MIT News: A faster way to preserve privacy online

MIT News: A faster way to preserve privacy online. “MIT researchers have now developed a scheme for private information retrieval that is about 30 times faster than other comparable methods. Their technique enables a user to search an online database without revealing their query to the server. Moreover, it is driven by a simple algorithm that would be easier to implement than the more complicated approaches from previous work.”

TechCrunch: Twitter alternative Hive shuts down its app to fix critical security issues

TechCrunch: Twitter alternative Hive shuts down its app to fix critical security issues. “The team at the newly popular Twitter alternative Hive is in over its head. The company has now taken the fairly radical step of fully shutting down its servers for a couple of days in response to concerns raised by security researchers who discovered a number of critical vulnerabilities on Hive, several of which they say remain unfixed.”

New Yorker: A Hacked Newsroom Brings a Spyware Maker to U.S. Court

New Yorker: A Hacked Newsroom Brings a Spyware Maker to U.S. Court. “[Roman] Gressier is one of at least thirty-five journalists and civil-society members hacked with Pegasus in El Salvador between July, 2020, and November, 2021, according to the analysis by Citizen Lab, which was verified by Amnesty International. The hacking campaign comprised at least two hundred and sixty Pegasus attacks.”

Bleeping Computer: 5.4 million Twitter users’ stolen data leaked online — more shared privately

Bleeping Computer: 5.4 million Twitter users’ stolen data leaked online — more shared privately. “Over 5.4 million Twitter user records containing non-public information stolen using an API vulnerability fixed in January have been shared for free on a hacker forum. Another massive, potentially more significant, data dump of millions of Twitter records has also been disclosed by a security researcher, demonstrating how widely abused this bug was by threat actors.”

The Verge: Tax filing websites have been sending users’ financial information to Facebook

The Verge: Tax filing websites have been sending users’ financial information to Facebook. “The data, sent through widely used code called the Meta Pixel, includes not only information like names and email addresses but often even more detailed information, including data on users’ income, filing status, refund amounts, and dependents’ college scholarship amounts.”

Q&A: UW researchers find privacy risks with 3D tours on real estate websites (University of Washington)

University of Washington: Q&A: UW researchers find privacy risks with 3D tours on real estate websites. “The team examined 44 3D tours on a real estate website. Each tour was for a home in a different state and had at least one personal detail — such as a letter, a college diploma or photos — visible. The researchers concluded that the details left in these tours could expose residents to a variety of threats, including phishing attacks or credit card fraud.”

Electronic Frontier Foundation: EFF’s Atlas of Surveillance Database Now Documents 10,000+ Police Tech Programs

Electronic Frontier Foundation: EFF’s Atlas of Surveillance Database Now Documents 10,000+ Police Tech Programs. “With this project, we are creating a searchable and mappable repository of which law enforcement agencies in the U.S. use surveillance technologies such as body-worn cameras, drones, automated license plate readers, and face recognition…. The Atlas of Surveillance has now hit 10,000 data points. It contains at least partial data on approximately 5,500 law enforcement agencies in all 50 states, as well as most territories and districts.”

NBC News: This TikToker is ‘consensually doxxing’ people to teach them about social media privacy

NBC News: This TikToker is ‘consensually doxxing’ people to teach them about social media privacy. “Many users go to great lengths to secure their social media accounts — but one TikTok creator is showing people that their profiles aren’t as private as they seem. Kristen Sotakoun, 32, is behind a viral TikTok series devoted to ‘consensual doxxing,’ in which she reveals the birthdates of people in her comments section.”

Wall Street Journal: Meta Employees, Security Guards Fired for Hijacking User Accounts

Wall Street Journal: Meta Employees, Security Guards Fired for Hijacking User Accounts. “Meta Platforms Inc. has fired or disciplined more than two dozen employees and contractors over the last year whom it accused of improperly taking over user accounts, in some cases allegedly for bribes, according to people familiar with the matter and documents viewed by The Wall Street Journal.”

Stuff New Zealand: Online access to Archives’ records removed after potential privacy breach

Stuff New Zealand: Online access to Archives’ records removed after potential privacy breach. “Archives New Zealand has indefinitely removed access to its widely used online search system for its collections after restricted records containing private information became publicly visible. Now the only way people can access Archives’ collections is by going into physical Archives offices and requesting physical copies of records.”

T-Mobile’s $350 Million Cyberhacking Settlement: How to Claim Your Share (CNET)

CNET: T-Mobile’s $350 Million Cyberhacking Settlement: How to Claim Your Share. “After millions of T-Mobile customers’ personal information was exposed in a massive 2021 cyberattack, the telecom giant agreed this summer to a $350 million settlement to resolve a class action lawsuit. Now a website has launched to let current and past T-Mobile customers file a claim for their share of the payout.”

SiliconANGLE: Thomson Reuters exposes 3TB+ of sensitive data on unsecured ElasticSearch database

SiliconANGLE: Thomson Reuters exposes 3TB+ of sensitive data on unsecured ElasticSearch database. “Discovered by researchers at Cybernews and announced today, the data was found on public-facing ElasticSearch databases. The content of the databases, which surprisingly also included plaintext passwords to third-party servers, primarily consisted of logging data collected through user-client interactions. The data collected includes documents with corporate and legal information about specific businesses and individuals.”