Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Private Data. Show all posts
User Privacy
Data Breach Data Leak Kiosks Private Data Redbox User Privacy

Old Redbox Kiosks Hacked to Expose Customers’ Private Details

 

DVD Rental Service Redbox may be a thing of the past, but the data privacy issues it created for users may persist for some time. Redbox allows users to rent DVDs from its 24,000 autonomous kiosks throughout the United States. Its parent company, Chicken Soup for the Soul, declared bankruptcy in July 2024, after the emergence of streaming platforms such as Netflix and Prime Video decimated the DVD rental market. 

According to Ars Technica, one programmer reverse-engineered the hard drive of an old Redbox Kiosk and recovered users' names, emails, and rental histories from about a decade ago. In certain cases, Foone Turing, a California-based programmer, discovered parts of users' credit card data stored on hard drives, such as the first six and last four numbers of the credit card used, as well as transaction history. 

Turing stated in a social media post that she tracked down a film fan from Morganton, North Carolina, who supposedly rented The Giver and The Maze Runner in 2015. According to her, "anyone with basic hacking skills could easily pull data manually out of the files with a hex editor," completing: "This is the kind of code you get when you hire 20 new grads who technically know C# but none of them have written any software before.”

The programmer claims she didn't even need to utilise a physical kiosk to retrieve the old data; instead, she employed an uploaded hard drive she discovered on the social network Discord. The announcement comes as old Redbox kiosks are becoming rarities in some circles. According to the Wall Street Journal, a 19-year-old North Carolina resident acquired one after speaking with a contractor hired to dispose of one. 

Unfortunately, any victims impacted may have limited legal options, since "it may be difficult to hold a bankrupt company accountable," according to The Electronic Frontier Foundation. However, as Lowpass points out, Redbox kiosks may have only saved identifiable personal data locally if an internet or power outage prevented it from being sent to the cloud.
Read more »
Transport Firm
Data Breach Data Leak Private Data Ransomware attack Transport Firm

Rider Data Compromised in Ransomware Attack on TheBus, Handi-Van

 

Private data of TheBus and Handi-Van customers appears to have been hacked in an alleged ransomware attack on the company that operates the transportation services. The websites for TheBus and Handi-Van have been down for four days as the alleged attack continues. 

This is the second hack of Oahu Transit Services in three years, and the FBI and Hawaii Police Department are investigating. Meanwhile, the city's Department of Transportation Services said that the breach began around 1 a.m. Saturday. 

“Our phones went down, our OTS system went down and it became pretty obvious that it was an outside intrusion into the system,” stated Roger Morton, director of the city Department of Transportation Services. “What OTS did was immediately severed all the connections to other systems that they have.” 

The bus and the handi-van continue to run their routes. However, the city claims that websites, GPS, and the Holo card were purposely shut down to safeguard people's data. It might be too late, though. 

Falcon Feeds, an India-based cybersecurity company that monitors "threat actors," shared a screenshot on its X social media account claiming that "Oahu Transit Services Falls Victim to DragonForce Ransomware.” DragonForce claims to have 800,000 pieces of data and has given OTS 10 days from Tuesday to pay the ransom.

“That’s from the DragonForces dark platform, where they shame most of these victims,” noted Nandakishore Harikumar, Falcon Feeds CEO and founder. “Every data breach, even if it’s leaking one line of data, we believe it’s serious.” 

DragonForces is based in Malaysia, but Harikumar is unsure whether the firm that posted the ransom is legitimate or an imposter. Falcon Feeds published screenshots of the data, which included names, addresses, and bus or Handi-Van card ID types. Hawaii News Now masked the private data. 

“We have not paid any ransom,” stated Morton, who added it’s against policy to pay ransoms. “They’re methodically putting the system back. Part of that is disinfecting hundreds of work stations on the chance that they might hold some kind of virus on them.” 

DTS won't confirm a ransomware incident and claims it is being investigated. Meanwhile, Oahu Transit Services has responded to media requests through a Gmail account. According to Morton, OTS expects all online systems to be operational again Wednesday.
Read more »
User Privacy
Canada Cyber Attacks Private Data Ransomware User Privacy

Ransomware Attackers Target Canada’s Largest School Board

 

The Toronto District School Board (TDSB) has issued a warning following a ransomware attack on its software testing environment and is currently investigating whether any personal data was compromised. 

TDSB is Canada's largest school board and the fourth largest in North America, overseeing and managing 473 elementary, 110 secondary, and five adult education institutions. The group has an annual budget of around $2.5 billion. 

An announcement posted on the board's website earlier this week informs parents, guardians, and carers about a ransomware attack that may have exposed personal information.

"TDSB recently became aware that an unauthorized third party gained access to TDSB's technology testing environment, which is a separate environment used by TDSB IT Services to test programs before they are run live on TDSB systems," reads the announcement. 

"We are conducting a thorough investigation to understand the nature of the incident, any impact on our network, and if any personal information may have been affected by the incident," adds TDSB further down in the announcement. 

TDSB claims that all of its systems are operational, with no disruptions, indicating that the attack was contained in the testing environment. The organisation has contacted the Toronto Police Service and the Information and Privacy Commissioner of Ontario, and it is working with third-party cybersecurity specialists to evaluate the extent of the incident. 

TDSB serves roughly 247,000 students and employs 40,000 employees, therefore this incident could impact a large number of people. The Toronto District School Board agreed to notify affected persons if the ongoing investigation reveals that a data breach happened, but for the time being, it has chosen not to provide too much information

Individuals who may have been impacted and are looking for answers may contact the organisation at 'cyberincident@tdsb.on.ca.’ At the time of writing, none of the major ransomware gangs claimed responsibility for the attack on TDSB.
Read more »
User Privacy
Data Leak Data Privacy Private Data Search Engines Technology User Privacy

How to Erase The Personal Details Google Knows About You

 

One can get a sense of the volume of data they are giving away to Google every day by considering all the things they do on Chrome, Gmail, YouTube, Google Maps, and other Google services. That is... a lot for most of us. 

Google at least offers a thorough web dashboard that you can use to view some of the data being acquired, regardless of whether you believe the targeted advertising and data collecting are worth the free apps you receive in return.

It allows you to eliminate all of the data that Google has already gathered, prevent it from collecting further, or have your data automatically deleted after a predetermined amount of time (such as three months). If you intend to delete your Google account, you can also utilise these tools to clean the records; however, doing so should also remove all of the data linked to your account.

Here's how to use the options that are accessible to you.

Locate your data 

Getting started is really simple: Open your Google account page in your preferred web browser, and sign in if necessary. This screen displays your Google subscriptions, the devices to which you are signed in with your Google account, and any passwords that you may have saved, among other details. 

  • On the left, click "Data and privacy."
  • Look for the history settings. It is divided into three major categories: Web and apps, location, and YouTube.
  • To get a complete list of this data, click the My Activity icon at the bottom of the section. You'll see everything you've done that has been recorded in Google products, beginning with the most recent.
  • Select filter by date & product to narrow the results to certain date ranges or apps.
  • To delete a filter you've applied, click the X at the top of the list. 
  • If additional information is available, click on any entry in the list to view it. You can open YouTube videos or websites that you've visited.

Delete your data

  • When it comes to data that Google has already acquired and logged, you can delete it in a number of ways. 
  • If you are viewing the entire activity list, click Delete (to the right of the filter). 
  • You can delete records from the last hour, day, or a custom range. You can also select Always to erase everything.
  • If you filtered the list by date or product, click Delete results to remove everything that matched the filter.
  • Whether or not the list is filtered, clicking the X next to any single entry deletes it. 

It's useful to have a central repository for all of your data accessible via a single online site, but some sorts of data can also be found elsewhere. You can remove your web activity from within Chrome as long as you are signed in to Google, for example, or access your YouTube view history via the YouTube website.
Read more »
User Privacy
Data Breach Data Leak Identity Theft Private Data User Privacy

AT&T User Discusses Safety Measures Following Data Breach

 

AT&T has periodically tried to downplay the gravity of its recent data breach, but the US telecoms company has now sought to reassure worried consumers with a slew of new security features. 

In the most recent development in the ongoing story of the AT&T data hack, the firm has announced that all of its users—affected or not—can now take advantage of a number of complimentary security and identity protection offerings. 

These include a free identity theft insurance policy that offers up to $1 million in coverage, which seems to indicate that the company is now beginning to take the data leak seriously. 

AT&T new announcements

AT&T has announced numerous additional security measures in response to the March disclosure that data belonging to up to 73 million of its customers had been exposed on an online hacker forum.

In addition to the previously mentioned $1 million identity protection insurance, these also come with access to an identity restoration team and "one year of complimentary credit monitoring, identity theft detection, and resolution services.” 

According to KPRC-TV, AT&T appears to have hired the assistance of Experian's IdentityWorks protection arm to help reassure the more than seven million current AT&T customers who have been affected by the hack. 

How many AT&T customers were affected by the data breach?

Most estimates suggest that as a result of the historic data breach, the personal information of around 71 million AT&T customers was exposed online. 

However, AT&T has attempted to dispute this number on several occasions, having first denied culpability for the breach completely. It has instead stated that it believes approximately 51 million consumers were affected, the majority of whom are former customers.

That is perhaps predictable, given that many individuals would leave a provider who had disclosed their information. As previously stated, the number of current AT&T users believed to be affected is approximately 7 million. 

To make it easier to secure your online accounts with hard, unique passphrases, experts advise setting up a password manager.
Read more »
User Privacy
Dark Web Data Breach Data Leak Private Data Tech Firm User Privacy

Private Data of 7.5 million BoAt Users Leaked in Massive Data Breach

 

More than 7.5 million boAt customers' customer information has surfaced on the dark web. It is possible to purchase personally identifiable information (PII) such as a name, address, contact number, email ID, customer ID, and more. The threat actor leaked around 2GB of data on the forum. 

On April 5, a hacker dubbed ShopifyGUY claimed to have accessed the data of audio products and smartwatch maker boAt Lifestyle. The threat actor leaked data breach files comprising 75,50,000 entries of personally identifiable information (PII) from consumers. Forbes India validated the report by speaking with a number of the consumers who have recently purchased boAt items. 

These data breaches have implications that extend beyond the immediate loss of private data. People are more susceptible to monetary fraud, phishing scams, and identity theft. Threat Intelligence Researcher Saumay Srivastava notes that sophisticated social engineering assaults could be carried out by threat actors who employ users' personal information to get access to bank accounts, carry out transactions, and fraudulently use credit cards.

“The consequences for companies include a loss of customer confidence, legal consequences and reputational harm. The major implications make it even more essential to implement adequate security practices,” Saumya added. 

The leaker's profile (ShopifyGUY) is rather new, with only this leak under his belt. Because the data is genuine, the hacker will establish a good reputation among the forum community, increasing future data purchases, explains Rakesh Krishnan, senior threat analyst at NetEnrich. 

"Considering the timeline, we can assume that the hackers gained access to the boAt customer database at least one month ago and put the data on the forum yesterday.”

Ideally, the company should notify all users, conduct a thorough investigation into how the attackers gained access and what else they could access, and then overhaul their security measures to ensure this does not happen again, but realistically, it will deny and move on, explains Yash Kadakia, founder of Security Brigade. 

The data is available for eight credits on several forums, thus it practically costs two euros to purchase it. It will most likely be available for free on Telegram within a few days. Many scammers will use this information to carry out various phone and email scams, Kadakia noted. 

According to an IDC report, boAt, which was founded in 2016 by Aman Gupta, a judge on Shark Tank, and Sameer Mehta, is now the second most popular wearable brand as of the third quarter of 2023. The Gurugram-based business is well-regarded by Indian customers and is renowned for its affordable headphones and other audio equipment. In addition, it produces speakers and smartwatches.
Read more »
system spread
AI Worms Cyber Security Data Safety Data Theft Private Data Researchers Security system spread

Researchers Develop AI "Worms" Capable of Inter-System Spread, Enabling Data Theft Along the Way

 

A team of researchers has developed a self-replicating computer worm designed to target AI-powered applications like Gemini Pro, ChatGPT 4.0, and LLaVA. The aim of this project was to showcase the vulnerabilities in AI-enabled systems, particularly how interconnections between generative-AI platforms can facilitate the spread of malware.

The researchers, consisting of Stav Cohen from the Israel Institute of Technology, Ben Nassi from Cornell Tech, and Ron Bitton from Intuit, dubbed their creation 'Morris II', drawing inspiration from the infamous 1988 internet worm.

Their worm was designed with three main objectives. Firstly, it was engineered to replicate itself using adversarial self-replicating prompts, which exploit the AI applications' tendency to output the original prompt, thereby perpetuating the worm. 

Secondly, it aimed to carry out various malicious activities, ranging from data theft to the creation of inflammatory emails for propagandistic purposes. Lastly, it needed the capability to traverse hosts and AI applications to proliferate within the AI ecosystem.

The worm utilizes two primary methods for propagation. The first method targets AI-assisted email applications employing retrieval-augmented generation (RAG), where a poisoned email triggers the generation of a reply containing the worm, subsequently spreading it to other hosts. The second method involves inputs to generative-AI models, prompting them to create outputs that further disseminate the worm to new hosts.

During testing, the worm successfully pilfered sensitive information such as social security numbers and credit card details.

To raise awareness about the potential risks posed by such worms, the researchers shared their findings with Google and OpenAI. While Google declined to comment, an OpenAI spokesperson acknowledged the potential exploitability of prompt-injection vulnerabilities resulting from unchecked or unfiltered user inputs.

Instances like these underscore the imperative for increased research, testing, and regulation in the deployment of generative-AI applications.
Read more »
User Privacy
Consumer Report Data Breach Private Data Social Media App User Privacy

Meta is Collecting Consumers Data from Thousands of Firms

 

Consumer Reports conducted an experiment which revealed that Instagram and Facebook collect your private data from thousands of firms. The company is also the largest reporter of potentially child sexual abuse materials (CSAM), yet many of these reports are sent in a fashion that raises legal concerns.

To find out where parent firm Meta gets its personal data from for targeted advertising, Consumer Reports sought the assistance of over 700 volunteers.

The Markup, an American nonprofit news publication, says the study found that Meta collected data from an average of 2,230 companies. Markup assisted Consumer Reports in finding study participants. The last three years' worth of participant data were retrieved from Facebook settings and sent to Consumer Reports in an archive. 

A total of 186,892 companies shared data concerning them to the social network, according to Consumer Reports. 2,230 companies on average shared the data of each study participant to Facebook. This figure varied widely, with the data from some participants suggesting that over 7,000 companies submitted their data. 

Undoubtedly, data brokers were the most common source of private information that the social media giant collected, but Amazon and Home Depot were also in the top 10. 

The websites you visit are the most frequently acquired sort of data, either through cookies or tracking pixels that allow for the creation of an interest and activity profile. 

If you search for bathroom fittings on Amazon, for instance, adverts for that particular product category or more general ones like home renovations may appear. Similarly, if you visit a lot of tech websites, you may be served gadget ads. 

Meta states that it provides consumers with choices and is open about the data it collects and uses: “We offer a number of transparency tools to help people understand the information that businesses choose to share with us, and manage how it’s used.” 

However, the Electronic Privacy Information Centre argues that suggesting that customers understand the extent and nature of this tracking is foolish. 

“This type of tracking which occurs entirely outside of the user’s view is just so far outside of what people expect when they use the internet […] they don’t expect Meta to know what stores they walk into or what news articles they’re reading or every site they visit online,” the centre stated.
Read more »
Technology
AI Tool Data Safety Generative AI LLM Private Data Technology

Anthropic Pledges to Not Use Private Data to Train Its AI

 

Anthropic, a leading generative AI startup, has announced that it would not employ its clients' data to train its Large Language Model (LLM) and will step in to safeguard clients facing copyright claims.

Anthropic, which was established by former OpenAI researchers, revised its terms of service to better express its goals and values. The startup is setting itself apart from competitors like OpenAI, Amazon, and Meta, which do employ user material to enhance their algorithms, by severing the private data of its own clients. 

The amended terms state that Anthropic "may not train models on customer content from paid services" and that Anthropic "as between the parties and to the extent permitted by applicable law, Anthropic agrees that customer owns all outputs, and disclaims any rights it receives to the customer content under these terms.” 

The terms also state that they "do not grant either party any rights to the other's content or intellectual property, by implication or otherwise," and that "Anthropic does not anticipate obtaining any rights in customer content under these terms."

The updated legal document appears to give protections and transparency for Anthropic's commercial clients. Companies own all AI outputs developed, for example, to avoid possible intellectual property conflicts. Anthropic also promises to defend clients against copyright lawsuits for any unauthorised content produced by Claude. 

The policy complies with Anthropic's mission statement, which states that AI should to be honest, safe, and helpful. Given the increasing public concern regarding the ethics of generative AI, the company's dedication to resolving issues like data privacy may offer it a competitive advantage.

Users' Data: Vital Food for LLMs

Large Language Models (LLMs), such as GPT-4, LlaMa, and Anthropic's Claude, are advanced artificial intelligence systems that comprehend and generate human language after being trained on large amounts of text data. 

These models use deep learning and neural networks to anticipate word sequences, interpret context, and grasp linguistic nuances. During training, they constantly refine their predictions, improving their capacity to communicate, write content, and give pertinent information.

The diversity and volume of the data on which LLMs are trained have a significant impact on their performance, making them more accurate and contextually aware as they learn from different language patterns, styles, and new information.

This is why user data is so valuable for training LLMs. For starters, it keeps the models up to date on the newest linguistic trends and user preferences (such as interpreting new slang).

Second, it enables personalisation and increases user engagement by reacting to specific user activities and styles. However, this raises ethical concerns because AI businesses do not compensate users for this vital information, which is used to train models that earn them millions of dollars.
Read more »
User Safety
Data Breach Data Leak Data Privacy Private Data User Safety

1.5 Billion Real Estate Records Leaked, Including Elon Musk and Kylie Jenner

 

Jeremiah Fowler, a cybersecurity researcher, uncovered and notified VPNMentor about an exposed database related to the New York-based online business Real Estate Wealth Network. The compromised database had 1.5 billion records, including real estate ownership data for millions of people. 

The database, which had a total size of 1.16 TB (1,523,776,691 records), had organised folders containing information on property owners, sellers, investors, and internal user tracking data. It included daily logging records from 4/22/23 to 10/23/23 that included internal user search data. 

Cameron Dunlap founded Real Estate Wealth Network in 1993 to provide education and resources for real estate investors. The platform costs a one-time, non-refundable fee of $1,450 for access to a vast collection of data, which includes online courses, training materials, a community, and mentorship/coaching from experienced experts. 

Upon further investigation, Fowler discovered that the exposed database contained the purported property ownership data of celebrities including Kylie Jenner, Blake Shelton, Britney Spears, Floyd Mayweather, Dave Chappelle, Elon Musk & Associates LLC, Dolly Parton, Donald J. Trump, Mark Wahlberg, and Nancy Pelosi. 

The online disclosure of celebrities' addresses could pose a number of threats, including concerns for their safety, invasion of privacy, stalking, and harassment by fans or malicious people. 

"The data was organised in various folders according to property history, motivated sellers, bankruptcy, divorce, tax liens, foreclosure, home owner association (HOA) liens, inheritance, court judgements, obituary (death), vacant properties, and more," VPNMentor’s blog post read. 

Everyone, famous or not, is at risk because real estate tax data, which includes information on property ownership, assessed property values, tax assessment history, and property tax payment history, can be used by criminals to gather personal information on property owners. 

Threat actors can utilise the data to target individuals with social engineering or phishing attacks, with the goal of obtaining financial or other personal information. The disclosure of data revealing whether a person bought their home with cash, without a mortgage loan, or has fully paid off their mortgage may increase the risk of financial fraud.

Property and mortgage fraud remain major issues, with the FBI reporting 11,578 incidents resulting in $350 million in losses in a single year, a 20% rise from 2017. Typically, property fraud entails taking a homeowner's identity and fabricating ownership documentation. 

Although the disclosed database has been locked from public access, a Real Estate Wealth Network representative confirmed ownership. The duration of the exposure and the possibility of unauthorised entry remains unknown. Only a forensic audit conducted internally could determine whether the records were accessed, extracted, or downloaded. 

This incident serves as a clear warning of the possibility of fraudulent activity involving easily accessible information. Property owners should be vigilant when disclosing personal information, especially in response to unsolicited requests for property information. Understanding the risks associated with semi-public data is critical for asset protection.
Read more »
Web Servers
Authetication Data Breach Game Developer Gaming Gaming Community Private Data Social Media threats Video Games Web Servers

Insomniac Games Cybersecurity Breach

A cyberattack has compromised the prestigious game company Insomniac Games, exposing private data without authorization. Concerns over data security in the gaming business have been raised by this hack, which has spread throughout the community.

Targeting Insomniac Games, the company behind the well-known Spider-Man series, the cyberattack was purportedly executed by a gang going by the name Rhysida. Fans and the gaming industry were left in a state of anticipation and fear as the hackers obtained access to a treasure mine of data, including secret footage of new projects like Wolverine.

The leaked information not only included sneak peeks into future game developments but also internal data that could compromise the studio's operations. The gravity of the situation prompted a rallying of support for Insomniac Games from both the gaming community and industry professionals.

Amid the chaos, cybersecurity experts have been quick to emphasize the importance of robust security measures in an era where digital attacks are becoming increasingly sophisticated. This incident serves as a stark reminder that even major players in the gaming industry are vulnerable to cyber threats.

Insomniac Games responded promptly to the breach, acknowledging the incident and assuring fans that they are taking necessary steps to address the issue. The studio urged users to remain vigilant and promptly report any suspicious activities related to their accounts.

The gaming community, known for its passionate fanbase, has shown solidarity with Insomniac Games in the wake of the cyberattack. Messages of support have flooded social media platforms, emphasizing the need for collective efforts to combat cyber threats and protect the integrity of the gaming industry.

As the situation unfolds, industry leaders and policymakers are likely to scrutinize the incident to enhance cybersecurity protocols across the gaming landscape. The hack serves as a wake-up call for developers and publishers to invest in cutting-edge security measures to safeguard intellectual property and user data.

Leaders in the industry and legislators will probably be closely examining the incident as it develops to improve cybersecurity practices in the gaming sector. Developers and publishers should take note of this hack and invest in state-of-the-art security solutions to protect user data and intellectual property.

The recent hack on Insomniac Games serves as a reminder that even the biggest names in the gaming business are susceptible to online attacks. The aftermath of this disaster calls for the gaming community as a whole to prioritize cybersecurity in addition to data security. One thing is certain as the gaming industry struggles with the fallout from this breach: protecting digital assets is critical to the business's long-term viability and public confidence.
Read more »
WALA
CyberCrime Cybersecurity Data Breach Health Reports Pet Owners Private Data Security Breach Software WALA

WALA's Shocking Data Leak: 25GB of Personal Information from Pet Owners Revealed

 


The Worldwide Australian Labradoodle Association (WALA) has been the target of a new cyberattack in which private data of pet owners, pet microchip numbers, veterinarians, and testing laboratories affiliated with WALA have been leaked to the public as a result of the latest cybersecurity incident. WALA is a prominent worldwide dog breeding organization based in the United States. No security authentication or password was used for this breach to occur. 

Security researcher Jeremiah Fowler was the one who brought the incident to light. Fowler explained that the data leak occurred as a result of a misconfiguration of the WALA cloud server. There were approximately 56,000 documents that were exposed in the leaky server, together with a size of 25 gigabytes, which represented a trove of sensitive and personal information. 

Fowler's analysis concluded that the exposed records contained PII information, which can include names, addresses, phone numbers, email addresses, microchip numbers, and other medical-related information regarding the owners of the pets, the records also contained other medical information about these pets. 

An openly available cloud storage database contained 56,624 files in formats such as .pdf, .png, and .jpg, all with sizes of 25 GB, and which were stored as a total of 25,512,680 documents. The database appears to belong to a group called the Worldwide Australian Labradoodle Association (WALA). This was further investigated upon finding out who owned the database. 

Australian Labradoodles is a breed that is promoted by an international breed organization dedicated to breeding. There is a large number of members and affiliate breeders in WALA across the world, however, the organization's main office is located in the state of Washington, United States. In addition to its headquarters in the United States, WALA has regional offices throughout the world, namely Australia, Europe, and Asia. 

It is, by definition, a non-profit organization, which brings together Australia's Australian Labradoodle breeders worldwide, and in particular its members are committed to ensuring the long-term success of the breed through the stabilization of high breeding standards, and the building of a comprehensive and accurate pedigree repository, as well as the preservation of health records. 

Documents contained in the package included health reports, DNA tests, and a pedigree or lineage history of all of the dogs that showed the offspring, parents, grandparents, and so on. It was also found in the files that the information about the dogs' owners, veterinarians, and testing laboratories was also included, and that other information was also included, such as the digital chip numbers or the tattooed identification numbers of the dogs. 

There are many kinds of documents with names, addresses, phone numbers, and email addresses in them. It all depends on what the document is about. Pet medical data has a lot of implications that have never been considered when users think of a data breach involving health records. The pet industry generates tremendous amounts of money every year, and history has shown that there is always an element of risk involved when there is a possibility of making money. 

Approximately 67% of US households - or 85 million families - own one or more pets which is about the number of households in this country. This means that they spend about 123.6 billion U.S. dollars a year on pets, according to the American Pet Products Association (APPA). Pet insurance policies typically cover accidents, illnesses, and, in some cases, routine care. 

Additionally, certain policies even provide coverage for hereditary conditions and wellness check-ups, ensuring comprehensive protection for your beloved pet's health. It is crucial to consider the potential risks associated with a data breach in the context of pet insurance fraud. The exposed information could be exploited to manipulate and falsify medical documents, thereby facilitating fraudulent insurance claims. This alarming possibility highlights the importance of robust security measures to safeguard sensitive data. 

It is worth noting that historical data reveals a significant surge in this type of fraud between 2010 and 2015, with fraudulent claims witnessing an astounding increase of over 400% during that period. This emphasizes the need for constant vigilance and proactive measures to combat such fraudulent activities. 

The primary purpose of pet microchipping is to find or identify lost pets and reunite them with their owners. This technology plays a crucial role in ensuring the safety and security of our beloved furry companions. Knowing a pet’s microchip number alone does not inherently pose a significant risk to the pet’s safety or security; however, when combined with other information and ownership data, there could be potential risks. 

It is important to be aware of the potential dangers that may arise from the misuse of this information. Hypothetically, criminals could falsely claim ownership of a lost or stolen pet using a publicly leaked microchip number, putting the pet's well-being at risk. This highlights the need for pet owners to be vigilant and take necessary precautions. Pet theft is a real concern — an estimated 2 million dogs are stolen every year in the United States. 

The alarming rise in pet theft cases is a cause for concern among pet owners nationwide. Labradoodles, known for their adorable appearance and friendly nature, can sell for as much as 5,000 USD, making them a potentially valuable target for criminals.

Pet owners need to be proactive in safeguarding their pets and ensuring their well-being at all times. Even if the criminal does not have physical access to the pet, there are other risks. A social engineering scheme would allow criminals to contact pet owners, posing as authority figures, and request personal information from them to update the microchip database, certifications, or other registrations. This would then be done by using social engineering tactics. 

The criminal, if successful, has the potential to acquire both credit and banking information or personally identifiable information (PII) from the owners. This could potentially pave the way for various forms of fraudulent activities, including identity theft. It is worth noting that the chip number is intricately connected to the owner's contact details within the microchip database, thereby raising concerns regarding the exposure of personal information.

In light of this, pet owners are advised to exercise caution when confronted with requests for information about their pet's microchip. As a precautionary measure, it is always advisable to verify the identity of individuals claiming to be authority figures and promptly report any suspicious activity related to their pet's microchip to the appropriate microchip registry and local authorities. By doing so, pet owners can actively contribute to safeguarding their personal information and preventing potential instances of fraud or identity theft. 

Any organization that collects and stores documents on animals or humans should take all possible steps to secure potentially sensitive information. This includes implementing a multi-layered security strategy that ensures all software, including database management systems, is regularly updated with security patches to address known vulnerabilities. 

By regularly updating the software, organizations can stay ahead of potential threats and protect stored information. Another good practice is to regularly monitor your network and database activity for suspicious behaviour. This can help identify any unauthorized access attempts or unusual activity that may indicate a security breach. 

In addition, conducting penetration testing and vulnerability assessments can help proactively identify and remediate weaknesses or misconfigured access settings. These assessments provide valuable insights into the organization's security posture and can guide the implementation of appropriate security measures. Lastly, it is important to notify customers or members of any serious data incident. By doing so, they can be made aware of what was exposed and take necessary precautions if criminals attempt to contact them or use the information for fraud. This level of transparency and communication builds trust with customers and helps them stay vigilant in protecting their personal information.
Read more »
Private Data
Bank Credentials Data Breach Data Leak Data Safety Electric Ireland Private Data

Data from 8,000 Consumers May Have Been "Compromised," Electric Ireland Warns

 

Electric Ireland may be required to compensate customers whose data was compromised if they were defrauded. And it has been revealed that it was garda, not the energy utility, who learned that customer data had been tampered with. 

This week, the energy company issued a note to 8,000 people warning them that their financial and personal data may have fallen into the wrong hands, raising the possibility of fraud. The letter included a form on which those affected by the data breach were asked to reveal whether they believed they had been the victims of fraud. 

"Reports of potentially fraudulent activity sent to us by return post will be collated and shared with the gardaí," stated Electric Ireland. 

Electric Ireland would only respond, when asked if it would pay out compensation to those who were duped as a result of the data breach, with the words, "customers who believe they suffered a financial loss should also approach their bank or financial institution." 

However, it is understood that if a customer's bank or credit card company declines to compensate them, the ESB-owned supplier might wind up having to pay compensation to customers who incur financial loss as a result of the data breach. 

Furthermore, it has surfaced that the gardaí affiliated with the Garda National Cyber Crime Bureau detected the data breach. The Garda National Economic Crime Bureau was then tasked with looking into the situation. 

"An Garda Síochána got in touch with the impacted utility company right away and is still in communication with them. There isn't any more information available as this is an ongoing investigation, the statement stated. 

Electric Ireland was not mentioned by name, but this week the energy provider acknowledged that 8,000 customers' financial and personal information might have been compromised. People affected by the breach may need to cancel the debit and credit cards they use to pay their energy bills as it seems so severe. 

It has been advised for those who use bank accounts to pay Electric Ireland to look back two years to see if their accounts have been compromised. The letter goes on to say that customers who have not received a letter from Electric Ireland are not required to take any action.
Read more »
State Secrets
Cyber Attacks Data Leak Nation-State Attack National Security Phillipines Private Data State Secrets

Cybersecurity Crisis Deepens in Phillipines as Hackers Leak State Secrets

 

The security of millions of people is at risk due to the Philippines' lax cybersecurity regulations, which have allowed government websites to be compromised in a recent string of cyberattacks.

According to the South China Morning Post, hackers attacked the Philippine Health Insurance Corporation (PhilHealth), compromising the data of millions of people, including Filipino employees working overseas. 

The state insurer's reluctance to go with $300,000 triggered the breach. Furthermore, the homepage of the House of Representatives was defaced, highlighting the government's weaknesses in the digital world. 

A hacker going by the moniker DiabloX Phantom claimed that he had gained access to five critical government agencies and downloaded a substantial amount of data. His intention was to expose the vulnerabilities in the government's cybersecurity. 

The hacker gained access to the forensics database held by the Philippine National Police, which contained sensitive case files, and the servers of the Philippine Statistics Authority, which is in charge of issuing national identification cards. 

He also attacked the websites of the Technical Education and Skills Development Authority (Tesda), Clark International Airport, and the Department of Science and Technology. 

Among his techniques were using open subdomains, propagating malware via email, making use of weak passwords, and taking advantage of vulnerabilities left by earlier hackers. 

As stated by DiabloX Phantom, he focused on highlighting the government's cybersecurity flaws rather than sell the information he had acquired, reported to the South China Morning Post.

He waited for a government reaction to deal with these problems. Cybersecurity specialists in the Philippines independently confirmed his assertions. Some hackers want to reveal system weaknesses, get fame for their expertise, or just have fun with cyber activities, but there isn't a single person or organisation behind all of the breaches. 

Past violations of cybersecurity

Cybersecurity incidents are not unusual, as evidenced by the recent breaches in the Philippines. 

The personal information of up to 55 million Filipino voters was made public in 2016 by the "Comelec leak". No one was prosecuted or held accountable for this breach, despite its magnitude. 

Vulnerabilities must be fixed immediately, such as weak passwords, poor personnel training, and inadequate monitoring. Taking care of these problems is essential to preserving private information and millions of people's privacy.
Read more »
User Safety
Data Breach Data Leak Data Theft Metaverse Private Data User Safety

Here's How Hackers Sell and Trade Your Data in the Metaverse

 

Your data might be lost in the metaverse, a place where reality takes on new forms and lovely virtual landscapes arise. 

Imagine yourself in a bustling digital marketplace, surrounded by avatars dressed in the latest digital attire. A secret underground network is concealed in the metaverse's shadowy side while you're taking in all the sights and sounds. Here, data sellers and hackers can be found together, chatting about the most recent hacks and online theft. 

Darkverse: A flip side of metaverse

If you're not sure what the darkverse is, think of the wild west of the digital world; it's a place where wicked acts flourish in the absence of law. Cybercriminals, hackers, and other malicious actors dwell in this shadowy domain and operate outside the bounds of morality and the law, significantly jeopardising the stability and security of the metaverse. 

Identity theft, fraud, and data breaches are commonplace in the darkverse, preying on unsuspecting users who take a chance in this dangerous environment. Automated bots roam freely, spamming and deceiving innocent users, while cutting-edge AI and deepfake technology generate fake data, obscuring a matter of truth and reliability. 

What type of data is sold on metaverse? 

Cybercriminals have adapted to this environment by selling all forms of stolen data to the highest bidders, and metaverse data marketplaces are similarly active. Personal data, which can include your name, address, phone number, and other information, comes first on the list. 

Identity theft is common in the metaverse, as malicious actors might adopt your online persona for profit or other reasons. So, before you go in, it's useful to learn about the most common metaverse crimes. 

Another noticeable commodity is financial data. Credit card information, bank account information, and digital wallets are highly sought after because cybercriminals can use this information to conduct unauthorised transactions, depleting victims' accounts in the blink of an eye. 

Access credentials are another common item on the illicit market. If hackers obtain your usernames and passwords, they will gain access to your digital life and cause havoc on your social media, emails, and more vital accounts. In virtual worlds and blockchain-based games, rare skins, strong weaponry, and one-of-a-kind artefacts are stolen and sold for real-world cash. 

Finally, private communications containing sensitive information are a bonanza for hackers. They'll try to pry into your personal communications, gathering compromising information to use against you or sell to the highest bidder. 

Mitigation tips 

Since the metaverse has yet to make an appearance, little can be said about how to address these challenges. So far, people's hopes are aligned with Zuckerberg himself. He might develop a robust cybersecurity structure for the metaverse and implement techniques to assure data privacy and security.

However, given the privacy concerns that have emerged as a result of the idea, there are a few ways that users, whether companies or individual netizens, can secure data privacy and security within the metaverse. 

Organisations can govern the use of such information because accumulating personal information and surveillance is not something that anyone other than Facebook can control. Any organisation that establishes virtual offices in the metaverse should have stringent data privacy and security rules in place. Users should be able to control how much personal information they are willing to reveal. 

Aside from that, organisations using AR/VR devices or platforms should rigorously monitor the risks of hack assaults, data breaches, and other hostile attacks. Similarly, these organisations will need to plan ahead of time for hostile AI attacks and enable defence against them. 

Individual users who join the metaverse should be cautious about the amount and type of information they reveal. Furthermore, it is critical that they implement internet security measures meant to safeguard customers from privacy intrusions and data breaches.
Read more »
Vulnerabilities and Exploits
Chastity Device Data Safety Private Data User Security Vulnerabilities and Exploits

Chastity Device Designer Exposes Customers’ Private Data Due to Server Vulnerabilities

 

A security researcher found that users of a company's chastity device ran the risk of having their private information exposed. The researcher was able to access over 10,000 users' email addresses, plaintext passwords, home locations, IP addresses, and GPS coordinates thanks to security weaknesses in the company's servers. 

The researcher attempted to notify the company of the vulnerabilities and persuade them to make the necessary repairs after finding them. The company hasn't yet replied to the flaws or fixed them, though. 

TechCrunch, a security news portal who initially published the report, has chosen to withhold the company's identity in order to protect its users from the continued risks they face. To notify people of the issue at hand, it contacted the company's web provider and China's Computer Emergency Response Team (CERT). Unfortunately, the company has not made any efforts to fix these issues. 

The researcher defaced the company's homepage in an effort to alert the company and its customers. But within a day, the firm fixed the vulnerabilities without restoring the website or removing the researcher's warning. 

In addition to the issues that were exposed, the researcher also found that the company's website was leaking records of customers' PayPal payments, including their email addresses and the dates of their payments.

The chastity device that the company sells is designed to be controlled by a partner using an Android app. By sending exact GPS locations, the software enables partners to follow a device user's movements. Unfortunately, hackers have previously exploited vulnerabilities in sex devices like chastity cages to their advantage, and have taken control of these gadgets to demand victims for ransom payments. 

This incident highlights the necessity of resolving security issues in internet-connected devices, especially those that involve sensitive personal data. It is critical for companies to make the security of the data of their customers first priority and to take immediate action to patch any vulnerabilities identified.
Read more »
Private Data
Android App Android games Cyber Security Data Privacy Google Google Play Store Malicious Android Apps McAfee Phishing Attacks Private Data

Google Removes 22 Malicious Android Apps Exposed by McAfee

Google recently took action against 22 apps that are available on the Google Play Store, which has alarmed Android users. These apps, which have been downloaded over 2.5 million times in total, have been discovered to engage in harmful behavior that compromises users' privacy and severely drains their phone's battery. This disclosure, made by cybersecurity company McAfee, sheds light on the hidden threats that might be present in otherwise innocent programs.

These apps allegedly consumed an inordinate amount of battery life and decreased device performance while secretly running in the background. Users were enticed to install the programs by the way they disguised themselves as various utilities, photo editors, and games. Their genuine intentions, however, were anything but harmless.

Several well-known programs, like 'Photo Blur Studio,' 'Super Smart Cleaner,' and 'Magic Cut Out,' are on the list of prohibited applications. These applications took use of background processes to carry out tasks including sending unwanted adverts, following users without their permission, and even possibly stealing private data. This instance emphasizes the need for caution while downloading apps, especially from sites that might seem reliable, like the Google Play Store.

Google's swift response to remove these malicious apps demonstrates its commitment to ensuring the security and privacy of its users. However, this incident also emphasizes the ongoing challenges faced by app marketplaces in identifying and preventing such threats. While Google employs various security measures to vet apps before they are listed, some malicious software can still evade detection, slipping through the cracks.

As a precautionary measure, users are strongly advised to review the apps currently installed on their Android devices and uninstall any that match the names on the list provided by McAfee. Regularly checking app permissions and reviews can also provide insights into potential privacy concerns.

The convenience of app stores shouldn't take precedence over the necessity of cautious and educated downloading, as this instance offers as a sharp reminder. Users must actively participate in securing their digital life as fraudsters become more skilled. A secure and reliable digital environment will depend on public understanding of cybersecurity issues as well as ongoing efforts from internet behemoths like Google.

Read more »
User Security
Data Privacy Mobile Security Private Data search engine User Security

Here's How You Can Remove Private Info From Google Search Results

 

Have you ever come across something about yourself that was private or secret in a search engine result? That would not only be embarrassing, but it might also raise security risks like identity theft.

Google is trying to make it less complicated for you to locate and delete any personal information that appears in a search now. The search engine giant highlighted new privacy features and tools in a blog post earlier this week in an effort to help you safeguard your personal information. 

The first thing on the list is a new dashboard for an existing feature called 'Results about you'. This function, which was introduced in 2022, allows you to keep track of any personal information that appears in a search result so that you can ask Google to delete it. 

With the help of a recent upgrade, the 'Results about you' dashboard will not only assist you in finding those particulars but also enable you to ask for their removal using the same tool. The function will also notify you if fresh information starts to show up in open search results. 

You may access the dashboard by visiting the Results about your website on the web or by clicking your account photo in the Google mobile app and choosing Results about you. Run a name search on Google from there. For the purpose of limiting the results, you might need to include your city and state.

If a search generates your email address, phone number, or home address, you can request that Google remove the information by clicking or touching the three-dot icon and selecting Remove result. Next, specify why you want the data erased. Complete the remaining steps before submitting the request to Google.

In response, the company will analyse your request to see if it fits the policy standards for removal, which could take a few days. If your request gets approved, Google will eliminate the specific result you specified. You can also check on your requests at the dashboard, which displays all requests, including those in process, accepted, denied, and undone.

However, keep in mind that deleting items from a Google search does not actually remove the content. By going directly to the source website or employing a different search engine, people might still be able to locate it.
Read more »
Sensitive Information
DDOS Tools Encryption malware MFA Payload Phishing Attacks Private Data Remote Code Execution Sensitive Information

Defending Against Stealer Log Cyber Threats

Cyber attacks are a serious concern in a digital environment that is becoming more linked. Silent cyber threats have become more common among the many different types of cyberattacks because of their covert nature and potentially disastrous outcomes. The stealer log, a tool used by bad actors to steal sensitive information from unwitting victims, is one notable variation. This article addresses ways to lessen the impact of the stealer log lifecycle on people and organizations while also delving into its complexities.

According to cybersecurity experts, a stealer log is a sophisticated malware designed to covertly infiltrate systems, gather confidential data, and exfiltrate it without arousing suspicion. These logs can harvest a wide array of information, including login credentials, financial data, and personal identification. An analysis by Flare Systems reveals that stealer logs often initiate their lifecycle through phishing emails or compromised websites, thus underscoring the importance of email security and robust browsing practices.

"Stealer logs are a testament to cybercriminals' evolving tactics. Understanding their lifecycle is crucial in building effective defenses against these threats," remarks Dr. Emily Parker, a cybersecurity analyst.

The lifecycle of a stealer log typically encompasses several stages:

  • Infiltration: Cybercriminals distribute malware through deceptive emails or exploit kits on compromised websites. Users are tricked into downloading and executing the malware, unknowingly granting it access to their systems.
  • Data Collection: Once inside the system, the stealer log meticulously captures sensitive data. It can record keystrokes, take screenshots, and extract stored passwords from browsers and other applications.
  • Encryption and Exfiltration: The stolen data is encrypted and transmitted to a remote server controlled by the attackers. This step ensures that the information remains hidden from security measures.
  • Remote Command and Control: Attackers can remotely control the malware, allowing them to update its functionality, deploy additional payloads, or pivot to new attack vectors.

Efforts to counter the stealer log threat are underway. A study highlights the significance of multi-factor authentication (MFA) and security awareness training in safeguarding against these threats. "Employing MFA adds an additional layer of protection, requiring attackers to breach multiple barriers, which can significantly impede their progress," states cybersecurity expert John Anderson.

Moreover, Flare Systems emphasizes continuous monitoring and incident response readiness as vital components of effective defense strategies. Regular system scans, behavioral analysis, and prompt patching of vulnerabilities can help detect and mitigate potential breaches before they escalate.

As cyber-attacks get more sophisticated, it is crucial to comprehend the lifecycle of tools like stealer logs while creating proactive security measures. By combining user education, technological advancements, and stringent security protocols, people and organizations can continue to have an advantage in the continuous struggle with cyber attackers. By being knowledgeable and using the right strategies, one can move confidently and resiliently in the digital world.
Read more »
User Security
Data Breach Data Leak Educational Institute Private Data User Security

Data Breach from Accreditation Org Exposes Sensitive Data of Educational Institutions

 

Jeremiah Fowler, a cybersecurity researcher, has disclosed an extensive data breach that has caused significant worries regarding the safety of sensitive data in the education sector. A staggering 682,438 records concerning educational institutions were found in an unencrypted database that Fowler discovered.

The exposed data belongs to the Southern Association of Independent Schools, Inc (SAIS), a well-known non-profit organisation that assists schools and educators throughout the United States and numerous other countries. 

The data dump featured a huge array of sensitive information spanning from 2012 to 2023, making it a gold mine for potential cyber thieves. The hacked documents included student and instructor data, health information, social security numbers (SSN), active shooter and lockdown notices, school maps, financial budgets, and other information. 

Confidential third-party security research assessing flaws in school security, camera positions, access points, and other crucial information that could represent a real-world security risk to students and faculty were of special concern.

The compromised database contained an incredible 572.8 GB of data in several file forms, including PDF, Excel, PPTX, doc, docx, png, jpg, and pages.


Potential threats and implications 

According to Fowler's blog post, the compromised records included student PII, private medical information, teacher background checks, pay information, and interview details. Additionally, the hack exposed budgets, financial reports, vehicle registrations, insurance policies, tax records, training materials, and a large amount of other unrelated information. 

The data breach highlighted a variety of potential threats, from simple extortion to more complex identity theft and financial crimes. Criminals who gain access to such private information may use it to commit fraud, such as applying for credit or loans in the names of educational institutions. 

Safety measures 

Schools, educational institutions, and accreditation authorities must give top priority to installing fundamental security measures like firewalls, encryption, and multi-factor authentication if they are to reduce potential threats in the future. 

Additionally, to effectively address and manage data breaches, should they occur, detailed incident response plans should be established, as well as routine employee training on cybersecurity best practices.
Read more »
Subscribe to: Posts (Atom)