5 Companies That Had A Rough Week

The Week Ending April 13

Topping this week's roundup of those having a rough week is Facebook CEO Mark Zuckerberg, who faced two days of grilling before Congress this week over user data protection.

Also making the list this week are Best Buy and Kmart, who are the latest victims of a security breach at a chat service provider; Apple, whose sales of HomePod aren't burning down the house; and Microsoft and Adobe, who both issued fixes to critical vulnerabilities in their software.

Not everyone in the IT industry was having a rough go of it this week. For a rundown of companies that made smart decisions, executed savvy strategic moves – or just had good luck – check out this week's Five Companies That Came To Win roundup.

Facebook's Zuckerberg On The Hot Seat In Washington Over Data Protection Controversy

Facebook founder and CEO Mark Zuckerberg underwent nearly 10 hours of public grilling over two days this week in the U.S. Congress, first before the Senate Commerce and Judiciary Committee and then before the House Energy and Commerce Committee.

Altogether he faced almost 600 questions from nearly 100 lawmakers, according to a New York Times story. The questions largely revolved around how Facebook handles users' data, as well as whether the social media giant should be more heavily regulated, whether it censors conservative content and how much Russia used the site to interfere with the U.S. 2016 election.

At one point Louisiana Senator John Kennedy told Zuckerberg that Facebook's user agreement "sucks," the story said.

Some observers said that Zuckerberg came away from the ordeal with some bumps and bruises, but not much more. But others described him as evasive: The Times story said he used the phrase "My team will get back to you" more than 20 times.

There also seemed to be a growing consensus that there is a need for tighter regulation of social media technology.

Best Buy, Kmart Latest Victims Of Chat Service Cyber Breach

You can add retailers Best Buy and Kmart to the list of companies that have been impacted by a cybersecurity breach at a third-party chat service that potentially exposed information from thousands of credit cards.

Last week chat service provider [24]7.ai announced that its system was a victim of a security breach in September and October 2017 where hackers were able to gain access to payment information for [24]7.ai's business clients, according to a story on the Threatpost website.

Following last week's announcement, Delta Airlines and retailer Sears disclosed that they used the [24]7.ai service and that they had been impacted by the cyber breach.

Best Buy said it believed that only a "small fraction" of its customers' payment card information may have been compromised by the incident. Sears said previously that the attackers gained access to information from less than 100,000 customers' credit cards. Kmart is owned by Sears Holdings.

Reports: Apple HomePod Sales Are Disappointing, Company Lowers Sales Forecasts

Reports out this week say that sales of Apple's much-hyped HomePod smart speaker haven't met early expectations and the company has cut back its sales forecasts for the product.

While HomePod launched with strong pre-orders in January, sales have slowed since the product hit the market, according to a Bloomberg story that said inventory is piling up on store shelves.

The story said Apple has already cut orders with Inventec, one of the contract manufacturers that makes the device. And analyst firm KGI Securities has reportedly cut its sales forecast for the product to just 2.5 million units in 2018.

Observers say Apple is way behind Amazon's Echo product, which has about 73 percent of the market, Google Home and other competitors.

Microsoft -- Finally -- Patches Outlook Password Leak Bug

Microsoft was taking heat this week after it patched a critical bug in Outlook that was identified more than a year ago. The fix was issued this week as part of Microsoft's monthly "Patch Tuesday" release.

The Outlook vulnerability allowed attackers to steal a user's sensitive data, including IP address and Windows login credentials, just by getting the user to preview a Rich Text Format (RTF) email with remotely hosted OLE objects, according to a Hackread story.

CERT Coordination Center analyst Will Dorfman discovered the vulnerability back in November 2016.

Adobe Scrambles To Fix Four Critical Vulnerabilities In Flash Player, InDesign Products

Sticking with the topic of fixing software bugs, Adobe programmers this week issued fixes for four critical vulnerabilities in the company's Flash Player and InDesign software.

Details of the critical vulnerabilities had not yet been made public and Adobe said it was not aware of any exploits of the bugs corrected by the fixes, according to a Threatpost story.

The most serious of the vulnerabilities involved Adobe Flash Player 29.0.0.113 and earlier versions, Threatpost said. The affected versions of Flash Player included Flash Player Desktop Runtime, Flash Player for Google Chrome and Flash Player for Microsoft Edge and IE 11.

Another vulnerability rated critical was fixed in Adobe InDesign CC.