Twitch Hack Leaks App Code, Revenue from Streaming Stars

Video game streaming platform Twitch has suffered a data breach resulting in information about the revenue earned by the biggest game streamers leaked to online chat forum 4chan. “Find out how much your favorite streamer is really making!” the hacker wrote in a 4chan data dump labeled “part one.” The perpetrator claimed to have additional information about Twitch’s creator payouts, source code and internal security tools and creator payouts. Without confirming what data was taken, Twitch confirmed the breach, writing on Twitter, “Our teams are working with urgency to understand the extent of this.” Continue reading Twitch Hack Leaks App Code, Revenue from Streaming Stars

Ireland Fines Twitter for Privacy Breach in a First for U.S. Tech

Ireland’s Data Protection Commission fined Twitter €450,000 (about $546,000) for failing to notify the regulator or document a data breach within 72 hours. The breach, revealed in January 2019, exposed some Android users’ private tweets for over four years. Twitter chief privacy officer Damien Kieran said the company takes responsibility … and remains “fully committed to protecting the privacy and data of [its] customers.” This is the first time a U.S. tech company has been served with a GDPR fine in a cross-border case. Continue reading Ireland Fines Twitter for Privacy Breach in a First for U.S. Tech

EU Regulators: IAB Europe Is Not in Compliance with GDPR

Belgian investigators are scrutinizing the Belgian-based Interactive Advertising Bureau (IAB) Europe, which they say is responsible for how its members buy, sell and use individuals’ data in digital ads. According to their internal report, Google and other major online advertisers are violating Europe’s General Data Protection Regulation in its auctions. The investigation was prompted by complaints against the use of personal data in the real-time bidding (RTB) component of programmatic advertising. Continue reading EU Regulators: IAB Europe Is Not in Compliance with GDPR

Unsecured Databases Leak 235 Million Social Media Profiles

On August 1, security research firm Comparitech, led by Bob Diachenko, discovered a massive data leak of nearly 235 million Instagram, TikTok and YouTube user profiles. The leak was due to an unsecured database, which is quickly becoming a widespread cause of similar breaches. An audit of the dark web found about 15 billion stolen logins from 100,000 such unsecured database breaches. The data leak discovered by Diachenko and his team was spread across several datasets, including two of 100 million each of Instagram users. Continue reading Unsecured Databases Leak 235 Million Social Media Profiles

Republicans Issue Draft of Federal Data Privacy Legislation

Senate Commerce Committee chair Roger Wicker (R-Mississippi) proposed draft legislation that he said will support tough protections for consumer data and address the concerns of Democrats. Last week, Senator Maria Cantwell (D-Washington), the Committee’s top Democrat, proposed a data privacy law. The idea, Wicker continued, is to create a national privacy law that will override state privacy laws passed by California and other states. He and others believe state laws will create an unwieldy patchwork. Continue reading Republicans Issue Draft of Federal Data Privacy Legislation

Companies Prep for Brunt of California Consumer Privacy Act

Beginning January 2020, the California Consumer Privacy Act (CCPA) will allow that state’s residents to find out exactly what personal data companies hold about them — and ask them to delete such information. Consumers will also have the option of opting out of allowing their personal information to be sold. The legislation — which was designed to make Amazon, Facebook, Google and others more transparent — will impact a wide range of companies, large and small, including airlines, banks, retailers and restaurants. Continue reading Companies Prep for Brunt of California Consumer Privacy Act

Capital One Breach Exposes Data of 106 Million Customers

A hacker accessed the personal data of about 106 million credit card customers and applicants of Capital One Financial, the fifth-largest credit card company in the U.S., making it one of the biggest such breaches of a large bank. Federal authorities arrested 33-year old Paige Thompson, who is accused of breaking through the bank’s firewall to access data stored on Amazon’s cloud service. Most of those exposed by the hack were customers and small businesses who applied for credit cards between 2005 and early 2019. Continue reading Capital One Breach Exposes Data of 106 Million Customers

SEC Fines Facebook $100 Million Over Misuse of User Data

The Securities and Exchange Commission fined Facebook $100 million to settle a case related to Cambridge Analytica, which in 2014-2015 collected Facebook data — including names, genders, locations, birthdays and “page likes” — of about 30 million Americans to create “personality scores” and ultimately use it for Donald Trump’s presidential election campaign. When Facebook discovered this misuse of data in 2015, it didn’t reveal what had happened for two years, during which time it presented the issue of data misuse as hypothetical. Continue reading SEC Fines Facebook $100 Million Over Misuse of User Data

2017 Data Breach Likely to Cost Equifax Up to $700 Million

In September 2017, hackers broke into credit agency Equifax, compromising almost 150 million Social Security numbers and other personal information. Now, according to sources, under the terms of an agreement with the Federal Trade Commission, Consumer Financial Protection Bureau and most state attorneys general, Equifax will pay about $700 million to settle with these agencies as well as a nationwide consumer class-action lawsuit. The exact amount of the settlement depends on the number of consumer claims ultimately filed. Continue reading 2017 Data Breach Likely to Cost Equifax Up to $700 Million

Google Chrome Extension Alerts Users to Password Issues

To combat data breaches, Google has created a Chrome extension to provide a “password checkup” that compares users’ passwords with a database of four billion unique usernames and passwords that have been compromised. The extension works in the background, only showing a warning if it finds a match. That’s all it does: it is not a password manager that determines how weak or strong passwords are. Google accounts, often the key to a user’s email address, are breached mainly because people reuse passwords on multiple sites. Continue reading Google Chrome Extension Alerts Users to Password Issues

Have You Been Hacked? Very Likely In Light of Mega-Breach

Security researcher Troy Hunt, who offers a way to search if your email addresses or passwords have been breached, maintains Collection #1, the largest breach ever, which holds 772,904,991 unique emails and 21 million unique passwords, all of which have been recently posted to a hacking forum. Those numbers represent a “cleaned-up” version of the raw data, which comprise 2.7 billion rows of email addresses and passwords, including over one billion unique combinations of hacked emails and passwords. Continue reading Have You Been Hacked? Very Likely In Light of Mega-Breach

Facebook Discloses Breach of User Photos to Third-Party Apps

Facebook said it discovered a bug that allowed unauthorized access to third-party apps of private photos, impacting about 6.8 million users. Facebook engineering director Tomer Bar said the company fixed the issue that allowed such apps “access to a broader set of photos than usual.” Starting with the Cambridge Analytica harvesting of user data, Facebook has had a string of problems related to data privacy, most recently with a serious hack in September that compromised the Facebook accounts of millions of users. Continue reading Facebook Discloses Breach of User Photos to Third-Party Apps

Facebook Says Spammers, Not Nation-State, Behind Breach

Facebook’s internal investigation into the recent data breach that affected 30 million user accounts has concluded that the hack was the work of spammers disguised as a digital marketing company, and not foreign nationals. Facebook believes the attack was initiated by a group of Facebook and Instagram spammers that intended to make money by means of deceptive advertising. The FBI is continuing its investigation into the hack, which is the worst security breach in the social network’s 14-year history. Continue reading Facebook Says Spammers, Not Nation-State, Behind Breach

Tidal Streaming Music Service Accused of Falsifying Streams

Jay-Z’s streaming music service Tidal was accused by Norwegian newspaper Dagens Næringsliv and the Norwegian University of Science and Technology (NTNU) of data manipulation, claiming the company faked many millions of streams for Beyoncé’s “Lemonade” and Kanye West’s “The Life of Pablo” albums. That’s considered fraud since labels and rights holders are paid based on the number of streams. Tidal denies the charges but investigators are reportedly looking into the possibility of a data breach. Continue reading Tidal Streaming Music Service Accused of Falsifying Streams

California Passes Tough New Law to Protect Online Privacy

The California State Legislature quickly passed a digital privacy law that gives consumers much more control over their online personal data. Governor Jerry Brown signed the law into effect, narrowly beating a deadline to remove another, tougher initiative headed for the November ballot. Consumers now have the right to know what information tech companies are collecting, and why they’re collecting it, as well as with whom they are sharing it. Consumers can also demand their data be deleted or not sold or shared. Continue reading California Passes Tough New Law to Protect Online Privacy