Facebook Discloses Breach of User Photos to Third-Party Apps

Facebook said it discovered a bug that allowed unauthorized access to third-party apps of private photos, impacting about 6.8 million users. Facebook engineering director Tomer Bar said the company fixed the issue that allowed such apps “access to a broader set of photos than usual.” Starting with the Cambridge Analytica harvesting of user data, Facebook has had a string of problems related to data privacy, most recently with a serious hack in September that compromised the Facebook accounts of millions of users. Continue reading Facebook Discloses Breach of User Photos to Third-Party Apps

Facebook Says Spammers, Not Nation-State, Behind Breach

Facebook’s internal investigation into the recent data breach that affected 30 million user accounts has concluded that the hack was the work of spammers disguised as a digital marketing company, and not foreign nationals. Facebook believes the attack was initiated by a group of Facebook and Instagram spammers that intended to make money by means of deceptive advertising. The FBI is continuing its investigation into the hack, which is the worst security breach in the social network’s 14-year history. Continue reading Facebook Says Spammers, Not Nation-State, Behind Breach

Tidal Streaming Music Service Accused of Falsifying Streams

Jay-Z’s streaming music service Tidal was accused by Norwegian newspaper Dagens Næringsliv and the Norwegian University of Science and Technology (NTNU) of data manipulation, claiming the company faked many millions of streams for Beyoncé’s “Lemonade” and Kanye West’s “The Life of Pablo” albums. That’s considered fraud since labels and rights holders are paid based on the number of streams. Tidal denies the charges but investigators are reportedly looking into the possibility of a data breach. Continue reading Tidal Streaming Music Service Accused of Falsifying Streams

California Passes Tough New Law to Protect Online Privacy

The California State Legislature quickly passed a digital privacy law that gives consumers much more control over their online personal data. Governor Jerry Brown signed the law into effect, narrowly beating a deadline to remove another, tougher initiative headed for the November ballot. Consumers now have the right to know what information tech companies are collecting, and why they’re collecting it, as well as with whom they are sharing it. Consumers can also demand their data be deleted or not sold or shared. Continue reading California Passes Tough New Law to Protect Online Privacy

Hacker Accessed Customer Data From Orbitz Legacy System

Popular travel booking site Orbitz, owned by Expedia, confirmed yesterday that it “identified and remediated a data security incident affecting a legacy travel booking platform.” The company explained that a hack late last year exposed customer data and billing information spanning two years. Personal data may have included birth dates, mailing addresses, email addresses, gender, payment card info, and more. According to Orbitz, about 880,000 credit cards may have been affected. However, the company noted that the current Orbitz.com site was not breached. Continue reading Hacker Accessed Customer Data From Orbitz Legacy System

Debate Erupts After Reports of Access to Facebook User Data

Lawmakers in the U.S. and U.K. are demanding answers from Facebook and CEO Mark Zuckerberg after reports surfaced over the weekend that data analytics company Cambridge Analytica was able to exploit the personal data of 50 million Facebook users without their permission — data that was reportedly used in the 2016 Trump presidential campaign and the Brexit referendum. Facebook announced that it suspended Cambridge Analytica after learning Facebook policies specifying how third-party developers can deploy user data had been violated. Continue reading Debate Erupts After Reports of Access to Facebook User Data

Facebook Lists its Privacy Principles as EU’s Data Laws Loom

Before the European Union’s General Data Protection Regulation (GDPR) goes into effect on May 25, Facebook plans to debut a new privacy center that will be a hub for all its privacy settings. The company also published its “privacy principles” for the first time, with details of how it handles user information. Chief operating officer Sheryl Sandberg says the result will be a “good foundation” for meeting GDPR’s requirements. The GDPR limits how technology companies collect, store and utilize users’ personal information. Continue reading Facebook Lists its Privacy Principles as EU’s Data Laws Loom

New Uber CEO Faces the Impact of Undisclosed Data Breach

Uber Technologies acknowledged that one year ago it paid hackers $100,000 to hide a data breach that impacted 47 million accounts. The company fired then-chief security officer Joe Sullivan and deputy Craig Clark for both the breach itself and concealing it. The hackers got the names, emails and phone numbers of millions of riders as well as 600,000 drivers’ license numbers, although apparently Social Security numbers and credit card numbers were not accessed. Uber says it will inform those impacted by the breach in “coming days.” Continue reading New Uber CEO Faces the Impact of Undisclosed Data Breach

Europe to Employ Stricter Protection Rules for Personal Data

Since 1995, European businesses and organizations have operated under data protection rules specific to an era of much less digital data. To update the rules, the European General Data Protection Regulation (GDPR) will launch on May 25, 2018, and numerous GDPR experts are ready to profit off of their offer to help businesses get ready. U.K. information commissioner Elizabeth Denham dubs much of the activity as “scaremongering,” saying that companies that complied with the older rules won’t have to deal with major changes. Continue reading Europe to Employ Stricter Protection Rules for Personal Data

Under Senate Grilling, Equifax Says It Owns Consumer Data

Members of the Senate Commerce Committee interrogated Equifax interim chief executive Paulino do Rego Barros, but not about the widely reported hack that compromised the personal data of more than 145 million U.S. consumers. The committee wanted to know why Equifax was storing the information to begin with, challenging Equifax’s right to profit from such personal information. The highlight of the meetings thus far has been Barros’ assertion that Equifax, not consumers, own the data collected about them and that people cannot remove themselves from the company files. Continue reading Under Senate Grilling, Equifax Says It Owns Consumer Data

Equifax Breach Spurs Call for Federal Laws on Transparency

The Equifax breach exposed millions of U.S. adults’ personal information, prompted Federal Trade Commission and FBI investigations, and spurred lawsuits by many states’ attorneys general. With the threat of even worse breaches in the future, companies will be urged to adopt better cybersecurity practices. But the Equifax breach is likely to have another result that tech companies won’t like: the need for transparency. Although 48 states have already passed data-breach disclosure laws, now federal regulations are proposed. Continue reading Equifax Breach Spurs Call for Federal Laws on Transparency

Equifax Breaches Spur Businesses to Prioritize Cybersecurity

Equifax’s two cyber breaches, which exposed about 143 million Americans’ personal information, were the work of hackers who took advantage of a flaw in Apache Struts software. The nonprofit Apache Software Foundation and the U.S. Computer Emergency Readiness Team warned of the bug in early March, but Equifax only alerted its end users on September 7, almost five months later. IT experts say the event highlights the challenges in keeping software current and identifying all potentially vulnerable applications. Continue reading Equifax Breaches Spur Businesses to Prioritize Cybersecurity

Companies Return to Tape As Protection From Cyberattacks

The federal government, financial service companies, and other regulated industries store their most important data on tape, an old-fashioned and inconvenient format that is, nonetheless, impervious to hackers. As cyberattacks become more skillful and persistent, other companies are now following suit. Starting in the 1950s, digital tape, stored in on-site libraries, was the only means of reliable storage for massive amounts of data. Eventually, companies moved to digital records and, in recent years, the cloud. Continue reading Companies Return to Tape As Protection From Cyberattacks

Privacy Group Files Complaint Over New Google Ad Program

The Electronic Privacy Information Center filed a legal complaint with the Federal Trade Commission over Google’s Store Sales Measurement, a new advertising program that connects consumers’ online activities with purchases in retail stores. According to the complaint, Google now has access to U.S. consumers’ credit and debit card purchase records, but doesn’t reveal how it gets the information and uses a secretive method to protect it. The complaint states that consumers should be provided a way to opt out of the program. Continue reading Privacy Group Files Complaint Over New Google Ad Program

U.S. Claims That Russian Hackers Were Behind Yahoo Attack

The Department of Justice officially charged four people yesterday in connection with Yahoo’s 2014 data breach that reportedly resulted in the theft of data from 500 million Yahoo accounts. According to the indictment, the Russian government used the data obtained by two intelligence officers (Dmitry Dokuchaev, Igor Sushchin) and two hackers (Alexsey Belan, Karim Baratov) to spy on White House and military officials, bank executives, cloud computing companies, a senior level airline official, a Nevada gaming regulator, as well as Russian journalists, business execs and government officials. Continue reading U.S. Claims That Russian Hackers Were Behind Yahoo Attack