Facebook Had Years to Fix the Flaw That Leaked 500M Users’ Data

Facebook Had Years to Fix the Flaw That Leaked 500M Users’ Data

That incident differs from the more recent Facebook controversy, in which attackers were able to "scrape” Facebook by enumerating batches of possible phone numbers from more than 100 countries, submitting them to the contact import tool, and manipulating it to return the names, Facebook IDs, and other data users had posted on their profiles.

Hobby Lobby Exposes Customer Data in Cloud Misconfiguration

Hobby Lobby Exposes Customer Data in Cloud Misconfiguration

Arts-and-crafts retailer Hobby Lobby has suffered a cloud-bucket misconfiguration, exposing a raft of customer information, according to a report.“The Hobby Lobby incident is the latest example of why we need to take public cloud threat vectors so seriously,” said Douglas Murray, CEO at Valtix, told Threatpost.

DuckDuckGo Privacy Essentials vulnerabilities: Insecure communication and Universal XSS

DuckDuckGo Privacy Essentials vulnerabilities: Insecure communication and Universal XSS

This doesn’t stop extensions from trying of course, simply because this API is so convenient compared to secure extension APIs. In case of DuckDuckGo Privacy Essentials, the content script.While this communication is intended for the content script loaded in a frame, the web page there can see it as well.

Research finds 14% of mobile apps leave user data in unsecured servers

Research finds 14% of mobile apps leave user data in unsecured servers

App developers rely on third-party servers to simplify data storage, but new research indicates that these servers are often left with little to no security over sensitive data.The issue lies in developers who do not secure their server, so any and all app categories are affected.

Latest Brave browser update fixes Tor .onion DNS Leak

Latest Brave browser update fixes Tor .onion DNS Leak

The company notes on its support page that its browser "does not implement most of the privacy protections from Tor Browser" and that it "recommends using Tor Browser instead of Brave Tor windows" for "absolute anonymity".One user discovered last week that Brave was leaking information in Tor mode.

Covid-19 vaccine passports for travel and work are coming: what are the implications for human rights, privacy and surveillance?

Covid-19 vaccine passports for travel and work are coming: what are the implications for human rights, privacy and surveillance?

Moreover, the experts say that at present, “vaccination status does not offer clear or conclusive evidence about any individual’s risk to others via transmission, so cannot be a robust basis for risk-based decision making, and therefore any roll-out of a digital passport is not currently justified.” However, they also recognize that as more data emerges, so the pressure on governments to issue vaccine passports will increase.

ShazLocate! Abusing CVE-2019-8791 & CVE-2019-8792

ShazLocate! Abusing CVE-2019-8791 & CVE-2019-8792

I found a vulnerability in the popular Shazam application that allowed an attacker to steal the precise location of a user simply by clicking a link!

Not going dark: personal data from the Internet of Things ushers in a golden age for law enforcement

Not going dark: personal data from the Internet of Things ushers in a golden age for law enforcement

A report from the Brennan Center for Justice provides a good summary of how the authorities are accessing that data in order to help them with their work: The proliferation of connected devices provides expansive opportunities for the government to assemble detailed portraits of people’s lives.

A Facebook bug exposed Instagram users’ personal email addresses and birthdays

A Facebook bug exposed Instagram users’ personal email addresses and birthdays

The experimental upgrade meant that if a Facebook business account was linked to Instagram and was included in the test group, the Business Suite tool would show additional information about a person alongside any direct message — including their supposedly private email address and birthday.

When you tell Chrome to wipe private data about you, it spares two websites from the purge: Google.com, YouTube

When you tell Chrome to wipe private data about you, it spares two websites from the purge: Google.com, YouTube

While cookies are typically used to identify you and store some of your online preferences when visiting websites, site data is on another level: it includes, among other things, a storage database in which a site can store personal information about you, on your computer, that can be accessed again by the site the next time you visit.

If you used Firefox to access Twitter, your non-public info may have been exposed

If you used Firefox to access Twitter, your non-public info may have been exposed

This means that if you accessed Twitter from a shared or public computer via Mozilla Firefox and took actions like downloading your Twitter data archive or sending or receiving media via Direct Message, this information may have been stored in the browser’s cache even after you logged out of Twitter.

Apple Tells Secure Messaging App Telegram to Take Down Protestor Channels in Belarus

Apple Tells Secure Messaging App Telegram to Take Down Protestor Channels in Belarus

These channels are a tool for Belarus’ citizens protesting the recently rigged presidential election, but, with a centralized entity like Apple calling the shots on its own App Store, there’s little the protesters can do about it, explains Telegram CEO Pavel Durov.

Derek McMinn: Surgeon ‘hoarded thousands of body parts over 25 years'

Derek McMinn: Surgeon ‘hoarded thousands of body parts over 25 years'

How Birmingham hospital staff stayed silent for decades as surgeon ‘harvested body parts’Derek McMinn: The surgical pioneer facing a scandalAnother surgeon raises serious questions for private hospital regulationHowever, it is understood that the full scale of McMinn’s actions – dating back to the 1990s – was kept from some regulators until the The Independent began making inquiries in the past week, despite completion of the internal review in October last year.

Instagram kept deleted photos and messages on its servers for more than a year

Instagram kept deleted photos and messages on its servers for more than a year

But when security researcher Saugat Pokharel requested a copy of photos and direct messages from the photo-sharing app, he was sent data he’d deleted more than a year ago, showing that the information had never been entirely removed from Instagram’s servers.

Some T-mobile customers shadowbanned from texting after sending the word “belly” via SMS

Some T-mobile customers shadowbanned from texting after sending the word “belly” via SMS

T-Mobile customers were being shadowbanned from sending SMS text messages for ten days because they sent the word “belly.” When shadowbanned, T-Mobile users receive no notice that they have been censored as their messages still seem like they’re going through, but nothing is received on the other end.

LinkedIn blames bug for clipboard snooping discovered by iOS 14

LinkedIn blames bug for clipboard snooping discovered by iOS 14

The LinkedIn controversy comes a week after TikTok, one of the most popular apps in the world, said it would stop snooping on user clipboards after iOS 14 revealed that it was doing just that.

Erdoğan seeks to shut, control social media platforms in Turkey

Erdoğan seeks to shut, control social media platforms in Turkey

President Recep Tayyip Erdoğan has said that he seeks to shut social media platforms in Turkey, a day after his daughter Esra Albayrak was insulted on Twitter.

Warning—Apple Suddenly Catches TikTok Secretly Spying On Millions Of iPhone Users

Warning—Apple Suddenly Catches TikTok Secretly Spying On Millions Of iPhone Users

Apple originally dismissed the clipboard vulnerability as an issue, and only provided a fix after significant media coverage of the security research.

Top EU data protection agency under pressure to act against Internet giants as GDPR turns 2 years old

Top EU data protection agency under pressure to act against Internet giants as GDPR turns 2 years old

With its public statement, the Irish DPC is trying to signal that it is working hard on these big cases, but Schrems doesn’t think it is making enough progress.

YouTube is deleting comments with two phrases that insult China’s Communist Party

YouTube is deleting comments with two phrases that insult China’s Communist Party

YouTube is automatically deleting comments that contain certain Chinese-language phrases related to criticism of the country’s ruling Communist Party (CCP).The Verge found evidence that comments were being deleted as early as October 2019, when the issue was raised on YouTube’s official help pages and multiple users confirmed that they had experienced the same problem.

Coronavirus symptom apps are already showing their security problems

Coronavirus symptom apps are already showing their security problems

Users could answer questions and report symptoms to the app, which would then collate the data to monitor the spread and scale of the severity of coronavirus.

A mistake at Facebook broke Spotify, Venmo, TikTok, and other iPhone apps

A mistake at Facebook broke Spotify, Venmo, TikTok, and other iPhone apps

"A new release of Facebook included a change that triggered crashes for some users in some apps using the Facebook iOS SDK.The apps were attempting to communicate with Facebook's servers and crashing as a result.

Spotify, TikTok, and other popular iOS apps were crashing due to a Facebook issue

Spotify, TikTok, and other popular iOS apps were crashing due to a Facebook issue

A source with knowledge of the situation told The Verge that Facebook had disabled a server configuration update that triggered its SDK to cause apps using it to crash.

You Could Get Jailed For Not Installing Aarogya Setu App: Noida Police

You Could Get Jailed For Not Installing Aarogya Setu App: Noida Police

However, the police officials of Noida and Greater Noida have said that they will let go of the people who agree to download the app in front of them at the time of checking.

Hong Kong's pandas mate for first time in decade in privacy of coronavirus lockdown

Hong Kong's pandas mate for first time in decade in privacy of coronavirus lockdown

A middle-aged couple of giant pandas in a Hong Kong theme park have mated for the first time in more than 10 years, after finally enjoying a period of privacy thanks to the coronavirus lockdown.

Zoom is Leaking Peoples' Email Addresses and Photos to Strangers

Zoom is Leaking Peoples' Email Addresses and Photos to Strangers

The issue lies in Zoom's "Company Directory" setting, which automatically adds other people to a user's lists of contacts if they signed up with an email address that shares the same domain.

Cellphone Carriers May Face $200 Million in Fines for Selling Location Data

Cellphone Carriers May Face $200 Million in Fines for Selling Location Data

The Federal Communications Commission is set to propose about $200 million in fines against four major cellphone carriers for selling customers’ real-time location data, according to three people briefed on the discussions.

Facial Recognition Surveillance Technology Should Be Suspended in the U.S. Says Coalition of 40 Privacy and Free Speech Groups

Facial Recognition Surveillance Technology Should Be Suspended in the U.S. Says Coalition of 40 Privacy and Free Speech Groups

Concerns over the potential for abuse have driven all of this, and that is also what has motivated 40 groups headed by the Electronic Privacy Information Center (EPIC) to draft a letter recommending that federal agencies suspend the use of facial recognition surveillance systems.

Activision Subpoenas Reddit to Identify Call of Duty Warzone ‘Leaker’

Activision Subpoenas Reddit to Identify Call of Duty Warzone ‘Leaker’

According to documents obtained by TorrentFreak, the gaming giant has also obtained a DMCA subpoena from a US court, which compels Reddit to hand over the personal details of a user who allegedly posted a leaked image to the site.

AT&T is blocking Tutanota. This shows why we must fight for net neutrality.

AT&T is blocking Tutanota. This shows why we must fight for net neutrality.

A free Internet guarantees that all online services are being treated equally: Right now we can access any website at the same speed.Without net neutrality ISPs could, for instance, offer a 'US bundle', which allows users to use certain US services like Google, Facebook and Twitter without any data limit.