Privacy Roundup #0183 • October 2021
October 2021 paired enormous leaks and breaches with a fresh wave of pushback against surveillance, from the Pandora Papers and the Twitch dump to Europe's vote against facial recognition.
1. Pandora Papers expose the hidden offshore wealth of world leaders
A consortium of more than 600 journalists began publishing 11.9 million leaked documents that laid bare the secret offshore holdings of politicians, billionaires and celebrities. The trove named more than 330 politicians and 130 billionaires across over 200 countries and territories.
2. Twitch confirms breach after source code and creator payouts leak
An anonymous poster dumped a 125GB torrent containing Twitch source code, internal tools and payout figures for thousands of streamers. Twitch confirmed the breach and blamed a server configuration change that exposed its data to an unauthorised third party.
3. Facebook whistleblower Frances Haugen testifies to Congress
Frances Haugen told a Senate subcommittee that Facebook repeatedly chose growth and profit over the safety of its users, citing internal research it had kept hidden. Her leaked documents showed the company knew Instagram harmed the mental health of some teenage girls.
4. European Parliament backs a ban on biometric mass surveillance
Members of the European Parliament voted to call for a ban on police use of facial recognition in public spaces and on private databases such as Clearview AI. The resolution was not binding, but it gave Parliament its first official position against biometric mass surveillance.
5. Coinbase says attackers bypassed SMS two-factor to drain accounts
Coinbase disclosed that thieves exploited a flaw in its account recovery process to defeat SMS two-factor authentication and steal funds from at least 6,000 customers. The company said it had fixed the flaw and would reimburse everyone who lost cryptocurrency.
6. Hacker steals Argentina's national identity database
A hacker breached RENAPER, the registry holding identity records for Argentina's entire population, and began selling the data on a forum. The government confirmed an intrusion after the attacker published the ID photos and personal details of 44 public figures.
7. Missouri governor threatens to prosecute a journalist for viewing HTML
Governor Mike Parson branded a reporter a hacker after the journalist found teachers' Social Security numbers exposed in a state website's page source. Security experts pointed out that viewing public HTML is not hacking, and the flaw was a data leak by the state.
8. Olympus shuts down systems after a second cyberattack in a month
Medical technology firm Olympus confirmed an attack on its systems across the United States, Canada and Latin America, forcing it to take parts of the network offline. The intrusion came weeks after a separate ransomware attack hit its operations in Europe.
9. Neiman Marcus discloses a breach affecting 4.6 million customers
The retailer began notifying 4.6 million online shoppers that an intruder had accessed their names, contact details and payment card numbers. The breach itself dated back to May 2020 and had only just come to light.
10. Hackers leak Acer India customer data after server breach
The Desorden group claimed to have stolen 60GB of data from Acer's Indian servers, including records for more than 10,000 customers and thousands of resellers. Acer confirmed the breach but said no financial information of Indian customers was compromised.
11. Google warns YouTube creators hit by cookie-stealing malware
Google's Threat Analysis Group detailed a long-running campaign that lured YouTubers with fake sponsorship offers, then stole session cookies to hijack their channels. The hijacked accounts were sold on or used to broadcast cryptocurrency scams.
12. FTC report finds internet providers hoard troves of customer data
A staff report from the Federal Trade Commission concluded that major internet providers collect far more data than customers expect, including web traffic and real-time location. The agency said the firms placed people into sensitive categories and offered them little meaningful choice.
13. Australian regulator rules Clearview AI broke privacy law
The Office of the Australian Information Commissioner determined that Clearview AI had scraped Australians' facial images without consent in breach of the Privacy Act. The regulator ordered the firm to stop collecting images of Australians and to delete the ones it held.
14. Twitter admits its algorithm amplifies the political right
Twitter published research showing that its home timeline algorithm gave greater amplification to right-leaning politicians and news outlets in six of seven countries studied. The study examined millions of users and 6.2 million news articles shared in the United States.
15. Law enforcement forces the REvil ransomware gang offline
A multi-country operation seized the Tor infrastructure of REvil, one of the most notorious ransomware groups, knocking its leak site offline. Investigators had reportedly gained control after the gang restored its systems from a compromised backup.
16. Leaked FBI guide shows how it pulls location data from carriers
A 139-page internal FBI presentation, freed by a public records request, detailed how agents obtain location and call data from AT&T, T-Mobile and Verizon. It set out how long each carrier retains the data and how investigators trace so-called burner phones.
17. Tesco website and app knocked offline by a cyberattack
Britain's largest supermarket saw its grocery website and app crippled for more than a day after attackers interfered with its systems. Customers could not place or amend orders, although Tesco said personal data was unlikely to have been affected.
→ www.infosecurity-magazine.com
18. Brave makes its own privacy search engine the browser default
Brave switched the default search engine in its browser to its independent Brave Search for users in several countries, replacing Google. The company said it did not collect IP addresses or build profiles of its search users.
19. Security researchers warn client-side scanning is dangerous
Fourteen leading cryptographers and security experts published a paper arguing that on-device scanning of the kind Apple had proposed creates serious new risks. They concluded that the promise of a narrowly limited surveillance tool on personal devices was largely an illusion.
20. Facebook, WhatsApp and Instagram vanish in a global outage
A faulty configuration change withdrew Facebook's network routes from the internet, taking its services offline worldwide for around six hours. The outage cut billions of people off from their messages and showed how much private communication depends on a single company's infrastructure.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: