ZDNet: LinkedIn bug allowed data to be stolen from user profiles

ZDNet: LinkedIn bug allowed data to be stolen from user profiles. “A bug in how LinkedIn autofills data on other websites could have allowed an attacker to silently steal user profile data. The flaw was found in LinkedIn’s widely used AutoFill plugin, which allows approved third-party websites to let LinkedIn members automatically fill in basic information from their profile — such as their name, email address, location, and where they work — as a quick way to sign up to the site or to receive email newsletters.”

ZDNet: Data firm leaks 48 million user profiles it scraped from Facebook, LinkedIn, others

ZDNet: Data firm leaks 48 million user profiles it scraped from Facebook, LinkedIn, others. “Localblox, a Bellevue, Wash.-based firm, says it ‘automatically crawls, discovers, extracts, indexes, maps and augments data in a variety of formats from the web and from exchange networks.’ Since its founding in 2010, the company has focused its collection on publicly accessible data sources, like social networks Facebook, Twitter, and LinkedIn, and real estate site Zillow to name a few, to produce profiles. But earlier this year, the company left a massive store of profile data on a public but unlisted Amazon S3 storage bucket without a password, allowing anyone to download its contents.”

Forbes: These Ex-Spies Are Harvesting Facebook Photos For A Massive Facial Recognition Database

Forbes: These Ex-Spies Are Harvesting Facebook Photos For A Massive Facial Recognition Database. “When Mark Zuckerberg appeared before the House Energy and Commerce Committee last week in the aftermath of the Cambridge Analytica revelations, he tried to describe the difference between ‘surveillance and what we do.’ … But not a single member of the committee pushed the billionaire CEO about surveillance companies who exploit the data on Facebook for profit. Forbes has uncovered one case that might shock them: over the last five years a secretive surveillance company founded by a former Israeli intelligence officer has been quietly building a massive facial recognition database consisting of faces acquired from the giant social network, YouTube and countless other websites. Privacy activists are suitably alarmed.”

CNET: Here’s how Facebook collects your data when you’re logged out

CNET: Here’s how Facebook collects your data when you’re logged out. “When Facebook CEO Mark Zuckerberg testified before Congress last week, he was asked about the information the social network collects on users — even if they aren’t signed into Facebook. Zuckerberg began to explain a few of the basics, but eventually said his team would follow up with more information later. On Monday, the company went into more depth about how it tracks you around the internet.”

New York Times: The Personal Data of 346,000 People, Hung on a Museum Wall

New York Times: The Personal Data of 346,000 People, Hung on a Museum Wall. “Deng Yufeng wanted to create art that prods people to question their lack of data privacy. What better way, he reasoned, than to buy the personal information of more than 300,000 Chinese people off the internet and display it in a public exhibition? The police did not appreciate the irony.”

New York Times: I Downloaded the Information That Facebook Has on Me. Yikes.

New York Times: I Downloaded the Information That Facebook Has on Me. Yikes.. “When I downloaded a copy of my Facebook data last week, I didn’t expect to see much. My profile is sparse, I rarely post anything on the site, and I seldom click on ads. (I’m what some call a Facebook ‘lurker.’) But when I opened my file, it was like opening Pandora’s box.”

Krebs on Security: Panerabread.com Leaks Millions of Customer Records

Krebs on Security: Panerabread.com Leaks Millions of Customer Records. “Panerabread.com, the Web site for the American chain of bakery-cafe fast casual restaurants by the same name, leaked millions of customer records — including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number — for at least eight months before it was yanked offline earlier today, KrebsOnSecurity has learned.”