CNBC: Twitter says security flaw may have exposed Android users’ direct messages. “Twitter on Wednesday disclosed a new security vulnerability that may have exposed the direct messages of users who access the service using Android devices. Specifically, the vulnerability could have exposed the private data of Twitter users running devices with Android OS versions 8 and 9, the company said.”
privacy
CyberSocial: A right-wing social network reported a potential breach. Then it went dark. What happened at AllSocial?
CyberScoop: A right-wing social network reported a potential breach. Then it went dark. What happened at AllSocial?. “AllSocial was an emerging social media network that garnered more than a million users, in part by alluding to the unfounded claim that existing sites like Facebook and Twitter censor conservative political thought. AllSocial users could connect with new friends with the understanding the site would never limit how far a user’s posts would spread based on their politics, an apparent reference to allegations that Republicans repeatedly have made against Facebook and Twitter…. The site and its two mobile apps have been down for more than a month, though, after the revelation that an outsider had claimed to access AllSocial’s proprietary source code.”
OneZero: The Era of DNA Database Hacks Is Here
OneZero: The Era of DNA Database Hacks Is Here. “On the morning of July 19, hackers accessed the online DNA database GEDmatch and temporarily allowed police to search the profiles of more than 1 million users that were previously not accessible to law enforcement. GEDmatch is a genealogy tool that allows users to upload their DNA profiles generated from genetic testing services like 23andMe, Ancestry, and MyHeritage and search for relatives. It took three hours until GEDmatch became aware of the breach and pulled the site offline completely. Users have to give permission for their profiles to be included in police searches, but the breach overrode privacy settings and made user profiles on the site visible to all other users, including law enforcement officials who use the site.”
CNET: How to improve your privacy in Chrome, Safari, Firefox, Edge and Brave
CNET: How to improve your privacy in Chrome, Safari, Firefox, Edge and Brave. “Privacy is now a priority among browser makers, but they may not go as far as you want in fighting pervasive ad industry trackers on the web. Here’s a look at how you can crank up your privacy settings to outsmart that online tracking.”
Business Insider: Twitter could be facing an FTC fine of up to $250 million over allegations that it violated an agreement over user data privacy
Business Insider: Twitter could be facing an FTC fine of up to $250 million over allegations that it violated an agreement over user data privacy. “Twitter disclosed in a regulatory filing Monday that it is under investigation by the Federal Trade Commission related to allegations that it violated a 2011 consent agreement — and that it’s expecting a ‘probable loss’ of somewhere between $150 million and $250 million.”
BetaNews: Ancestry. com claims no harm from security vulnerability in Family Tree Maker
BetaNews: Ancestry.com claims no harm from security vulnerability in Family Tree Maker. “If you’re at all familiar with genealogy then you’ll likely know both Ancestry and Family Tree Maker — they an integral part of the pastime. Unfortunately, independent review site WizCase recently discovered an open and unencrypted ElasticSearch server that belonged to Software MacKiev, the owners of Family Tree Maker. The leak exposed thousands of records including email addresses, user locations, and other sensitive personal information. FTM was owned by Ancestry.com until 2016 when Software MacKiev took it over, and the software is still used to upload databases to the Ancestry online trees.”
CPO Magazine: Illinois Class Action Lawsuit Alleges Facial Recognition Databases Violate Biometric Privacy Law, Could Cost Tech Giants $5,000 Per Incident
CPO Magazine: Illinois Class Action Lawsuit Alleges Facial Recognition Databases Violate Biometric Privacy Law, Could Cost Tech Giants $5,000 Per Incident. “The Illinois Biometric Information Privacy Act (BIPA) made national news recently when it drove Clearview AI out of the state, due to a pending lawsuit over the company’s scraping of social media pictures and videos for its facial recognition database. It may now be a problem for some of tech’s biggest names as well. A new biometric privacy lawsuit has emerged that names Amazon, Google parent company Alphabet and Microsoft as violators of the state law as well.”
Bleeping Computer: Startups disclose data breaches after massive 386M records leak
Bleeping Computer: Startups disclose data breaches after massive 386M records leak. “This week, BleepingComputer was the first to report that ShinyHunters, a threat actor known for data breaches, began to leak the stolen databases of eighteen web sites for free on a hacker forum. Most of the companies targeted by these attacks appear to be startups, with the full list of the 18 data breaches and their updated disclosure status are listed below.”
Wired: How to stop Facebook from tracking everything you do (sort of)
Wired: How to stop Facebook from tracking everything you do (sort of). “The most complete understanding of what Facebook can and can’t do with your data comes from the company’s privacy policy. However, including all subheadings, caveats and links, that’s 4,500 words long and probably not light reading for everyone. So instead, here’s our take on the most important parts of Facebook’s tracking operation, why it collects this data and what you can do about it.”
Special Report: Rite Aid deployed facial recognition systems in hundreds of U.S. stores (WTVB)
WTVB: Special Report: Rite Aid deployed facial recognition systems in hundreds of U.S. stores. “Over about eight years, the American drugstore chain Rite Aid Corp quietly added facial recognition systems to 200 stores across the United States, in one of the largest rollouts of such technology among retailers in the country, a Reuters investigation found. In the hearts of New York and metro Los Angeles, Rite Aid deployed the technology in largely lower-income, non-white neighborhoods, according to a Reuters analysis. And for more than a year, the retailer used state-of-the-art facial recognition technology from a company with links to China and its authoritarian government.”
BetaNews: 10 billion exposed credentials and where to find them
BetaNews: 10 billion exposed credentials and where to find them. “Researchers at password manager NordPass have identified a total of 9,517 unsecured databases containing 10,463,315,645 entries with such data as emails, passwords, and phone numbers. The databases are found across 20 different countries, with China being at the top of the list — the country has nearly 4,000 exposed databases. This means that potentially more than 2.6 billion users could have had their accounts breached.”
CNET: Face masks are thwarting even the best facial recognition algorithms, study finds
CNET: Face masks are thwarting even the best facial recognition algorithms, study finds. “It turns out face masks aren’t just effective at preventing the spread of airborne diseases like COVID-19 — they’re also successful at blocking facial recognition algorithms, researchers say. In a report published Monday, the US National Institute of Standards and Technology found that face masks were thwarting even the most advanced facial recognition algorithms. Error rates varied from 5% to 50%, depending on an algorithm’s capabilities.”
Mashable: Booze delivery app Drizly hit by massive data breach affecting 2.5 million accounts
Mashable: Booze delivery app Drizly hit by massive data breach affecting 2.5 million accounts. “Alcohol delivery app Drizly has been hit with a huge data breach, revealing customers’ email addresses, birthdays, encrypted passwords, and even delivery addresses. You’d hope hackers would at least have the decency to leave our liquor alone amidst this incredibly trying pandemic, but apparently nothing is sacred.”
InfoSecurity Magazine: Cosmetics Giant Avon Leaks 19 Million Records
InfoSecurity Magazine: Cosmetics Giant Avon Leaks 19 Million Records. “A misconfigured cloud server at global cosmetics brand Avon was recently discovered leaking 19 million records including personal information and technical logs. Researchers at SafetyDetectives led by Anurag Sen told Infosecurity that they found the Elasticsearch database on an Azure server publicly exposed with no password protection or encryption.”
TechCrunch: New York legislature votes to halt facial recognition tech in schools for two years
TechCrunch: New York legislature votes to halt facial recognition tech in schools for two years. “The state of New York voted this week to pause for two years any implementation of facial recognition technology in schools. The moratorium, approved by the New York Assembly and Senate Wednesday, comes after an upstate school district adopted the technology earlier this year, prompting a lawsuit in June from the New York Civil Liberties Union on behalf of parents. If New York Governor Andrew Cuomo signs the legislation into law, the moratorium would freeze the use of any facial recognition in school systems in the state until July 1, 2022.”
