Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Privacy Breach. Show all posts
Privacy Threats
Australian Data Breach Outabox Privacy Breach Privacy Threats

Privacy Breach Rocks Australian Nightlife as Facial Recognition System Compromised

 

A significant privacy breach has shaken up the club scene in Australia, as a facial recognition system deployed across multiple nightlife venues became the target of a cyberattack. Outabox, the Australian firm responsible for the technology, is facing intense scrutiny in the aftermath of the breach, sparking widespread concerns regarding personal data security in the era of advanced surveillance. 

Reports indicate that sensitive personal information, including facial images and biometric data, has been exposed, raising alarms among patrons and authorities. As regulators rush to assess the situation and ensure accountability, doubts arise about the effectiveness of existing safeguards against such breaches. 

Outabox has promised full cooperation with investigations but is under increasing pressure to address the breach's repercussions promptly and decisively. Initially introduced as a safety measure to monitor visitors' temperatures during the COVID-19 pandemic, Outabox's facial recognition kiosks evolved to include identifying individuals in self-exclusion programs for gambling, showcasing the company's innovative use of technology. 

However, recent developments have revealed a troubling scenario with the emergence of a website called "Have I Been Outaboxed." Claiming to be created by former Outabox employees based in the Philippines, the site alleges mishandling of over a million records, including facial biometrics, driver's licenses, and various personal identifiers. 

This revelation highlights serious concerns regarding Outabox's security and privacy practices, emphasizing the need for robust data protection measures and transparent communication with both employees and the public. Allegations on the "Have I Been Outaboxed" website suggest that the leaked data includes a trove of personal information such as facial recognition biometrics, driver's licenses, club memberships, addresses, and more. 

The severity of this breach is underscored by claims that extensive membership data from IGT, a major supplier of gaming machines, was also compromised, although IGT representatives have denied this assertion. This breach has triggered a robust reaction from privacy advocates and regulators, who are deeply concerned about the significant implications of exposing such extensive personal data. 

Beyond the immediate impact on affected individuals, the incident serves as a stark reminder of the ethical considerations surrounding the deployment of surveillance technologies. It underscores the delicate balance between security imperatives and the protection of individual privacy rights.
Read more »
Privacy Breach
Cyber Security Cyberattacks CyberCrime Cyberhackers Gaming Breach Online attacks Privacy Breach

Security Breach at Mr. Green Gaming: 27,000 User Data Compromises

 


Several internet forums are bombarded with headlines claiming that a “Mr Green Gaming user database has been leaked” as a serious security breach threatens the online gaming community. Significant concerns about online security and privacy have been raised due to the incident, which resulted in the personal details of 27,000 gamers being compromised. 

A well-known hacking forum recently published the data leak executed by unauthorized parties using an inactive admin account. An online gaming community, Mr. Green Gaming, whose community was founded in 2006, has recently announced a data breach has taken place. The Mr. Green Gaming company is known for hosting popular games like Multi Theft Auto: San Andreas and Garry's Mod. 

In addition to serving as a hub for gamers to connect, compete, and collaborate, it has also served as a home for gamers. As a result of circulating reports on the Dark Web, it was reported that Mr Green Gaming had gone through a data breach after their database had been compromised by threat actors, leading to the revelation of the breach. 

Several reports pointed out that sensitive information about over 27,000 users had been compromised, including information such as dates of birth, e-mail addresses, and geographical location. Mr. Green Gaming stated the breach which confirmed the incident and revealed the extent to which the breach was the case. 

As part of the statement, it was emphasized that though the hijacked account did not have access to any login credentials stored on their servers, users were advised to change their passwords as a precaution. In addition to ensuring the security of login information, the platform also utilised salting and hashing techniques for added security, so users were assured their information adhered to best practices. 

There are thousands of individuals impacted by this breach, but it also highlights the evolving threat landscape faced by online communities, which in turn undermines the privacy and security of thousands of them. There have been immediate steps taken by Mr Green Gaming to mitigate the damage as well as enhance their security procedures. 

While these efforts have been made to safeguard user data in the digital age, the incident still serves as a reminder of the need for robust cybersecurity practices and vigilant monitoring. As a result of this incident, we can gain a clearer picture of the increasing threat landscape facing the gaming industry. Cybercriminals are turning their attention to this industry to exploit vulnerabilities to steal valuable information. 

Between July 2022 and July 2023, there were over 4 million cyberattacks reported on gamers, a staggering rise in cybercrime. As a result, there has been a significant increase in cybercrime activity among mobile gaming communities and in particular, mobile games such as Roblox and Minecraft have become prime targets of cybercriminals in recent years. 

Mr. Green Gaming's breach is a disturbing example of the same trend plaguing many online gaming companies across the globe, and one that is not an isolated incident. A cybercriminal known as 'roshtosh' is purported to have sold stolen data from them on the dark web under the alias 'India', and he has allegedly been involved in two prominent online gaming platforms in India, Teenpatti.com and Mobile Premier League (MPL), since January 2024. 

In addition, the Fortnite Game website, which is a platform used to play Fortnite, experienced a momentary outage in December 2023, which left players unable to access the platform. As services have since been restored, there is still no clear answer to the cause of the outage, with speculations covering a variety of possible scenarios that range from a cyberattack to technical difficulties.

The gaming industry is in dire need of enhanced cybersecurity measures when it comes to safeguarding user data and preserving the integrity of online gaming platforms in the wake of the incidents. There is no doubt that cybersecurity is a top priority for gaming companies in the present day. They are expected to invest in proactive measures to thwart cyber threats and ensure their users' data is protected from harm in the future as the threat landscape evolves. 

When this is not done, it not only risks losing the trust of their customers but in the event of a data breach, they are exposed to legal and financial repercussions, not to mention the risk of their reputations being damaged.
Read more »
Privacy Breach
affected individuals CBS parent company Cybersecurity Incident Data Breach Online Security Paramount hack Privacy Breach

Parent Company of CBS and Paramount Discloses Cybersecurity Breach Impacting 80K Individuals

 

The parent company of CBS and Paramount, National Amusements, has recently reported a data breach that occurred a year ago, affecting 82,128 individuals. TechCrunch initially covered the incident, which was disclosed in a legal filing with the Attorney General of Maine under the state's 2005 digital privacy law. Despite the company not making public comments about the breach beyond the legal filing, it remains unclear whether the compromised data pertains to customers or exclusively employees.

According to Maine's data breach notification, the hack took place from December 13 to 15, 2022, with 82,128 people impacted, including 64 Maine residents. The notice, filed by National Amusements' senior vice president of human resources, suggests a focus on internal employee data. 

The company reportedly began notifying affected customers in writing on December 22, 2023, approximately 372 days after the breach was identified. In a letter to victims, National Amusements stated that it became aware of suspicious network activity on or about December 15, 2022, taking immediate steps to secure its network.

However, an inconsistency arises as the notice from Maine's Attorney General's office lists the "date breach discovered" as August 23, 2023. This indicates that the company may not have been aware of the intrusion until eight months after the incident, contradicting the claim of immediate action.

The legal filing mentions that hackers accessed financial information, including account and credit/debit card numbers in combination with security codes, access codes, passwords, or PINs. National Amusements has committed to providing 12 months of Experian credit monitoring and identity theft services to individuals whose social security numbers were compromised.

Engadget has reached out to National Amusements for confirmation and additional information.  

It's important to note that National Amusements, which gained a controlling stake in Paramount and CBS in 2019 through the Viacom-CBS merger, experienced a separate hack from the one disclosed by Paramount in August through Massachusetts' Attorney General's Office. The latter breach was reported to have occurred between May and June 2023.
Read more »
User Security
Automakers Car manufacturers Data Breach Data Leak Privacy Breach User Security

Automakers can Exploit Your Private Data However They Want

 

It turns out that the answer to the question of which devices have the worst user privacy policies may be waiting for you outside. The Mozilla Foundation said in a report released on Wednesday that cars are "the official worst category of products for privacy" it has ever analysed. 

The global nonprofit discovered that 84% of the reviewed automakers shared user data with third parties, giving users little (if any) control over their personal information. 

The nonprofit organisation's minimum privacy criteria were not met by any of the 25 automakers analysed for the report, including Ford, Toyota, Volkswagen, BMW, and Tesla, which was also discovered to be collecting more personal information from customers than necessary. 

The data that is gathered ranges from personal information, such as medical information, to information about how drivers use the vehicle itself, including how fast they drive, where they travel, and even what music they are listening to.

Both Nissan and Kia are known to permit the gathering of data about a user's sexual life. In comparison, Mozilla claims that 37% of mental health applications (which are also known for having bad data privacy practices) had superior practices for collecting and using private data. 

According to the report, 84 percent of the evaluated car brands share users' personal information with service providers, data brokers, and perhaps dubious companies, with 76 percent claiming the right to sell such information. 56 percent of users are willing to provide information upon request to the government and/or law enforcement. 

With flags in every privacy category, Tesla received the lowest overall brand score in the survey and did so just twice. Following a number of collisions and fatalities, Tesla's AI-powered autopilot was criticised as "untrustworthy."

In addition to the research, Mozilla also released a breakdown outlining how automakers collect and share user data. This can range from basic information like the user's name, address, phone number, and email address to more private information like images, calendar entries, and even specifics like the driver's race, genetic makeup, and immigration status.

Mozilla claims it was unable to confirm whether any of the automakers could adhere to the group's baseline security requirements for data encryption and theft protection. In fact, it claims that compared to autos, dating apps and even sex toys frequently offer more thorough security information about their products. 

“While we worried that our doorbells and watches that connect to the internet might be spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines,” stated Mozilla in the report. 

Mozilla claims to have spent more than 600 hours—three times as long per product as it typically does—researching the privacy policies of car manufacturers. The organisation claimed that because of how critical the report was, the recommendations it generally gives to assist clients protect their personal data feel like "tiny drops in a massive bucket." 

Instead, the Mozilla Foundation has launched a petition asking automakers to halt the data collecting initiatives from which they are unfairly profiting, saying that "our hope is that increasing awareness will encourage others to hold car companies accountable for their terrible privacy practises."
Read more »
US Police
AI American Civil Liberties Union Artificial Intelligence BBC Clearview Facial Recognition Privacy Privacy violation Privacy Breach US Police

Clearview: Face Recognition Software Used by US Police


Clearview, a facial recognition company has apparently conducted nearly a million searches, helping US police. Haon Ton, CEO of Clearview has revealed to BBC that the firm now has looked into as much as 30 billion images from various platforms including Facebook, taken without users’ consent. 

Millions of dollars have been fined against the corporation over and over again in Europe and Australia for privacy violations. Critics, however, argue that the police using Clearview to their aid puts everyone into a “perpetual police line-up.” 

"Whenever they have a photo of a suspect, they will compare it to your face[…]It's far too invasive," says Matthew Guariglia from the Electronic Frontier Foundation. 

The figure has not yet been clarified by the police in regard to the million searches conducted by Clearview. But, Miami Police has admitted to using this software for all types of crimes in a rare revelation to the BBC. 

How Does Clearview Works 

Clearview’s system enables a law enforcement customer to upload an image of a face, followed by looking for matches in a database of billions of images it has in store. It then provides links to where the corresponding images appear online. It is regarded as one of the world's most potent and reliable facial recognition companies. 

The firm has now been banned from providing its services to most US companies after the American Civil Liberties Union (ACLU) accused Clearview AI of violating privacy laws. However, there seems to be an exemption for police, with Mr. Ton saying that his software is used by hundreds of police forces across the US. 

Yet, the US police do not routinely reveal if they do use the software, and in fact have banned the software in several US cities like Portland, San Francisco, and Seattle. 

Police frequently portray the use of facial recognition technology to the public as being limited to serious or violent offenses. 

Moreover, in an interview with law enforcement about the efficiency of Clearview, Miami Police admitted to having used the software for all types of crime, from murders to shoplifting. Assistant Chief of Police Armando Aguilar said his team used the software around 450 times a year, and it has helped in solving murder cases. 

Yet, critics claim that there are hardly any rules governing the use of facial recognition by police.

Read more »
TOR
Privacy Privacy Breach TOR

The State Duma supported the blocking of Tor in Russia

Since December 1, Russian users have started reporting problems connecting to the Tor network, which is used to connect anonymously to the Internet.

State Duma deputies believe that restricting access to the Tor browser in Russia will make it possible to resist crime more effectively, the blocking process itself will be lengthy and difficult, but Roskomnadzor is improving technologies.

"All over the world, there is a fight against the negative sides of the Internet: online fraud, the distribution of illegal content (child pornography), the sale of personal and payment data of users, the distribution of drugs and weapons," said Alexander Khinshtein, head of the State Duma Committee on Information Policy, Information Technology and Communications.

The parliamentarian recalled that Russia is working to combat cyber fraud systematically and quite effectively, a number of relevant laws have already come into force. For example, blocking mobile phones on the territory of correctional institutions, as well as blocking calls from fake numbers from abroad under the guise of Russian ones.

He also stressed that blocking the darknet is a necessary step towards creating a secure digital environment. According to him, the darknet is an obvious concentration of all the most negative, illegal things that exist in the real and digital world today.

In turn, Anton Gorelkin, the deputy chairman of the State Duma Committee on Information Policy, Information Technology and Communications, wrote in his Telegram channel that he welcomes the decision of Roskomnadzor to start blocking Tor. He added that 60% of Tor's costs are covered by funding from the US government.

The Tor developers themselves note that Russia is the second country in the world in terms of the number of browser users, it is used by more than 300 thousand Russians. "Blocking Tor will not hurt those who do not sell stolen personal and payment data of people, are not interested in child pornography and the purchase of drugs," Mr. Gorelkin stressed.

Read more »
Russia
Privacy Privacy Breach Russia

Russian users reported blocking Tor

 On December 1, users from Moscow began to report problems with access. It is claimed that Tor was blocked by Rostelecom. "On the night of December 3, several telecom operators, including Rostelecom, MTS, Tele 2 and others, reported network malfunctions," the OONI online censorship tracking project reported.

The expert noted that indirect signs such as meta-information in packets can be used to block traffic in Tor. He added that access to Tor can be blocked by blocking specific servers by IP.

"So far, the use of "bridges" helps <...>, but the lists of bridges are also quite public," Misbakh-Solovyov added. Bridges are anonymous user nodes that do not send information about their IP to the provider's servers. The developers claim that this connection method allows to connect to the network even in countries where Tor is officially blocked.

Anton Gorelkin, deputy chairman of the State Duma Committee on Information Policy, Information Technologies and Communications, said that "the restriction of VPNs and anonymizers will have a positive impact on the Russian segment of the network. It will protect Russians from discursive content, all scammers. The founders of Tor, hiding behind a pseudo-liberal agenda, created a service that became an infrastructure for fraudsters, drug sales. This is the entrance to the darknet, where stolen databases and fraudulent schemes are concentrated. Blocking Tor is not only about protecting citizens from destructive content. Blocking will improve the network climate in general. On one side of the scale are some pseudo-liberal values, and on the other side — drug sales, destructive content, scammers."

In 2017, anonymizers and blocking bypass tools were banned in Russia. Since June 2021, Roskomnadzor began blocking VPN services, arguing that their use retains access to child pornography, illegal information about drugs and extremism.

Read more »
Telegram
Pavel Durov Privacy Privacy Breach surveillance Telegram

Telegram Pavel Durov says that since 2018 he knew about the potential surveillance of his phone

The billionaire said he had known since 2018 that one of his phone numbers was on the NSO Group list, but was not worried about it.

"Since 2011, when I was still living in Russia, I used to think that all my phones were hacked. Anyone who gets access to my personal data will be extremely disappointed, as he will have to view thousands of Telegram feature concepts and millions of messages related to the development process of our product. He will not find any important information there," Durov explained.

At the same time, he recalled that surveillance tools were also used against "much more significant" people, including more than 10 heads of state. "A huge problem for humanity", according to the businessman, is created by "backdoors" that smartphone and software manufacturers deliberately leave in their systems.

"According to Snowden's 2013 revelations, Apple and Google are part of a global surveillance program. These companies should introduce backdoors into their mobile operating systems. These backdoors, usually disguised as security bugs, allow US intelligence agencies to access information on any smartphone in the world," Durov wrote. 

According to Durov, at the same time, access to these vulnerabilities can be obtained not only by the US authorities but also "any other organization that finds them."

"It is not surprising that this is exactly what happened: the Israeli company NSO Group sold access to spy tools that allowed third parties to hack tens of thousands of phones," the billionaire noted.

Recently, The Guardian reported that the Telegram founder's British mobile number was on a list of potential surveillance targets in 2018.

The publication suggested that the authorities of the United Arab Emirates could have shown interest in Durov since the appearance of the entrepreneur's number on the list coincided with his move to this country.

Read more »
Subscribe to: Posts (Atom)