software developer. With the email address and password in hand, the hacker was able to log into the company’s Microsoft-hosted cloud services. The account was not protected with two-factor authentication.

Jelle Ursem, a Netherlands-based security researcher who found the credentials, contacted Comodo vice president Rajaswi Das by WhatsApp to secure the account. The password was revoked the following day.

Ursem told TechCrunch that the account allowed him to access internal Comodo files and documents, including sales documents and spreadsheets in the company’s OneDrive — and the company’s organization graph on SharePoint, allowing him to see the team’s biographies, contact information including phone numbers and email addresses, photos, customer documents, calendar, and more.

comodo calendar

A screenshot of a staff calendar on Comodo’s internal site. (Image: supplied)

He also shared several screenshots of folders containing agreements and contracts with several customers — with the names of customers in each filename, such as hospitals and U.S. state governments. Other documents appeared to be Comodo vulnerability reports. Ursem’s cursory review of the data did not turn up any customer certificates private keys, however.

“Seeing as they’re a security company and give out SSL certificates, you’d think that the security of their own environment would come first above all else,” said Ursem.

But according to Ursem, he wasn’t the first person to find the exposed email address and password.

“This account has already been hacked by somebody else, who has been sending out spam,” he told TechCrunch. He shared a screenshot of a spam email sent out, purporting to offer tax refunds from the French finance ministry.

We reached out to Comodo for comment prior to publication. A spokesperson said the account was an “automated account used for marketing and transactional purposes,” adding: “The data accessed was not manipulated in any way and within hours of being notified by the researcher, the account was locked down.”

It’s the latest example of exposed corporate passwords found in public GitHub repositories, where developers store code online. All too often developers upload files inadvertently containing private credentials used for internal-only testing. Researchers like Ursem regularly scan repositories for passwords and report them to the companies, often in exchange for bug bounties.

Earlier this year Ursem found a similarly exposed set of internal Asus passwords on an employee’s GitHub public account. Uber was also breached in 2016 after hackers found internal credentials on GitHub.

Source: Tech Crunch