Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label User Data. Show all posts
User Data
Amazon Chrome Cookie Data Facebook Safari Technology User Data

No More Internet Cookies? Digital Targeted Ads to Find New Ways


Google Chrome to block cookies

The digital advertising world is changing rapidly due to privacy concerns and regulatory needs, and the shift is affecting how advertisers target customers. Starting in 2025, Google to stop using third-party cookies in the world’s most popular browser, Chrome. The cookies are data files that track our internet activities in our browsers. The cookie collects information sold to advertisers, who use this for targeted advertising based on user data. 

“Cookies are files created by websites you visit. By saving information about your visit, they make your online experience easier. For example, sites can keep you signed in, remember your site preferences, and give you locally relevant content,” says Google.

In 2019 and 2020, Firefox and Safari took a step back from third-party cookies. Following their footsteps, Google’s Chrome allows users to opt out of the settings. As the cookies have information that can identify a user, the EU’s and UK’s General Data Protection Regulation (GDPR) asks a user for prior consent via spamming pop-ups. 

No more third-party data

Once the spine of targeted digital advertising, the future of third-party cookies doesn’t look bright. However, not everything is sunshine and rainbows. 

While giants like Amazon, Google, and Facebook are burning bridges by blocking third-party cookies to address privacy concerns, they can still collect first-party data about a user from their websites, and the data will be sold to advertisers if a user permits, however in a less intrusive form. The harvested data won’t be of much use to the advertisers, but the annoying pop-ups being in existence may irritate the users.

How will companies benefit?

One way consumers and companies can benefit is by adapting the advertising industry to be more efficient. Instead of using targeted advertising, companies can directly engage with customers visiting websites. 

Advances in AI and machine learning can also help. Instead of invasive ads that keep following you on the internet, the user will be getting information and features personally. Companies can predict user needs, and via techniques like automated delivery and pre-emptive stocking, give better results. A new advertising landscape is on its way.

Read more »
User Data
Cloud Firm Cloudfare Data Breach Data Loss User Data

Faulty Upgrade at Cloudflare Results in User Data Loss

 

Cloudflare has disclosed a severe vulnerability with its logging-as-a-service platform, Cloudflare Logs, which resulted in user data loss due to an improper software update. The US-based connectivity cloud firm acknowledged that around 55% of log data generated over a 3.5-hour period on November 14, 2024, was permanently wiped out. This loss was caused by a succession of technical misconfigurations and system failures. 

Cloudflare logs collects event metadata from Cloudflare's global network and makes it available to customers for troubleshooting, compliance, and analytics. To speed up log delivery and avoid overloading users, the organisation uses Logpush, a system that collects and transmits data in manageable sums. An update to Logpush caused a series of system failures, disrupting services and resulting in data loss. 

The incident started with a configuration upgrade to enable support for an additional dataset in Logpush. A defect in the configuration generation system resulted in Logfwdr, a component responsible for forwarding logs, receiving an empty configuration. This error informed Logfwdr that no logs needed to be delivered. Cloudflare discovered the bug within minutes and reverted the update. 

However, rolling back the update triggered a separate, pre-existing issue in Logfwdr. This flaw, which was linked to a fail-safe technique designed to "fail open" in the event of configuration mistakes, caused Logfwdr to process and attempt to transmit logs for all customers, not just those with active setups. 

The unexpected rise in log processing overloaded Buftee, Cloudflare's log buffering system. Buftee is intended to keep distinct buffers for each customer to ensure data integrity and prevent interference between log operations. Under typical circumstances, Buftee manages millions of buffers worldwide. The large influx of data caused by the Logfwdr mistake boosted buffer demand by fortyfold, exceeding Buftee's capacity and rendering the system unresponsive. 

According to Cloudflare, addressing the issue needed a complete system reset and several hours of recovery time. During this time, the company was unable to transfer or recover the affected logs, which resulted in permanent data loss.

Cloudflare attributed the incident to flaws in its system security and configuration processes. While systems for dealing with such issues existed, they were not set up to handle such a large-scale failure. Buftee, for example, offers capabilities designed to handle unexpected surges in buffer demand, but these functions were not enabled, leaving the system vulnerable to overflow.

The company also stated that the fail-open mechanism in Logfwdr, which was established during the service's early development, has not been updated to match the much bigger user base and traffic levels. This error enabled the system to send logs for all clients, resulting in a resource spike that exceeded operational constraints. 

Cloudflare has apologised for the disruption and pledged to prevent similar instances in the future. The company is implementing new alerts to better detect configuration issues, improving its failover procedures to manage larger-scale failures, and doing simulations to verify system resilience under overload scenarios. 

Furthermore, Cloudflare is improving its logging design so that individual system components can better withstand cascading failures. While faults in complex systems are unavoidable, the company's priority is to minimise their impact and ensure that services recover fast. 

Last month, Cloudflare claimed successfully managing the largest recorded distributed denial-of-service (DDoS) assault, which reached 3.8 terabits per second (Tbps). The attack was part of a larger campaign aimed at industries such as internet services, finance, and telecommunications. The campaign consisted of over 100 hyper-volumetric DDoS attacks carried out over the course of a month, overwhelming network infrastructure with massive amounts of data.
Read more »
User Privacy
Data Laws Data Privacy Digital Rights Privacy User Data User Privacy

Balancing Act: Russia's New Data Decree and the Privacy Dilemma

Balancing Act: Russia's New Data Decree and the Privacy Dilemma

Data Privacy and State Access

Russia's Ministry of Digital Development, Communications, and Mass Media has introduced a draft decree specifying the conditions under which authorities can access staff and customer data from businesses operating in Russia, according to Forbes.

The decree would authorize authorities to demand anonymized personal data of customers and employees from businesses in order to protect the population during emergencies, prevent terrorism, and control the spread of infectious diseases, as well as for economic and social research purposes.

The Proposed Decree

Expected to take effect in September 2025, this draft decree follows amendments to the law On Personal Data, adopted on August 8. This law established a State Information System, requiring businesses and state agencies to upload the personal data of their staff and customers upon request.

The Big Data Association, a nonprofit that includes major Russian companies like Yandex, VK, and Gazprombank, has expressed concerns that the draft decree would permit authorities to request personal data from businesses "for virtually any reason." They warned that this could create legal uncertainties and impose excessive regulatory burdens on companies processing personal data, affecting nearly all businesses and organizations.

Global Context: A Tightrope Walk

Russia is not alone in its quest for greater access to personal data. Countries around the world are grappling with similar issues. For instance, the United States has its own set of laws and regulations under the Patriot Act and subsequent legislation that allows the government to access personal data under certain conditions. Similarly, the European Union’s General Data Protection Regulation (GDPR) provides a framework for data access while aiming to protect individual privacy.

Each country’s approach reflects its unique political, social, and cultural context. However, the core issue remains: finding the right balance between state access and individual privacy.

Ethical and Social Implications

The debate over state access to personal data is not purely legal or political; it is deeply ethical and social. Enhanced state access can lead to improved public safety and national security. For example, during a health crisis like the COVID-19 pandemic, having access to personal data can help in effective contact tracing and monitoring the spread of the virus.
Read more »
User Safety
Data Breach Leak Personal Data Safety Security User Data User Safety

ICBC London Branch Hit by Ransomware Attack, Hackers Steal 6.6TB of Sensitive Data

 

The London branch of the Industrial and Commercial Bank of China (ICBC) recently fell victim to a ransomware attack, resulting in the theft of sensitive data. According to a report by The Register, which references information posted on the hackers' data leak site, the bank has until September 13 to meet the ransom demand or risk the stolen data being publicly leaked.

The attack was orchestrated by a group called Hunters International, who claim to have exfiltrated 5.2 million files, amounting to 6.6 terabytes of sensitive information. Despite being a relatively new name in the ransomware scene, some experts believe Hunters International is a rebranded version of Hive, a notorious ransomware group that was dismantled by the FBI in July 2022. At that time, the FBI successfully infiltrated the Hive group, seizing decryption keys and halting its operations.

Emerging approximately a year ago, Hunters International has shifted its focus toward data theft rather than system encryption. Some cybersecurity researchers suggest that developing and deploying encryption tools is complex and time-consuming, making data theft alone an equally profitable, yet simpler, approach for the group.

ICBC, the world’s largest bank by total assets and market capitalization, is a state-owned financial institution in China. It provides a variety of banking services, including corporate and personal banking, wealth management, and investment banking. With an extensive global presence, ICBC plays a significant role in funding infrastructure projects both domestically and abroad.

As of now, ICBC has not made any public statements regarding the attack or responded to requests for comment.
Read more »
User Data
Data Breach Data Leak Flightaware Misconfiguration User Data

Flight Aware User Data Leaked Following Misconfiguration

 

FlightAware, a flight tracking company, urges some customers to change their account login passwords after a data breach may have compromised private data. This Houston-based technology company provides aircraft tracking data in both real time and historical format.

Furthermore, it is recognised as the world's largest flight-tracking platform, with a network of 32,000 Automatic Dependent Surveillance-Broadcast (ADS-B) ground stations spread across 200 nations.

However, the firm recently disclosed in a statement posted on the California Attorney General's website that it experienced a data security breach on January 1, 2021. The breach was triggered by a misconfiguration that led to a setup error. 

Moreover, the company only discovered the issue on July 25, 2024, exposing private user data for nearly three years. As of now, the company has yet to reveal whether the exposed data was misused or stolen during its unprotected state for three years. 

In their initial announcement, FlightAware stated that they had discovered a setup issue that might have unintentionally exposed user IDs, passwords, and email addresses associated with their accounts. Whether or not users chose to add certain data categories to their accounts—such as full names, phone numbers, IP addresses, shipping addresses, billing addresses, social network profiles, and birth dates—may have had an influence on some users.

Critical information may also be compromised for certain accounts, including the last four digits of your credit card numbers, the status of the pilot, account activity (flights seen and comments left), and your Social Security Number (SSN). 

FlightAware, on the other hand, claimed that they had rectified the configuration issue and that any account holders whose data was compromised would be advised to change their passwords when they logged back into the platform. The company also assured all clients who got the security issue notification that they would be given a free two-year identity protection package and encouraged them to report any suspicious activity to local law enforcement authorities. 

Finally, the discovery of this unintentional data breach suggests that potentially impacted users should be wary of unwanted mailings. Threat actors could have used the exposed data for nefarious purposes such as identity theft and phishing.
Read more »
User Privacy
Data Breach Data Safety data security Safety Security User Data User Privacy

National Public Data Breach Exposes Millions: Threat of Identity Theft Looms

 

Data breaches continue to be a persistent issue without a simple solution, as evidenced by the recent breach of the background-check service National Public Data. This incident highlights the escalating dangers and complexity of such breaches. After months of uncertainty, National Public Data has finally confirmed the breach, coinciding with a large amount of stolen data being leaked online.

In April, a hacker known as USDoD started selling a data set on cybercriminal forums for $3.5 million. The data, said to include 2.9 billion records, purportedly affected "the entire population of the USA, CA, and UK." As the weeks passed, samples of the data emerged, with researchers and other actors verifying its authenticity. By early June, it was confirmed that the data contained information like names, emails, and physical addresses.

Although the data's accuracy varies, it appears to consist of two main sets. One contains over 100 million legitimate email addresses along with other personal information. "There appears to have been a data security incident that may have involved some of your personal information," National Public Data announced on Monday. "The incident is believed to have involved a third-party bad actor who attempted to access data in late December 2023, with potential leaks occurring in April 2024 and summer 2024. The breached information includes names, email addresses, phone numbers, Social Security numbers, and mailing addresses."

The company stated it is cooperating with law enforcement and government investigators. National Public Data now faces potential class action lawsuits due to the breach.

"We have become desensitized to the continuous leaks of personal data, but there is a serious risk," says security researcher Jeremiah Fowler, who has been monitoring the National Public Data situation. "It may not be immediate, and it could take years for criminals to figure out how to use this information effectively, but a storm is coming."

When data is stolen from a single source, such as Target, it is relatively easy to trace the source. However, when information is stolen from a data broker and the company does not disclose the incident, it becomes much harder to verify the data's legitimacy and origin. Often, people whose data is compromised are unaware that National Public Data held their information.

Security researcher Troy Hunt noted in a blog post, "The only parties that know the truth are the anonymous threat actors and the data aggregator. We're left with 134M email addresses in public circulation and no clear origin or accountability." Even when a data broker admits to a breach, as National Public Data has, the stolen data may be unreliable and mixed with other datasets. Hunt found many email addresses paired with incorrect personal information, along with numerous duplicates and redundancies.

"There were no email addresses in the Social Security number files," noted Hunt, who operates the website Have I Been Pwned (HIBP). "If you find your email in this data breach via HIBP, there's no evidence your SSN was leaked, and the data next to your record may be incorrect."

For those whose Social Security numbers were included in the breach, the threat of identity theft remains significant. They are forced to freeze their credit, monitor credit reports, and set up financial monitoring services. Notifications about the breach have already been sent out by credit monitoring and threat intelligence services. Although the stolen data is flawed, researchers warn that every data set attackers obtain can fuel scamming, cybercrime, and espionage when combined with other personal data compiled by criminals over the years.

"Each data breach is a puzzle piece, and bad actors and certain nations are collecting this data," Fowler says. "When combined systematically and organized in a searchable way, numerous breaches can provide a complete profile of individual citizens."
Read more »
User Security
Data Data Breach Safety Security User Data User Privacy User Safety User Security

Massive Data Leak Exposes Sensitive Information for Millions

 


A significant data breach has compromised the personal information of millions of individuals across the United States, United Kingdom, and Canada. The leaked data, obtained from a company called National Public Data, includes highly sensitive information such as names, mailing addresses, and social security numbers.

The leaked database, consisting of nearly 2.7 billion records, was reportedly offered for sale on the dark web. While the exact scope of the breach is still being investigated, numerous individuals have confirmed the presence of their personal data within the leaked files.

The exposed information poses a serious risk of identity theft and other malicious activities. Scammers may use this data to target individuals with phishing attempts or fraudulent transactions.

To protect yourself:

1. Be wary of suspicious emails: Avoid clicking on links or opening attachments in unsolicited emails, even if they appear to be from legitimate sources.
2. Verify the sender: Double-check the sender's email address to ensure it is authentic.
3. Use strong, unique passwords: Create complex passwords for all your online accounts and avoid reusing them across different platforms.
4. Monitor your accounts: Regularly check your bank statements, credit reports, and online accounts for any unauthorized activity.

If you believe your personal information may have been compromised in this data breach, it is recommended to take steps to protect your identity and report the incident to the appropriate authorities.

Read more »
User Privacy
Data Data Breach data security Safety Security Third Party Data User Data User Privacy

National Public Data Hacked: Personal Information of Millions at Risk

 


National Public Data, a company specializing in background checks and fraud prevention, has experienced a significant data breach. The data collected by the company has reportedly fallen into the hands of a hacking group known as "USDoD," which began selling access to the stolen information in April. The stolen data is said to include details of users from the US, UK, and Canada.

The company is now facing a class-action lawsuit, as reported by Bloomberg Law. The lawsuit was filed by Christopher Hoffman, a resident of California, after his identity protection service alerted him that his personal data had been compromised in the breach.

The scope of the data leak could be one of the largest ever recorded, though the full extent is still unconfirmed. National Public Data has not yet responded to requests for comment. However, in June, malware repository VX Underground reviewed the stolen data, which was initially on sale for $3.5 million.

VX Underground confirmed the authenticity of the massive 277.1GB uncompressed file, noting that the data included real and accurate information. They verified several individuals' details, who consented to the search of their information. According to VX Underground, the stolen data encompasses Social Security numbers, full names, and user address history spanning over three decades. It appears that the personal information of users who opted out of data collection was not included. USDoD acted as a broker for the sale, while a mysterious individual known as "SXUL" was behind the breach.

Although USDoD intended to sell the data to private buyers, it has reportedly been circulating freely on a popular hacker forum, posing a significant risk of identity theft. The archive is said to include dates of birth and phone numbers, though users who have downloaded the 277GB file report numerous duplicates. Some entries pertain to the same individual at different addresses, and others cover deceased persons. As a result, the actual number of affected individuals is estimated to be closer to 225 million, rather than the initially believed 2.9 billion.

National Public Data had previously advertised its People Finder tool, claiming access to over 2.2 billion merged records covering the entire adult population of the USA and its territories. In response to the breach, some identity protection services have already begun analyzing the stolen data and notifying affected consumers whose Social Security numbers were found in the archive. Hoffman's class-action lawsuit demands that National Public Data pay damages and implement several IT security changes, including the deletion of stored data on US users unless a reasonable justification is provided.
Read more »
Subscribe to: Posts (Atom)