Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label User Privacy. Show all posts
User Privacy
Data Facebook Meta Social Media Technology User Privacy

Want to Leave Facebook? Do this.

Want to Leave Facebook? Do this.

Confused about leaving Facebook?

Many people are changing their social media habits and opting out of many services. Facebook has witnessed a large exodus of users deserting the platform after the announcement in March that Meta was terminating the independent fact-checking on its platform. However, fact-checking has been replaced with community notes, letting users make changes to potentially false/misleading information. 

Users having years of photos and posts on Facebook are confused about how to collect their data before removing their accounts. If you also feel the same problem, this post will help you delete Facebook permanently, while taking all your information on the way out. 

How to remove Facebook?

For users who do not want to be on Facebook anymore, deleting their account is the only way to completely remove yourself from the platform. If you are not sure, deactivating your account allows you to have some life off of Facebook without account deletion. 

Make sure to remove third-party Facebook logins before deleting your account. 

How to leave third-party apps?

Third-party apps like DoorDash and Spotify allow you to log in using your Facebook account. This lets you log in without remembering another password, but if you’re planning on deleting Facebook, you have to update your login settings. That is because if you delete your account, there will not be another Facebook account for the user to log in through. 

Fortunately, there is another simple way to find which of your sites and applications are connected to Facebook and delete them before removing your account. Once you disconnect from other websites and applications from Facebook, you will need to adjust how you login to them. 

Users should try specific applications and websites to set new passwords or passkeys or log in via a single-service sign-on option, such as Google. 

How is deactivating different than deactivating a Facebook account?

If you want to stay away from Facebook, you have two choices. Either delete your account permanently, or you can disable it temporarily to deactivate it. 

Read more »
User Privacy
Adidas Data Breach Data Leak Third-party breach User Privacy

Adidas Confirms Data Leak After User Service Provider Hack

 

Adidas confirmed that a third-party customer service provider's vulnerability allowed a threat actor to steal company data. 

Contact details of customers who have previously dealt with the Adidas customer service help desk are among the impacted data. However, passwords, credit cards, and other financial or payment information are not included.

"Adidas is in the process of informing potentially affected consumers as well as appropriate data protection and law enforcement authorities consistent with applicable law," the company explained in a notification on its website. 

It has subsequently initiated an investigation to gather facts about a breach and is working with information security professionals. Adidas did not reveal the name of its third-party customer support provider. It also remains unknown who carried out the strike. 

"This incident underscores a critical truth: third-party breaches swiftly become your organization's breaches, which highlights the necessity of robust oversight mechanisms," noted Fletcher Davis, senior security research manager at BeyondTrust. "Mandating security assessments, multifactor authentication, and zero-trust architecture for all vendor access, while deploying real-time identity infrastructure monitoring to cut response times to minutes, as opposed to days.” 

Adidas is not the first well-known brand to have experienced data leaks or cyberattacks in recent years. Recent ransomware attacks have targeted the Co-op Group, Marks & Spencer, and the luxury shop Harrods. Marks & Spencer reported that its customers' personal information was stolen during the incident, and that retail operations had been affected.

Scattered Spider was possibly responsible for the attack, unleashing DragonForce ransomware against the UK retailer, forcing Marks & Spencer to estimate a $400 million hit on earnings.

Establishing strong defense 

Forward-thinking merchants are implementing new techniques to mitigate third-party risk. Consider the following best practices: 

Zero trust approach: Treat every provider as a potential risk and restrict data access to what is absolutely essential. 

Incident simulation: Conduct regular exercises that simulate third-party breaches and test your response procedures. 

Continuous vendor assessment: Use automated systems to track vendor security status all year, not just during annual audits. 

The Adidas breach was not an isolated incident. It is a warning to the entire retail sector. As hackers become more adept, businesses must consider third-party risk as a key priority rather than just a compliance concern.
Read more »
User Privacy
Cyber Attacks MathWorks MATLAB Ransomware attack User Privacy

MathWorks Hit by Ransomware Attack Affecting Over 5 Million Clients

 

The renowned MATLAB programming language and numeric computing environment's developer has reported a ransomware attack on its IT systems. 

MathWorks, based in Massachusetts, sent an update to users after initially reporting issues on May 18, stating that the company had been hit by a ransomware attack that shut down online services and internal systems used by employees. 

“We have notified federal law enforcement of this matter,” the company noted. “We have brought many of these systems back online and are continuing to bring other systems back online with the assistance of cybersecurity experts.” 

MathWorks has millions of users, including engineers and scientists who use MATLAB for data analysis, calculation, and other purposes. MATLAB and other MathWorks products are utilised by nearly 6,500 colleges and universities, according to the company.

The firm has 6,500 employees and over 30 offices in Europe, Asia, and North America. This issue affected several MATLAB services as well as parts of the MathWorks website, such as the job page, cloud centre, store, and file exchange. MATLAB Online and MATLAB Mobile were restored on Friday.

MathWorks stated in a Tuesday update that the issue was still being investigated. Several pages on the MathWorks website are still offline. The firm did not immediately respond to a request for comment. 

Verizon's comprehensive data breach report released last month revealed that ransomware was utilised in nearly half of the 12,195 confirmed data breaches in 2024. The researchers discovered that 64% of ransomware victims did not pay the ransoms, up from 50% two years ago, and the typical amount paid to ransomware groups has dropped to $115,000 (down from $150,000 last year). 

“This could be partially responsible for the declining ransom amounts. Ransomware is also disproportionately affecting small organizations,” the researchers noted. “In larger organizations, ransomware is a component of 39% of breaches, while small and medium-sized businesses experienced ransomware-related breaches to the tune of 88% overall.” 

The number of large ransoms paid has also reduced, with Verizon estimating that 95% of ransoms paid will be less than $3 million by 2024. That value is a significant increase above the $9.9 million recorded in 2023.
Read more »
Vietnam
Data Leak Illicit Activity Mobile Security Telegram User Privacy Vietnam

Vietnam Blocks Telegram Messaging App

 

Vietnam's technology ministry has ordered telecommunications service providers to ban the messaging app Telegram for failing to cooperate in the investigation of alleged crimes committed by its users, a move Telegram described as shocking.

In a document dated May 21 and signed by the deputy head of the telecom department at the technology ministry, telecommunications firms were asked to start steps to block Telegram and report back to the ministry by June 2. 

In the document seen by Reuters, the ministry was acting on behalf of the nation's cybersecurity department after police revealed that 68% of Vietnam's 9,600 Telegram channels and groups were breaking the law. They cited drug trafficking, fraud, and "cases suspected of being related to terrorism" as some of the illicit activities conducted through the app. 

According to the document, the ministry requested that telecom companies "deploy solutions and measures to prevent Telegram's activities in Vietnam.” Following the release of the Reuters piece, the government announced the measures against Telegram on its website. 

"Telegram is surprised by those statements. We have responded to legal requests from Vietnam on time. This morning, we received a formal notice from the Authority of Communications regarding a standard service notification procedure required under new telecom regulations. The deadline for the response is May 27, and we are processing the request," the Telegram representative noted. 

According to a technology ministry official, the move was prompted by Telegram's failure to share customer information with the government when requested as part of criminal investigations.

The Vietnamese police and official media have regularly cautioned citizens about potential crimes, frauds, and data breaches on Telegram channels and groups. Telegram, which competes globally with major social networking apps such as Facebook's (META.O), WhatsApp and WeChat, remain available in Vietnam on Friday. 

Vietnam's ruling Communist Party maintains strict media censorship and tolerates minimal opposition. The country has regularly asked firms such as Facebook, Google (GOOGL.O), YouTube, and TikTok to work with authorities to remove "toxic" data, which includes offensive, misleading, and anti-state content. 

According to the document, Telegram has been accused of failing to comply with regulations requiring social media platforms to monitor, remove, and restrict illegal content. "Many groups with tens of thousands of participants were created by opposition and reactionary subjects spreading anti-government documents" based on police information. 

The free-to-use site, which has about 1 billion users globally, has been embroiled in scandals over security and data breaches, particularly in France, where its founder, Pavel Durov, was temporarily detained last year.
Read more »
zero-click
Mobile Security Spyware Threat Intelligence User Privacy Whatsapp Leak zero-click

Here's How to Safeguard Your Smartphone Against Zero-Click Attacks

 

Spyware tools have been discovered on the phones of politicians, journalists, and activists on numerous occasions over the past decade. This has prompted worries regarding the lack of protections in the tech industry and an unprecedented expansion of spyware technologies. 

Meta's WhatsApp recently stated that it has detected a hacking campaign aimed at roughly ninety users, the majority of whom were journalists and civil society activists from two dozen countries. 

According to a WhatsApp representative, the attack was carried out by the Israeli spyware company Paragon Solutions, which is now controlled by the Florida-based private equity firm AE Industrial Partners. Graphite, Paragon's spyware, infiltrated WhatsApp groups by sending them a malicious PDF attachment. It can access and read messages from encrypted apps such as WhatsApp and Signal without the user's knowledge. 

What is a zero-click attack? 

A zero-click attack, such as the one on WhatsApp, compromises a device without requiring any user activity. Unlike phishing or one-click attacks, which rely on clicking a malicious link or opening an attachment, zero-click leverages a security flaw to stealthily gain complete access after the device has been infected. 

"In the case of graphite, via WhatsApp, some kind of payload, like a PDF or an image, [was sent to the victims' devices] and the underlying processes that receive and handle those packages have vulnerabilities that the attackers exploit [to] infect the phone,” Rocky Cole, co-founder of mobile threat protection company iVerify, noted.

While reports do not indicate "whether graphite can engage in privilege escalation [vulnerability] and operate outside WhatsApp or even move into the iOS kernel itself, we do know from our own detections and other work with customers, that privilege escalation via WhatsApp in order to gain kernel access is indeed possible," Cole added. 

The iVerify team believes that the malicious attacks are "potentially more widespread" than the 90 individuals who were reported to have been infected by graphite because they have discovered cases where a number of WhatsApp crashes on [mobile] devices [they're] monitoring with iVerify have seemed to be malicious in nature.

While the WhatsApp hack primarily targeted civil society activists, Cole believes mobile spyware is a rising threat to everyone since mobile exploitation is more pervasive than many people realise. Moreover, the outcome is an emerging ecosystem around mobile spyware development and an increasing number of VC-backed mobile spyware companies are under pressure to become viable organisations. This eventually increases marketing competition for spyware merchants and lowers barriers that might normally deter these attacks. 

Mitigation tips

Cole recommends users to treat their phones as computers. Just as you use best practices to safeguard traditional endpoints like laptops from exploitation and compromise, you should do the same for phones. This includes rebooting your phone on a daily basis because most of these exploits remain in memory rather than files, and rebooting your phone should theoretically wipe out the malware as well, he said. 

If you have an Apple device, you can also enable Lockdown Mode. As indicated by Cole, "lockdown mode has the effect of reducing some functionality of internet-facing applications [which can] in some ways reduce the attack surface to some degree."

Ultimately, the only way to properly safeguard oneself from zero-click capabilities is to address the underlying flaws. Cole emphasised that only Apple, Google, and app developers may do so. "So as an end user, it's critically important that when a new security patch is available, you apply it as soon as you possibly can," the researcher added.
Read more »
User Privacy
Data Breach Google Privacy Lawsuit Texas User Privacy

Google to Pay Texas $1.4 Billion For Collecting Personal Data

 

The state of Texas has declared victory after reaching a $1 billion-plus settlement from Google parent firm Alphabet over charges that it illegally tracked user activity and collected private data. 

Texas Attorney General Ken Paxton announced the state's highest sanctions to date against the tech behemoth for how it manages the data that people generate when they use Google and other Alphabet services. 

“For years, Google secretly tracked people’s movements, private searches, and even their voiceprints and facial geometry through their products and services. I fought back and won,” Paxton noted in a May 9 statement announcing the settlement.

“This $1.375 billion settlement is a major win for Texans’ privacy and tells companies that they will pay for abusing our trust. I will always protect Texans by stopping Big Tech’s attempts to make a profit by selling away our rights and freedoms.”

The dispute dates back to 2022, when the Texas Attorney General's Office filed a complaint against Google and Alphabet, saying that the firm was illegally tracking activities, including Incognito searches and geolocation. The state also claimed that Google and Alphabet acquired biometric information from consumers without their knowledge or consent. 

According to Paxton's office, the Texas settlement is by far the highest individual penalty imposed on Google for alleged user privacy violations and data collecting, with the previous high being a $341 million settlement with a coalition of 41 states in a collective action. 

The AG's office declined to explain how the funds will be used. However, the state maintains a transparency webpage that details the programs it funds through penalties. The settlement is not the first time Google has encountered regulatory issues in the Lone Star State. 

The company previously agreed to pay two separate penalties of $8 million and $700 million in response to claims that it used deceptive marketing techniques and violated anti-competitive laws. 

Texas also went after other tech behemoths, securing a $1.4 billion settlement from Facebook parent firm Meta over allegations that it misused data and misled its customers about its data gathering and retention practices. 

The punitive restrictions are not uncommon in Texas, which has a long history of favouring and protecting major firms through legislation and legal policy. Larger states, such as Texas, can also have an impact on national policy and company decisions due to their population size.
Read more »
User Privacy
beWanted Data Breach Data Leak Job Platform User Privacy

Details of 1.1 Million Job Applicants Leaked by a Major Recruitment Platform

 

While looking for a new job can be enjoyable, it is surely not fun to lose your personal information in the process. In the meantime, the Cybernews investigation team found an unprotected GCS bucket belonging to the talent pool platform beWanted that had more than 1.1 million files.

The company, which has its headquarters in Madrid, Spain, bills itself as "the largest Talent Pool ecosystem in the world." beWanted is a software-as-a-service (SaaS) company that links companies and job seekers. The business maintains offices in the UK, Germany, and Mexico. 

The exposed instance was found by the researchers in November of last year. Despite the fact that the relocation temporarily affected service availability, beWanted claims that the company secured the bucket on May 9. 

"We prioritized data security. The solution was fully implemented, and the properly secured service was restored last Friday, May 9, 2025. We have been conducting exhaustive internal testing since Friday and can confirm that the solution is definitive. Furthermore, to the best of our knowledge and following relevant investigations, no data leakage has occurred," the company stated.

The researchers claim that resumes and CVs from job seekers make up the vast majority of the files from the more than a million compromised files. The information that was leaked included details that a job seeker would normally include such as Full names and surnames, phone numbers, email addresses, home addresses, dates of birth national id numbers, nationalities, places of birth, social media links, employment history and educational background. 

The researchers believe that a data leak involving over a million files, each of which likely represents a single person, is a serious security issue for beWanted. The fact that the data has been exposed for at least six months exacerbates the situation: hostile actors continue to comb the web for unprotected instances, downloading whatever they can find.

“This exposure creates multiple attack vectors, enabling cybercriminals to engage in identity theft, where personal information can be used to create synthetic identities or fraudulent accounts,” researchers added. 

Malicious actors can also use leaked information to create highly personalised and credible-looking phishing attempts, which could result in unauthorised access to financial accounts, passwords, or other sensitive data. 

Furthermore, the leaked information highlighted that the problem has worldwide implications. The leaked national ID numbers, for example, are from Spanish, Argentine, Guatemalan, Honduran, and other residents.
Read more »
User Privacy
Data Breach Data Leak IT Infrastructure Kelly Benefits User Privacy

Kelly Benefits Data Leak Affects 260,000 People

 

A Maryland-based outsourced benefits and payroll manager is notifying nine large customers and nearly 264,000 individuals that their private and sensitive data may have been compromised in a December hack. The number of impacted people has increased by eight-fold since Kelly & Associates Insurance Group, also known as Kelly Benefits, published an estimate of the hack's scope earlier this month. 

The company's current total of 263,893 affected persons is far higher than the 32,234 initially reported on April 9 to state regulators and the US Department of Health and Human Services as a HIPAA breach. 

The benefits company announced that it is sending breach notices to impacted individuals on behalf of nine clients: Amergis, Beam Benefits, Beltway Companies, CareFirst BlueCross BlueShield, Guardian Life Insurance Co., Intercon Truck of Baltimore, Publishers Circulation Fulfilment, Quantum Real Estate Management, and Transforming Lives. 

Kelly Benefits declined to comment, citing "the sensitive nature of the incident and subsequent investigation.” An investigation following the incident revealed that unauthorised access to the company's IT infrastructure occurred between December 12 and December 17, 2024. The company claimed that throughout that period, the attackers copied and stole specific files.

"Kelly Benefits then began a time-intensive and detailed review of all files affected by this event to determine what information was present in the impacted files and to whom it related," the company noted. It analysed internal records to match the individual with the relevant client or carrier. 

Individuals' information compromised in the event varies, but it could include their name, Social Security number, date of birth, medical information, health insurance information, or financial account information.

Kelly Benefits informed the FBI about the incident. This company stated that it is still reviewing its security policies, procedures, and technologies. At the time of writing, at least one proposed federal class action lawsuit against Kelly Benefits was filed in connection with the hacking incident. The lawsuit claims Kelly Benefits was negligent in failing to safeguard sensitive personally identifying information from unauthorised access.

"Even with several months of credit monitoring services, the risk of identity theft and unauthorized use of plaintiff's and class members' PII is still substantially high. Cybercriminals need not harvest a person's Social Security number or financial account information in order to commit identity fraud or misuse plaintiffs and the class's PII," the lawsuit notes. "Cybercriminals can cross-reference the data stolen from the data breach and combine with other sources to create 'Fullz' packages, which can then be used to commit fraudulent account activity on plaintiff and the class's financial accounts."
Read more »
Subscribe to: Posts (Atom)