personal information
Latest
Some apps used Twitter and Facebook logins to steal personal information
If you've used your Twitter or Facebook account to log in to another app on your phone, some of your personal information could have been accessed by shady developers. On Monday, Twitter published a notice on its website that says that some third-party developers may have used a software development kit called oneAudience to obtain your email, username and last tweet and shared it with the company that created the tool. Facebook says it too had fallen victim to the oneAudience scam and plans to issue a similar notice to its users later today.
Google is reportedly gathering health data on millions of Americans
Google is gathering detailed health record information from millions of Americans -- and it has not informed patients or doctors, The Wall Street Journal reports. According to WSJ, St. Louis-based Ascension, the second-largest health system in the US, is sharing lab results, diagnoses and hospitalization records, as well as health histories complete with patient names and dates of birth, with Google.
Nearly everyone in Ecuador is the victim of a data breach
A massive data breach exposed sensitive data of nearly every individual in Ecuador. The breach impacted an estimated 20 million people -- for reference, Ecuador has a population of about 17 million. According to ZDNet, it exposed data on 6.7 million minors, as well as the country's president and WikiLeaks founder Julian Assange, who was granted political asylum by Ecuador in 2012.
Capital One data breach affected 100 million in the US
Just as Equifax announced a settlement for its massive data breach, Capital One has revealed that someone hacked into its systems earlier this year. According to the company, someone exploited a "configuration vulnerability" that allowed them to access and decrypt customer data affecting over 100 million people in the US, and about 6 million in Canada.
Surprise: People are listening to your Google Assistant queries
It's no secret that Google records your conversations with Google Assistant after you say a "wake word." But what you might not know is that Google uses contractors to manually review a handful of those recordings, about 0.2 percent. Yesterday, VRT NWS released reports detailing how it listened to thousands of recordings leaked by a whistleblower working for Google. At least one audio clip included a couple's address and personal information about their family.
19 million patient records were stolen from Quest Diagnostics and LabCorp
A security breach at a billing company has resulted in nearly 20 million patients of LabCorp and Quest Diagnostics getting their information stolen from them. The breach was first disclosed Monday by Quest Diagnostics, which reported in a Securities and Exchange Commission filing that a breach at third-party collections vendor American Medical Collection Agency (AMCA) compromised 11.9 million customers. Today, LabCorp indicated that 7.7 million of its patients were also affected by the AMCA breach. The attack targeted at AMCA's website is just the latest in a series of breaches that have managed to skim personal information from major companies. Similar attacks hit British Airways, Ticketmaster and Newegg late last year.
Hacker posts over 4,000 sensitive documents from Mexican embassy
Thousands of documents containing sensitive information belonging to Mexico's embassy in Guatemala were leaked online this week by a hacker. The stolen cache contained more than 4,800 files related to the embassy's activities including its dealings with personal documents belonging to Mexican citizens. The hacker, identified on Twitter as @0x55Taylor, published the data online after the embassy failed to reply to his attempts at making contact. The files were eventually pulled offline by the cloud storage company used to host them, but TechCrunch was able to confirm the authenticity of the documents.
Twitter expands reporting tool to protect your personal info
Waiting for Twitter to respond to harassment reports can be frustrating -- even more so if you're trying to get the social network to remove tweets containing your personal information. In an effort to ensure that it can respond to doxxing attempts as quickly as possible, the company has expanded its reporting tool to include a section where you can tell it more about the offending tweet. When you report a tweet, choose "It's abusive or harmful" and then "Includes personal information" to be able to specify what kind of sensitive detail is being shared.
Personal information compromised on Raptr
Good news, Raptr users! Your personal information has been compromised! Wait, did that read "good news"? It's bad. It's pretty bad. Yes, in yet another hack of personal information of online services Raptr wound up being hacked, resulting in a stolen names, hashed passwords, and email addresses. Founder and CEO Dennis Fong noted that the two-factor authentication used for Raptr Rewards was not compromised, so users will be unlikely to see anything lost from their reward points. Fong appears confident that the risk for users is fairly minimal, but as with any security breach he advises users to change passwords and check accounts for anything using the same username, email, and/or password. Standard operating procedure, really. No word has been released on how many accounts may have been compromised, but to be on the safe side you should change your logins and such across the board if you're a Raptr user.
Sony eyeing ways to get MMO players out of the house
Sometimes you want to go where everybody knows your name, amirite? And other times, you want to get lost in an MMO and be (relatively) anonymous. The latter may become a bit more difficult, as Sony is looking to create a program "that would encourage gamers to head into the daylight for organized events," according to a posting at Engadget. The firm has even filed a patent for some sort of meet-up software. Speculation has it that it will incentivize real-life get-togethers, though how (or why) is anyone's guess at this point. Is this another personal information-harvesting ploy like Blizzard's RealID failboat, or is it something new? Time will tell, and we'll keep an eye on it for you.
WSJ: Safari loophole lets Google track Apple users through web ads
Stanford researcher Jonathan Mayer has discovered a curious Safari loophole that allows Google to track a user's browsing activity via cookie-laced web ads. As it turns out, Apple's browser normally accepts cookies from sites that a user visits, but automatically blocks them from third-party advertisers. As Mayer found out, though, advertisers can still circumvent this filter by enticing users to interact with ads in different ways. In the case of Google, the search giant embedded a "+1" button on ads produced with its DoubleClick technology, as part of an opt-in feature for Google+ users. If a user was logged in to Google+ and had agreed to see +1 ad displays, he or she would have a cookie planted on their device, thanks to a system that sent invisible forms from Apple computers or iPhones. This made it seem as if a user actually submitted the form intentionally, thereby convincing Safari to allow cookies. These cookies were only temporary, with shelf lives of up to 24 hours, but they could open the door for many more, since Safari allows sites to plant them after having received access to install at least one.After the Wall Street Journal notified Google of this loophole, the company promptly disabled it and duly apologized, adding that it didn't realize that its +1 system would plant tracking cookies on a user's device. "We didn't anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers," Google's Rachel Whetstone explained. "It's important to stress that, just as on other browsers, these advertising cookies do not collect personal information." An Apple spokesperson, meanwhile, issued the following statement: "We are aware that some third parties are circumventing Safari's privacy features and we are working to put a stop to it."
Oops! Motorola sold refurbished Xooms without deleting previous owners' data
Usually, when passwords and personal information are exposed, it's because someone hacked a company's not-so-secure system. Motorola, however, managed to put people's info at risk without such malfeasance when it failed to wipe the memory of a batch of refurbished Xooms. The tablets in question were sold by Woot.com between October and December of last year, and Moto is claiming that it made the mistake on only small number of slates. Of course, we don't know exactly how many Xooms were shipped with previous owners' data onboard, but we do know that the company is actively attempting to make amends. Moto's offering two years of Experian identification protection services to those whose info was exposed and owners of affected Xooms are getting a little something too. Just send the device back to Motorola on the company's dime -- where it'll be properly reset and sent back to you, along with a $100 American Express gift card for your efforts. Wondering if you're among the unlucky? Hit the PR after the break for more info, and those with Wooted Xooms can plug in their slate's serial number at the source link below to find out for sure.[Thanks, Scott]
EU regulators ask Google to 'pause' its privacy changes, need more time to investigate
Google has gone to great lengths to clarify its revamped privacy policy, but a regulatory body in the European Union thinks the company is moving a little too fast. Today, European regulators formally requested that Google "pause" its rollout, in order to give the EU more time to investigate its forthcoming changes. "Given the wide range of services you offer, and the popularity of these services, changes in your privacy policy may affect many citizens in most or all of the EU member states," the EU's Data Protection Working Party wrote in a letter to Google CEO Larry Page yesterday. "We wish to check the possible consequences for the protection of the personal data of these citizens in a coordinated way." The body didn't specify how much time it would need to investigate, but it stressed that doing so would help to ensure absolute transparency among European users. "[W]e call for a pause in the interests of ensuring that there can be no misunderstanding about Google's commitments to information rights of their users and EU citizens, until we have completed our analysis," the letter reads. Viviane Reding, Europe's commissioner on data protection, heralded the move as an important step in asserting EU authority over online privacy and regulations, but Google was somewhat taken aback by the request. "We briefed most of the members of the working party in the weeks leading up to our announcement," said company spokesman Al Verney. "None of them expressed substantial concerns at the time, but of course we're happy to speak with any data protection authority that has questions." It's worth noting that Google isn't legally bound to heed the Working Party's request, though we'd expect the company to seek some sort of compromise with Europe's regulators, as it has in the past.
Square-Enix says no user info stolen during security breach
A week ago we reported that Square-Enix's Members site, a loyalty program for fans of the studio's games, suffered an unwarranted intrusion and was subsequently taken offline as the company conducted an investigation. It turns out that the best possible outcome of this investigation has occurred, as no personal information was stolen. Subsequently, the company plans to bring its Japanese and North American websites back online by the end of the month. Square-Enix posted the following notice as an update: As a result of our continuing investigation, we have now confirmed that the database in which we store personal information was NOT accessed during the recent server intrusion. Therefore, your personal information was NOT compromised by an unknown third party. Square-Enix is planning to restart the Square Enix Members service by the end of December. Details of the schedule will be announced at a later date. We deeply regret any inconvenience this may have caused our customers and fans, and appreciate your patience.
Korean gaming giants adjusting data collection policies
Changes are afoot in the Korean gaming industry in the wake of last month's massive Nexon hack that cost over 13 million MapleStory users their personal information. NCsoft has decided to stop collecting its players' Resident Registration Number (which is a Korean analog to the American Social Security number) due to concerns over privacy issues. Korean gamers will still need to fork over the number to play NCsoft games, though, according to a report at ThisIsGame.com. Players need only an email and password to register for the PlayNC portal, but the RRN may still be required to verify that new registrants aren't bots, and NCsoft has handed off the collection responsibilities to a third-party agency. "We have acknowledged the importance of personal information for a long time. So we have collected minimum personal information and have asked another agency to do the sensitive information work including the RRN on behalf of us," said an NCsoft official. ThisIsGame also reports that NHN Hangame has decided to stop collecting personal information, while Nexon and Neowiz are formulating new collection policies.
Carrier IQ VP says software poses no threat to user privacy, backs up his argument with metaphor
The final chapter of the Carrier IQ saga has yet to be written, but at this juncture, even the rosiest of rose-tinted observers would be hard pressed to find a silver lining. The specter of federal investigation looms larger by the day. Implicated carriers and manufacturers are washing their hands with Macbethian fury. Al Franken is on the verge of going Al Franken. And at the epicenter of all this sits Carrier IQ -- a California-based analytics company that has already gone to great lengths to defend its innocence. First, it sought to discredit Trevor Eckhart's ostensibly damning research with a cease-and-desist letter. Then, CEO Larry Lenhart flatly denied Eckhart's findings with an impassioned YouTube address. In recent days, the company has markedly softened its stance, arguing that its apps are only designed to meet operator demands and to "make your phones better." Now, Carrier IQ has elaborated upon these arguments with a more detailed breakdown of how its software functions, and a more substantive defense of its practices. Head past the break to read more.
Verizon begins collecting user data for targeted ads, is kind enough to offer 'opt-out' escape route
Verizon still wants to collect your personal information, but it'll understand if you decide to opt out. Really, it's cool. No hard feelings. The provider said as much yesterday, in an e-mail titled "Important notice about how Verizon Wireless uses information." The missive, sent to all VZW customers, essentially lays out the company's revamped privacy policy, originally unveiled last month. Under the new framework, Verizon will be able to monitor your browsing history, location, app usage, and demographic data, all in the name of targeted advertising and vaguely-titled "business and marketing reports." The good news is that you can always opt out of the scheme, either by phone or online. The bad news is that you'll probably have to explain the whole thing to your grandma.
US government to beat back botnets with a cybersecurity code of conduct
Old Uncle Sam seems determined to crack down on botnets, but he still needs a little help figuring out how to do so. On Wednesday, the Department of Homeland Security and National Institute of Standards and Technology (NIST) published a request for information, inviting companies from internet and IT companies to contribute their ideas to a voluntary "code of conduct" for ISPs to follow when facing a botnet infestation. The move comes as an apparent response to a June "Green Paper" on cybersecurity, in which the Department of Commerce's Internet Policy Task Force called for a unified code of best practices to help ISPs navigate through particularly treacherous waters. At this point, the NIST is still open to suggestions from the public, though Ars Technica reports that it's giving special consideration to two models adopted overseas. Australia's iCode program, for example, calls for providers to reroute requests from shady-looking systems to a site devoted to malware removal. The agency is also taking a hard look at an initiative (diagrammed above) from Japan's Cyber Clean Center, which has installed so-called "honeypot" devices at various ISPs, allowing them to easily detect and source any attacks, while automatically notifying their customers via e-mail. There are, however, some lingering concerns, as the NIST would need to find funding for its forthcoming initiative, whether it comes from the public sector, corporations or some sort of public-private partnership. Plus, some are worried that anti-botnet programs may inadvertently reveal consumers' personal information, while others are openly wondering whether OS-makers should be involved, as well. The code's public comment period will end on November 4th, but you can find more information at the source link, below.
GamersFirst teams up with Adknowledge for virtual currency offers
Free-to-play gamers seem to have no problems paying real-world money for virtual items in their favorite MMORPGs. GamersFirst hopes that its customers will feel similarly about its new partnership with Adknowledge. Who, or what, is Adknowledge? It's the largest privately owned advertising network on the internet, and it's also the parent company of Super Rewards (and you may remember that name in connection with the infamous "offer wall" faux pas attached to Turbine's Dungeons and Dragons Online MMO). Adknowledge's AdStation program allows gamers to earn in-game currency by completing extra-game tasks including watching videos, taking surveys, and subscribing to various online services. This generates advertising leads for Adknowledge clients, and a new GamersFirst press release calls it "a great opportunity for us to get our titles in front of their vast global network." Said titles include APB Reloaded and Fallen Earth, but thus far GamersFirst has not released details on how the games will be affected. [Source: GamersFirst press release]
GameSamba adding an offer wall
The last time we heard the term offer wall around these parts, it was in reference to a Turbine initiative that sparked an outpouring of fan anger centered on Dungeons and Dragons Online. The company ultimately did away with the plan due to concerns over Turbine's third-party partner (Super Rewards) as well as the general shadiness associated with trading a player's personal information. Today, Realms Online publisher GameSamba has announced its own offer wall, this time in concert with Guppy Media and Peanut Labs. GameSamba's press release says that the new deal "complements [its] existing partnership with Super Rewards, which not only provides free offers but also allows access to over 100 global payment methods." Super Rewards, Guppy Media, and Peanut Labs are advertising firms that pay GameSamba for leads, in effect exposing GameSamba customers to various third-party products that they might not otherwise be aware of via surveys, special offers, and the like. GameSamba, in turn, gives Sambas (the company's virtual currency) to those gamers who meet certain requirements relating to the third-party advertisers. You can learn more about the arrangement on the GameSamba forums.
