Search This Blog

Showing posts with label Privacy Policy. Show all posts

Microsoft Reveals 65,000 Companies' Data Breach

 

In response to a security breach that left an endpoint freely available over the internet without any authentication, Microsoft this week acknowledged that it unintentionally exposed data related to customers.

The IT giant was contacted on September 24, 2022, when the cybersecurity intelligence company SOCRadar identified the data leak.

2.4 TB of privileged data, such as names, phone numbers, email addresses, company names, and connected files containing information like proof-of-concept documents, sales data, and product orders, may have been exposed due to a compromised Azure Blob Storage, according to SOCRadar, which claims to have informed Microsoft upon its findings.

Microsoft highlighted that there was no security flaw to blame for the B2B leak, which was "generated by an unintended misconfiguration on an endpoint that is not used across the Microsoft ecosystem." However, Microsoft has contested the scope of the problem, claiming that the information in question included names, email addresses, email content, company names, contact numbers, and attached files pertaining to transactions between such a user and Microsoft or an authorized Microsoft partner.

Organizations can find out if their data were exposed thanks to a website called BlueBleed that SOCRadata set up. "According to our study, the leak, known as BlueBleed Part I, contains crucial data that belongs to more than 65,000 companies from 111 countries. So far, the leaks have exposed 548,000 individuals, 133,000 projects, and more than 335,000 emails," as per the SOCRadar researchers. 

Additionally, Redmond highlighted its dissatisfaction with SOCRadar's choice to make a public search function available, claiming that doing so exposes users to unnecessarily high-security risks.

In a follow-up post published on Thursday, SOCRadar compared the BlueBleed search engine to the 'Have I Been Pwned' data breach notification tool, presenting it as a way for businesses to determine whether their data had been compromised in a cloud data leak.

The research company maintains that it did not violate any privacy policies while conducting its investigation and that none of the data it found were saved on its end. According to SOCRadar's VP of Research and CISO Ensar Eker, "No data was downloaded, Some of the data were crawled by our engine, but as we promised to Microsoft, no data has been given so far. All this crawled data was erased from our servers."

Microsoft has not yet made any specific figures concerning the data breach available to the public.


WhatsApp's New Privacy Policy: A Quick Look

 



With the advent of its latest privacy policy, the Facebook-owned messaging app is all set to block certain features if the users won't agree to the new privacy policy.

The update that was initially set to be rolled out by February 8 – making new privacy regulations applicable for all its users, got delayed till May 15 as WhatsApp faced strong contempt from the public, which allowed its competitors namely Telegram and Signal to solidify their repute with the public.

Earlier, as per the ultimatum given by WhatsApp: if the users do not accept the updated privacy policy on May 15, they won't be able to use the app. However, later on, it was said that no accounts will be deleted in case the aforementioned does not happen. 

Giving insights into the new Privacy Policy, a WhatsApp spokesperson said, “Requiring messaging apps to “trace” chats is the equivalent of asking us to keep a fingerprint of every single message sent on WhatsApp, which would break end-to-end encryption and fundamentally undermines people’s right to privacy.”

“We have consistently joined civil society and experts around the world in opposing requirements that would violate the privacy of our users. In the meantime, we will also continue to engage with the Government of India on practical solutions aimed at keeping people safe, including responding to valid legal requests for the information available to us,” the Spokesperson added.

WhatsApp told that it is not imposing its new policy on the users and that they are free to not do so. However, it might involve users deleting their WhatsApp account on their own as the other option than to accept the 2021 update, because they won't be able to access their chat lists or call their contacts via WhatsApp. 

As per WhatsApp's statements, we can deduce that whenever users will access the app, they will be constantly reminded to accept the updated privacy policy to access all its features – eventually making the platform more or less unserviceable to them. 

The users who do accept the updated privacy policy won't witness any key changes in their experience, however, those who continue to have the app installed on their device without accepting the new policy might eventually end up saying goodbye to the app due to its limited serviceability or “inactivity”. 




Signal Taunts WhatsApp as Confusion Looms Large Over its New Privacy Policy

 

WhatsApp will take action against users who have not approved the privacy policy though it will not delete users' accounts instead it will disable certain essential features, as per the announcement. Users are still skeptical about adopting the privacy policy because there isn't enough clarity about what it really means. Meanwhile, Signal, a secure messaging app, has taken full advantage of the ability to draw users to its own site. 

WhatsApp announced a few days before the May 15 deadline, which was dreaded by many, that it would not remove users' accounts if they did not approve the privacy policy by that date. By posting a cheeky update on Twitter today, WhatsApp reminded users that their accounts will not be deleted.

“*checks calendar. pours coffee*. OK. Let’s do this. No, we can’t see your personal messages. No, we won’t delete your account. Yes, you can accept at any time,” WhatsApp wrote on Twitter. 

Signal which is an arch competitor of WhatsApp retweeted the post and wrote, “*checks calendar. pours coffee.* Today’s a great day to switch to privacy.” 

After the announcement of its revised privacy policy, WhatsApp has been bombarded with complaints from users. Users were first notified about it in January with an in-app update, with a deadline of February 8 to approve the privacy policy. 

However, users were outraged by the lack of clarification, and the majority of them moved to other messaging apps such as Signal and Telegram. Users thought WhatsApp would share users' private conversations with Facebook, forcing the company to push back the launch date to May 15. 

The terms and conditions, however, have now been modified. WhatsApp had previously issued users an ultimatum to accept the privacy policy in order to continue using the app, but it has now confirmed that the account would not be deleted. Though WhatsApp may not delete the account, it will deactivate certain features and transform the app into a dummy app. 

WhatsApp told The Guardian in a statement, “After a few weeks of limited functionality, you won’t be able to receive incoming calls or notifications and WhatsApp will stop sending messages and calls to your phone. At that point, users will have to choose: either they accept the new terms, or they are in effect prevented from using WhatsApp at all.”