fbpx

Download free GDPR compliance checklist!

Tag Archives for " cybersecurity "

Facebook Had Years to Fix the Flaw That Leaked 500M Users’ Data

The profile names, email addresses, and phone numbers of over 500 million Facebook users have been circulating publicly online for nearly a week. It took days for Facebook to finally acknowledge the root cause, an issue the company says it fixed in 2019. But now researchers are saying Facebook knew about similar vulnerabilities for years before that, and it could have made a far greater effort to prevent the mass scraping in the first place.

At issue is Facebook’s “content importer,” a feature that combs a user’s address book to find people they know who also use Facebook. Many social networks and communication apps offer some version of this as a sort of social lubricant. But Facebook’s contact import tool in particular has had a number of known problems, and supposed fixes, over the years.

Source: Facebook Had Years to Fix the Flaw That Leaked 500M Users’ Data | WIRED

Government puts Facebook under pressure to stop end-to-end encryption over child abuse risks

Home secretary Priti Patel uses a conference organised by the National Society for the Prevention of Cruelty to Children (NSPCC) to warn that end-to-end encryption will severely erode the ability of tech companies to police illegal content, including child abuse and terrorism.

The Home Office estimates that 12 million reports of potential child abuse could be lost if Facebook introduces end-to-end encryption on Facebook Messenger and Instagram, significantly increasing the risk of child exploitation or other serious harm.

End-to-end encryption is widely used by internet messaging services such as Signal, Telegram, email services including Protonmail and mailbox.org, and Facebook’s own WhatsApp messaging service, to protect the privacy of personal data and messages.

Source: Government puts Facebook under pressure to stop end-to-end encryption over child abuse risks

EU says ‘no major breach detected so far’ following significant cyber attack

The European Commission and other European Union (EU) institutions have been hit by a cyber attack significant enough for senior officials to be alerted.

A forensic analysis of last week’s security incident in the IT infrastructure of a number of EU bodies is in its initial phase and it is too early to give any conclusive information about the attack, a European Commission spokesperson said.

The commission has also set up a round-the-clock monitoring service and is taking active mitigating measures.

Source: EU says ‘no major breach detected so far’ following significant cyber attack | News | GRC World Forums

Clubhouse Data Leak – 1.3M SQL Database Leaked Online

An SQL database containing 1.3 million Clubhouse user records has been leaked for free on a popular hacker forum.

Clubhouse has issued a statement about the incident on social media, saying they have not experienced a breach of their systems. The company said that the data is already publicly available and that it can be accessed by “anyone” via their API.

In addition to sparking a heated debate under the company’s statement on Twitter, this raises some questions about the privacy stance of the company: allowing everyone to gather and download even public profile information on a mass scale can have severe negative consequences for user privacy.

Source: Clubhouse Data Leak – 1.3M SQL Database Leaked Online | CyberNews

Irish DPC probes whether Facebook data leak falls under GDPR time frame

The Irish Data Protection Commission (DPC) is probing whether any of the data records of 533 million Facebook users published over the weekend were leaked after the implementation of the General Data Protection Regulation (GDPR).

A dataset, appearing to be sourced from Facebook, appeared on a hacking website containing records of 533 million individuals, including phone numbers and email addresses. The DPC said a significant number of users were European Union residents and much of the data appears to have been scraped from Facebook profiles.

These leaks were before the implementation of GDPR in May 2018 and therefore Facebook did not notify the DPC. However, the DPC is saying that there also “additional records” in the newly published dataset “which may be from a later period” and therefore under the scope of GDPR.

Source: Irish DPC probes whether Facebook data leak falls under GDPR time frame | News | GRC World Forums

Fake Netflix app hijacked WhatsApp messages to spread malware on Android phones

A fraudulent Netflix app which took control of users’ WhatsApp accounts has been spreading on Google’s Play Store.

The “FlixOnline” app claimed that it would let users access Netflix content from multiple regions on their phones.

Instead, it monitored the users’ WhatsApp notifications, sending automatically replies to the users messages telling them to sign up for FlixOnline.

Source: Fake Netflix app hijacked WhatsApp messages to spread malware on Android phones | The Independent

Chinese Hackers Selling Intimate Stolen Camera Footage

Stolen videos captured by tens of thousands of security cameras at private properties throughout China are now for sale across social media, marketed as sex tapes.

In just one 20-day period in February, the Post reported that one seller shared 8,000 videos in one group chat. The members of this chat group were VIPs, the Post added, who would then turn around and sell those videos to others.

Source: Chinese Hackers Selling Intimate Stolen Camera Footage | Threatpost

After A Major Hack, U.S. Looks To Fix A Cyber ‘Blind Spot’

The National Security Agency considers itself the world’s most formidable cyber power, with an army of computer warriors who constantly scan the wired world. Yet by law, the NSA only collects intelligence abroad, and not inside the U.S.

U.S. rivals like Russia are aware of this blind spot and know how to exploit it, as the NSA director, Army Gen. Paul Nakasone, explained recently to the Senate Armed Services Committee.

In a major breach last year, hackers widely believed to be from Russia’s foreign intelligence service, the SVR, placed malware on a software update produced by the Texas company Solar Winds.

No one had reason to be suspicious, or the legal authority to monitor, as that software update was sent out electronically from SolarWinds to 18,000 organizations, including nine U.S. government agencies.

Source: After A Major Hack, U.S. Looks To Fix A Cyber ‘Blind Spot’ : NPR

Data on 533 million Facebook users leaked on hacking forum

A threat actor has published the phone numbers and account details for an estimated 533 million Facebook users —about a fifth of the entire social network’s user pool— on a publicly accessible cybercrime forum.

The leaked data includes information that users posted on their profiles. Information leaked today includes Facebook ID numbers, profile names, email addresses, location information, gender details, job data, and anything else users might have entered in their profiles.

Furthermore, the database also contains phone numbers for all users, information that is not always public for most profiles.

Source: Phone numbers for 533 million Facebook users leaked on hacking forum | The Record by Recorded Future

UK may force Facebook services to allow backdoor police access

UK Ministers are considering forcing Facebook to implement a backdoor to allow security agencies and police to read the contents of messages sent across its Messenger, WhatsApp and Instagram chat services.

“End-to-end encryption poses an unacceptable risk to user safety and society. It would prevent any access to messaging content and severely erode tech companies’ ability to tackle the most serious illegal content on their own platforms, including child abuse and terrorism,” they said.

Source: UK may force Facebook services to allow backdoor police access | Technology | The Guardian

1 2 3 133
>