Privacy Roundup #0112 • November 2015
November 2015 paired a wave of breaches that swept up children, prisoners and hotel guests with a renewed government push to weaken encryption after the Paris attacks.
1. VTech hack exposes data on millions of parents and children
A hacker broke into the toymaker VTech and lifted the records of almost five million parents and more than two hundred thousand children, including photos, chat logs and home addresses. Motherboard, which received the stolen files, described it as one of the largest hacks yet to centre on data about children.
2. TalkTalk breach data already on sale as further arrests follow
Stolen TalkTalk customer details surfaced for sale on darknet markets within days of the attack, while police made a third arrest in the case. Reports warned that criminals were already using the records to target elderly customers with scam calls.
3. Comcast resets 200,000 passwords after credentials sell on the dark web
Almost 590,000 Comcast email addresses and passwords appeared for sale on a dark web marketplace, of which roughly 200,000 were still active. Comcast reset those accounts but denied any breach of its own systems, blaming recycled credentials from earlier leaks.
4. Evidence mounts that Carnegie Mellon attacked Tor for the FBI
Bruce Schneier laid out the case that university researchers had quietly deanonymised Tor users and handed the results to the FBI. He argued that the deeper damage was to the credibility of CERT as an honest broker of vulnerabilities.
5. Carnegie Mellon says the FBI came with a subpoena, not cash
Carnegie Mellon denied accepting a million dollars to crack Tor and instead implied that it had handed over research findings to comply with a subpoena. The statement confirmed the broad outline of the affair while disputing the claim that money changed hands.
6. UK publishes the draft Investigatory Powers Bill
The Home Office published its draft Investigatory Powers Bill, which would force providers to retain a year of internet connection records and grant agencies powers to hack devices. Critics renamed it the Snoopers' Charter and warned that its vague drafting invited sweeping surveillance.
7. Dell ships laptops with a dangerous eDellRoot certificate
Researchers found that Dell had preinstalled a root certificate, eDellRoot, together with its private key on consumer laptops. Anyone holding that key could forge trusted certificates and intercept supposedly secure connections in man-in-the-middle attacks.
8. Researcher hacks Mattel's Hello Barbie
A security researcher showed that Mattel's wifi-connected Hello Barbie could be probed to reveal account information, network names and recorded audio. The case sharpened fears about always-listening toys that send children's voices to the cloud.
9. Three men charged over the JPMorgan hack
Prosecutors unsealed a twenty-three count indictment against three men accused of the largest theft of customer data from an American bank. The records of eighty-three million JPMorgan accounts were said to have fed a sprawling scheme of stock manipulation and fraud.
10. Vizio smart TVs found tracking what viewers watch
ProPublica revealed that Vizio televisions tracked viewing habits by default and shared them with advertisers, linked to the household IP address. The data let advertisers follow viewers across phones and other devices in the same home.
11. ProtonMail pays a ransom yet the attacks continue
The encrypted mail provider ProtonMail paid around six thousand dollars in bitcoin to halt a punishing distributed denial of service attack. The assault carried on regardless, and the company concluded that two separate groups, one of them state-grade, were behind it.
12. Belgian court orders Facebook to stop tracking non-users
A Brussels court ordered Facebook to stop using its datr cookie to track Belgians who do not even hold an account, or face fines of a quarter of a million euros a day. The court rejected Facebook's claim that the tracking was needed for security as not credible.
13. FCC fines Cox over a customer data breach
The Federal Communications Commission settled with Cox Communications for 595,000 dollars over a breach in which a hacker phished staff to reach customer records. It was the regulator's first privacy and data security action against a cable operator.
14. Securus hack exposes 70 million prisoner phone calls
An anonymous source leaked records of seventy million calls placed by prisoners through Securus, including thousands that appeared to breach attorney-client privilege. The ACLU called it perhaps the most massive breach of that privilege in modern American history.
15. Starwood warns of point-of-sale card breach
Starwood Hotels disclosed that malware had infected the payment systems at more than fifty of its North American properties. The code harvested cardholder names, card numbers, security codes and expiry dates from gift shops and restaurants.
16. Hilton confirms its own payment card breach
Days after the Starwood disclosure, Hilton confirmed that it too had found and removed malware aimed at payment card data across some of its hotels. Investigators later faulted the chain for waiting months to tell affected customers.
17. Tor Project releases a Messenger beta for private chat
The Tor Project shipped the first public beta of Tor Messenger, an app that routes instant messaging over Tor and enforces encryption by default. It worked across networks such as Jabber, Google Talk and Facebook Chat while masking the user's location.
18. Telegram blocks 78 ISIS channels after the Paris attacks
In the wake of the Paris attacks, Telegram removed seventy-eight public channels used by ISIS to spread propaganda. The company stressed that private chats remained untouched, drawing fresh attention to the limits of moderating encrypted platforms.
19. The Paris attacks reignite the encryption backdoor debate
The Paris attacks gave officials a fresh opening to press technology companies for ways around strong encryption. Investigators, however, presented no evidence that the attackers had used encrypted messaging, and reports suggested they relied on plain SMS instead.
20. Crackas With Attitude claim they breached FBI systems
The teenage hackers who had broken into the CIA director's personal email now claimed to have reached FBI systems and posted data on thousands of government and military staff. The group said it had accessed portals used to share information between law enforcement agencies.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: