Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Disney. Show all posts
Personal Data
Children's Data Cyber Security Data collection Data Consent data security Disney fine settlement FTC Online Privacy Personal Data

Disney to Pay $10 Million Fine in FTC Settlement Over Child Data Collection on YouTube

 

Disney has agreed to pay millions of dollars in penalties to resolve allegations brought by the Federal Trade Commission (FTC) that it unlawfully collected personal data from young viewers on YouTube without securing parental consent. Federal law under the Children’s Online Privacy Protection Act (COPPA) requires parental approval before companies can gather data from children under the age of 13. 

The case, filed by the U.S. Department of Justice on behalf of the FTC, accused Disney Worldwide Services Inc. and Disney Entertainment Operations LLC of failing to comply with COPPA by not properly labeling Disney videos on YouTube as “Made for Kids.” This mislabeling allegedly allowed the company to collect children’s data for targeted advertising purposes. 

“This case highlights the FTC’s commitment to upholding COPPA, which ensures that parents, not corporations, control how their children’s personal information is used online,” said FTC Chair Andrew N. Ferguson in a statement. 

As part of the settlement, Disney will pay a $10 million civil penalty and implement stricter mechanisms to notify parents and obtain consent before collecting data from underage users. The company will also be required to establish a panel to review how its YouTube content is designated. According to the FTC, these measures are intended to reshape how Disney manages child-directed content on the platform and to encourage the adoption of age verification technologies. 

The complaint explained that Disney opted to designate its content at the channel level rather than individually marking each video as “Made for Kids” or “Not Made for Kids.” This approach allegedly enabled the collection of data from child-directed videos, which YouTube then used for targeted advertising. Disney reportedly received a share of the ad revenue and, in the process, exposed children to age-inappropriate features such as autoplay.  

The FTC noted that YouTube first introduced mandatory labeling requirements for creators, including Disney, in 2019 following an earlier settlement over COPPA violations. Despite these requirements, Disney allegedly continued mislabeling its content, undermining parental safeguards. 

“The order penalizes Disney’s abuse of parental trust and sets a framework for protecting children online through mandated video review and age assurance technology,” Ferguson added. 

The settlement arrives alongside an unrelated investigation launched earlier this year by the Federal Communications Commission (FCC) into alleged hiring practices at Disney and its subsidiary ABC. While separate, the two cases add to the regulatory pressure the entertainment giant is facing. 

The Disney case underscores growing scrutiny of how major media and technology companies handle children’s privacy online, particularly as regulators push for stronger safeguards in digital environments where young audiences are most active.
Read more »
Slack
Data Breach Data Hacking data security Disney Disney data leak Disney Slack breach Hacking Group Personal Information Sensitive data Slack

Disney Data Breach Exposes Sensitive Corporate and Personal Information

 

In July, Disney experienced a significant data breach that exposed far more than initially reported, compromising a wide array of sensitive information. While early reports focused on stolen Slack messages, it has since been revealed that the breach extended deep into the company’s critical corporate files. According to sources, hackers gained access to sensitive information, including financial projections, strategic plans, sales data, and streaming forecasts. 

The breach did not stop at corporate data. Hackers also accessed personal information of Disney Cruise Line members, including passport numbers, visa statuses, contact details, and birthplaces. In addition, data related to theme park pass sales was compromised, potentially impacting thousands of visitors. This breach has raised serious concerns about the security of personal data at Disney, one of the world’s most recognized entertainment companies. 

Initially, Disney reported that over a terabyte of data was leaked, but the full extent of the breach is still under investigation. In an August address to investors, the company acknowledged the severity of the attack, prompting questions about the cybersecurity measures in place not only at Disney but also at other major corporations. The incident has highlighted the growing need for robust and effective cybersecurity strategies to protect against increasingly sophisticated cyber threats. The hacking group Nullbulge has claimed responsibility for the attack. 

In a blog post, the group boasted of gaining access to internal data on upcoming projects as well as employee details stored in Disney’s Slack system. This claim has raised further alarms about the potential exposure of sensitive company plans and employee information. When asked to comment on the specifics of the breach, Disney declined to provide details. A spokesperson stated, “We decline to comment on unverified information that has purportedly been obtained as a result of illegal activity.” 

This response underscores the complexity and evolving challenges that companies face in safeguarding sensitive information from cyber threats. As cyber threats become more sophisticated, this breach serves as a stark reminder of the vulnerabilities even within prominent organizations. It emphasizes the urgent need for businesses to strengthen their cybersecurity measures to protect both corporate and personal data from being compromised in an increasingly digital world.
Read more »
Personal Data
Azure Credential Stuffing Credentials Leak Dark Web Data Breach Disney Mozilla Mozilla Firefox Personal Data

Mozilla: Maximum Breached Accounts had Superhero and Disney Princes Names as Passwords

 

The passwords that we make for our accounts are very similar to a house key used to lock the house. The password protects the online home (account) of personal information, thus possessing an extremely strong password is just like employing a superhero in a battle of heroes and villains. 

However, according to a new blog post by Mozilla, superhero-themed passwords are progressively popping up in data breaches. Though it may sound absurd - following the research done by Mozilla using the data from haveibeenpwned.com, it was evident that most frequent passwords discovered in data breaches were created on either the names of superheroes or Disney princesses. Such obvious passwords make it easier for hackers to attack and hijack any account or system. 

While analyzing the data it was seen that 368,397 breaches included Superman, 226,327 breaches included Batman, and 160,030 breaches had Spider-Man as their passwords. Further, thousands of breaches featured Wolverine and Ironman as well. And not only this research from 2019 showed that 192,023 breached included Jasmine and 49,763 breached included Aurora as their password.

There were 484,4765 breached that had password as ‘princess’ and some Disney + accounts had password as ‘Disney’. This is one of the biggest reasons that support data breaches by hackers and boost their confidence.

With the increasing frequency of compromised account credentials on the dark web, a growing number of businesses are turning to password-less solutions. Microsoft has expanded its password-less sign-in option from Azure Active Directory (AAD) commercial clients to use Microsoft accounts on Windows 10 and Windows 11 PCs. 

Almost all of Microsoft's employees are passwordless, according to Vasu Jakkal, corporate vice president of the Microsoft Security, Compliance, Identity, and Management group.

"We use Windows Hello and biometrics. Microsoft already has 200 million passwords fewer customers across consumer and enterprise," Jakkal said. "We are going completely passwordless for Microsoft accounts. So you don't need a password at all," he further added. 

Though it's common to reuse passwords, it is highly dangerous, yet it's all too frequently because it's simple and people aren't aware of the consequences. Credential stuffing exploits take advantage of repeated passwords by automating login attempts targeting systems utilizing well-known email addresses and password pairings. One must keep changing their passwords from time to time and try to create a strong yet not so obvious password.
Read more »
Subscribe to: Posts (Atom)