Accountability and Data collection - Cyber Security Informer

Online Businesses Often Steal And Exploit Customer Data Collected During Cancelled Transactions

Joseph Steinberg

JANUARY 18, 2024

Some such cancellations occurred prior to the retailer sending me any email confirmation of the associated transactions, but, in some cases, the retailer cancelled the associated sale after not only confirming by email the purchase, but also after having charged my credit card and waiting for the associated debit to post to my account.

Data collection

Data collection Retail Scams Artificial Intelligence

Changes in WhatsApp’s Privacy Policy

Schneier on Security

JANUARY 11, 2021

In 2016, WhatsApp gave users a one-time ability to opt out of having account data turned over to Facebook. Some of the data that WhatsApp collects includes: User phone numbers. Some of the data that WhatsApp collects includes: User phone numbers. Diagnostic data collected from app logs.

Data collection

Data collection Accountability

Collection #1 Mega Breach Leaks 773 Million Email Accounts

Adam Levin

JANUARY 18, 2019

Hunt transferred the compromised emails and passwords to the website haveibeenpwned.com , where users can check to see if their account data was compromised. If this Collection #1 has you spooked, changing your password(s) certainly can’t hurt — unless of course you’re in the habit of re-using passwords. “If

Accountability

Accountability Passwords Data breaches Data collection

Passport scam foxing Texas populace with data collection

CyberSecurity Insiders

NOVEMBER 8, 2021

Moreover, they are seen collecting card details to help the victims get the money transferred into the account of HSI Department of Texas quickly. The post Passport scam foxing Texas populace with data collection appeared first on Cybersecurity Insiders.

Data collection

Data collection Scams Banking Accountability

Gambling firms are secretly sharing your data with Facebook

Malwarebytes

FEBRUARY 12, 2025

This data was automatically transferred when loading the webpage, before users could even accept or decline the use of their data. The data collection resulted in the reporterwho said they never once agreed to the use of their data for marketing purposes being inundated with ads for gambling websites.

Data collection

Data collection Marketing Data privacy VPN

Over 100,000 ChatGPT Accounts Compromised by Cybercriminals

SecureWorld News

JUNE 21, 2023

Cybersecurity firm Group-IB recently uncovered a significant security breach involving ChatGPT accounts. These compromised accounts pose a serious risk to businesses, especially in the Asia-Pacific region, which has experienced the highest concentration of ChatGPT credentials for sale.

Accountability

Accountability Data collection Cyber threats Risk

Privacy and Security of Data at Universities

Schneier on Security

NOVEMBER 9, 2018

The boundaries between research and grey data are blurring, making it more difficult to assess the risks and responsibilities associated with any data collection. Many sets of data, both research and grey, fall outside privacy regulations such as HIPAA, FERPA, and PII.

Data collection

Data collection Cyber Risk Risk Government

Election season raises fears for nearly a third of people who worry their vote could be leaked

Malwarebytes

OCTOBER 15, 2024

Unlike any other season in America, election season might bring the highest volume of advertisements sent directly to people’s homes, phones, and email accounts—and the accuracy and speed at which they come can feel invasive. Escaping this data collection regime has proven difficult for most people.

Scams

Scams Identity Theft Cybercrime Accountability

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Krebs on Security

MARCH 20, 2023

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection.

Mobile

Mobile Wireless Advertising Accountability

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

Krebs on Security

OCTOBER 31, 2022

Justice Department , FBI agents have identified more than 50 million unique credentials and forms of identification (email addresses, bank accounts, cryptocurrency addresses, credit card numbers, etc.) A selfie pulled from Mark Sokolovsky’s iCloud account. Working with investigators in Italy and The Netherlands, U.S.

Malware

Malware Identity Theft Cybercrime Accountability

Facebook and Twitter warn of malicious SDK harvesting personal data from its accounts

Security Affairs

NOVEMBER 26, 2019

Some third-party apps quietly scraped personal information from people’s accounts from Twitter and Facebook, the social media companies claim. Facebook and Twitter revealed that some third-party apps quietly scraped personal information from people’s accounts without their consent. Pierluigi Paganini.

Accountability

Accountability Mobile Advertising Media

GUEST ESSAY: What everyone should know about the pros and cons of online fingerprinting

The Last Watchdog

MAY 21, 2020

The idea was that by fingerprinting devices used to connect to the internet we could achieve better accountability. Fingerprinting is considered a necessary practice to fight challenges such as fake accounts and the misuse of internet services. However, online fingerprinting is also being used to track users.

Advertising

Advertising Internet Internet Accountability

Inside the DemandScience by Pure Incubation Data Breach

Troy Hunt

NOVEMBER 13, 2024

Apparently, before a child reaches the age of 13, advertisers will have gathered more 72 million data points on them. I knew I'd seen a metric about this sometime recently, so I went looking for "7,000", which perfectly illustrates how unaware we are of the extent of data collection on all of us.

Data breaches

Data breaches Passwords B2B Technology

Hundreds of C-level executives credentials available for $100 to $1500 per account

Security Affairs

NOVEMBER 28, 2020

A credible threat actor is offering access to the email accounts of hundreds of C-level executives for $100 to $1500 per account. Access to the email accounts of hundreds of C-level executives is available on the Exploit.in for $100 to $1500 per account. Exploit.in ” reported ZDNet. Pierluigi Paganini.

Accountability

Accountability Cybercrime Hacking Retail

Google aims to reduce data theft with app data and account deletions

Malwarebytes

APRIL 6, 2023

Now the focus is on data collection , or to be more accurate, data deletion. Google wants people to be able to scrub data associated with an app. This counts for data inside of the application itself, but also out there on the web. A farewell to app data?

Accountability

Accountability Data collection Ransomware Mobile

“We will hold them accountable”: General Motors sued for selling customer driving data to third parties

Malwarebytes

AUGUST 20, 2024

We will hold them accountable.” The AG accuses GM of installing technology that allegedly improves the safety, functionality, and operability of its vehicles, but at the same time this technology gathers driving data about the vehicle’s usage. On top of that, GM gathered data through other products like its mobile apps.

Insurance

Insurance Accountability Data collection Surveillance

How threat actors can use generative artificial intelligence?

Security Affairs

DECEMBER 1, 2024

For example, these campaigns leverage fake social media accounts to post questions and comments about divisive internal issues in the U.S. The data collected through these operations can provide insights into voter demographics, potentially influencing election outcomes.

Artificial Intelligence

Artificial Intelligence Phishing Media Cyber threats

LLM Summary of My Book Beyond Fear

Schneier on Security

SEPTEMBER 15, 2023

Where possible, favor openness and transparency over aggressive data collection or restrictions which erode civil liberties. Privacy Rights – Pervasive monitoring and data collection erode privacy rights and dignity. Focus only on proportional responses. Surveillance creep risks violating autonomy.

Data collection

Data collection Risk Surveillance Manufacturing

Senators Urge FTC to Probe ID.me Over Selfie Data

Krebs on Security

MAY 18, 2022

for “deceptive statements” the company and its founder allegedly made over how they handle facial recognition data collected on behalf of the Internal Revenue Service , which until recently required anyone seeking a new IRS account online to provide a live video selfie to ID.me. would be permanently deleted.

Government

Government Accountability Surveillance Data collection

Prominent US law firm Wolf Haldenstein disclosed a data breach

Security Affairs

JANUARY 16, 2025

The law firm pointed out that it has no evidence the exposed data has been misused. The law firm recommends individuals to monitor accounts and credit reports for identity theft or fraud. “On December 13, 2023, Wolf Haldenstein detected suspicious activity in its network environment.

Data breaches

Data breaches Identity Theft Consumer Protection Data collection

Confessions of an ID Theft Kingpin, Part I

Krebs on Security

AUGUST 26, 2020

Ngo’s businesses enabled an entire generation of cybercriminals to commit an estimated $1 billion worth of new account fraud , and to sully the credit histories of countless Americans in the process. “They would discover [my accounts] and fix it, and I would discover a new vulnerability and hack them again.”

Identity Theft

Identity Theft Computers and Electronics Hacking Accountability

114 Million US Citizens and Companies Found Unprotected Online

Adam Levin

DECEMBER 3, 2018

The data is thought to have originated from Data&Leads, Inc. A cached version of the company’s website shows that it promised “access to our massive in-house data collection, as well as one of the largest data supplier networks of any data or lead company.”. The takeaway?

Identity Theft

Identity Theft Data collection Engineering Passwords

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

Namely, the ability to route one’s malicious traffic through a computer that is geographically close to the consumer whose credit card they’re about to charge at some website, or whose bank account they’re about to empty. Others are fairly opaque about their data collection and retention policies. ”

VPN

VPN Computers and Electronics Antivirus Software

Mobile virtual network operator Mint Mobile discloses a data breach

Security Affairs

DECEMBER 23, 2023

Our investigation indicates that certain information associated with your account was impacted.” ” reads the data breach notification email sent to the impacted customers. “Mint’s data collection policy is one of the most important ways in which we ensure the privacy and security of our subscribers.

Data breaches

Data breaches Mobile Wireless Data collection

“BlueLeaks” Exposes Huge Trove of Law Enforcement Data

Adam Levin

JUNE 24, 2020

269 gigabytes of potentially sensitive data collected from more than 200 police departments across the country were leaked online last week. Among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more,” DDoSecrets announced on its Twitter feed (Twitter has since banned the DDoSecrets account).

Data collection

Data collection VPN Accountability Risk

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

Security Affairs

DECEMBER 30, 2020

T-Mobile has disclosed a data breach exposing customers’ account’s information. “We are reaching out to let you know about a security incident we recently identified and quickly shut down that may have impacted some of your T-Mobile account information.”

Data breaches

Data breaches Mobile Telecommunications Accountability

Privacy Roundup: Week 12 of Year 2025

Security Boulevard

MARCH 24, 2025

While MFA is primarily a security feature, its primary privacy benefit is adding another layer of security to prevent unauthorized access to information contained in particular important or sensitive accounts. These apps also frequently use Bluetooth data to gather location information and proximity to nearby devices.

Surveillance

Surveillance Telecommunications Malware Data breaches

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

The Last Watchdog

MAY 26, 2021

Related: Credential stuffing fuels account takeovers. While changing passwords may be inconvenient at times, following this password best practice can help prevent the following data catastrophes: •Giving hackers easy access to your most sensitive accounts (avoid this problem by steering clear of insecure methods such as HTTP or public Wi-F.

Passwords

Passwords Password Management Accountability Authentication

OpenAI Is Not Training on Your Dropbox Documents—Today

Schneier on Security

DECEMBER 19, 2023

More importantly, we need to be able to trust companies to honestly and clearly explain what they are doing with our data. How many people cancelled their Dropbox accounts in the last 48 hours? And while Dropbox is not sending your data to OpenAI today, it could do so tomorrow with a simple change of its terms of service.

Government

Government Banking Risk Internet

IT threat evolution Q3 2024

SecureList

NOVEMBER 29, 2024

CloudSorcerer is a sophisticated cyber-espionage tool used for stealth monitoring, data collection and exfiltration via Microsoft, Yandex and Dropbox cloud infrastructures. The data collected about the targets’ companies and contact information could be used to spy on people of interest and lay the groundwork for future attacks.

Energy and Utilities

Energy and Utilities Ransomware Malware Government

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

Security Affairs

JULY 12, 2021

For the third time in the past four months, LinkedIn seems to have experienced another massive data scrape conducted by a malicious actor. Once again, an archive of data collected from hundreds of millions of LinkedIn user profiles surfaced on a hacker forum, where it’s currently being sold for an undisclosed sum.

Social Engineering

Social Engineering Media Data collection Passwords

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

Internal Revenue Service website for months: Anyone seeking to create an account to view their tax records online would soon be required to provide biometric data to a private company in Virginia — ID.me. banks are stiffing account takeover victims. million user accounts earlier this year. Elizabeth Warren (D-Mass.)

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

Experts claim that iPhone’s analytics data is not anonymous

Security Affairs

NOVEMBER 23, 2022

Researchers discovered that analytics data associated with iPhone include Directory Services Identifier (DSID) that could allow identifying users. Researchers at software company Mysk discovered that analytics data collected by iPhone include the Directory Services Identifier (DSID), which could allow identifying users.

Data collection

Data collection Accountability Hacking Software

US sued TikTok and ByteDance for violating children’s privacy laws

Security Affairs

AUGUST 3, 2024

“According to the complaint, from 2019 to the present, TikTok knowingly permitted children to create regular TikTok accounts and to create, view, and share short-form videos and messages with adults and others on the regular TikTok platform. ” reads the press release published by DoJ.

Accountability

Accountability Data collection Risk Hacking

Delaware Personal Data Privacy Act (DPDPA)

Centraleyes

NOVEMBER 9, 2024

The Delaware Personal Data Privacy Act (DPDPA) is a state law created to protect the privacy of Delaware residents by regulating the collection, use, storage, and sharing of personal data by businesses. Who Must Comply With Delaware’s Privacy Act? These disclosures need to be accessible and easy to understand.

Data privacy

Data privacy Data collection Risk Accountability

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

Security Affairs

NOVEMBER 3, 2020

The scripts developed by the cyber criminal were used to parse log data collected from botnet and searched for personally identifiable information (PII) and account credentials. In some cases, the man manually chacked the stolen information. ” reads the press release published by the DoJ.

Accountability

Accountability Banking Advertising Data collection

COVID-19 Vaccination Management Problems Have Created a Privacy Nightmare For Americans – Even Without Vaccine Passports

Joseph Steinberg

APRIL 20, 2021

It is also not uncommon for firms in the healthcare vertical to symbiotically share various types of information with one another; private healthcare-related data is also almost always shared during the M&A process – even before deals have closed.

Healthcare

Healthcare Insurance Computers and Electronics Data collection

US senators ask FTC to investigate car makers’ privacy practices

Malwarebytes

JULY 29, 2024

At Malwarebytes, we reported how a team of researchers at Mozilla who reviewed the privacy and data collection policies of various product categories for several years now, named “Privacy Not Included,” found cars to be the worst product category they ever reviewed for privacy.

Insurance

Insurance Data collection Data breaches Manufacturing

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

The Last Watchdog

JUNE 2, 2021

The amount of data in the world topped an astounding 59 zetabytes in 2020, much of it pooling in data lakes. We’ve barely scratched the surface of applying artificial intelligence and advanced data analytics to the raw data collecting in these gargantuan cloud-storage structures erected by Amazon, Microsoft and Google.

Encryption

Encryption Artificial Intelligence IoT Data collection

Italy’s Antitrust Agency fines Apple and Google for aggressive practices of data acquisition

Security Affairs

NOVEMBER 27, 2021

Italy’s antitrust regulator has fined both Apple and Google €10 million each for what it calls are “aggressive” data practices and not providing consumers with clear information on commercial uses of their personal data during the account creation phase. ” reads the press release published by the AGCM.

Data collection

Data collection Accountability Hacking Information Security

Meet Bluetana, the Scourge of Pump Skimmers

Krebs on Security

AUGUST 14, 2019

Data collected in the course of the investigation also reveals some fascinating details that may help explain why these pump skimmers are so lucrative and ubiquitous. Armed with your PIN and debit card data, skimmer thieves or those who purchase stolen cards can clone your card and pull money out of your account at an ATM.

Banking

Banking Computers and Electronics Marketing Mobile

Top 7 CIAM tools

CSO Magazine

NOVEMBER 28, 2022

Customer identity and access management (CIAM), a subset of identity access management (IAM), is used to manage authentication and authorization of account creation and login process for public facing applications. Marketers want to collect data about customers and their devices.

CSO

CSO Data collection Marketing Accountability

Taking Control Online: Ensuring Awareness of Data Usage and Consent

Security Affairs

SEPTEMBER 17, 2024

The report provides insights into factors influencing user consent for data collection and usage and reasons for consumer disengagement. More than half (55%) claimed that reducing unnecessary data collection was an additional factor that would help them gain trust in a company or brand.

Data collection

Data collection Data privacy B2B Digital transformation

Microsoft AI “Recall” feature records everything, secures far less

Malwarebytes

MAY 22, 2024

On Monday, the computing giant unveiled a new line of PCs that integrate Artificial Intelligence (AI) technology to promise faster speeds, enhanced productivity, and a powerful data collection and search tool that screenshots a device’s activity—including password entry—every few seconds.

Artificial Intelligence

Artificial Intelligence Passwords Accountability Media

Online Businesses Often Steal And Exploit Customer Data Collected During Cancelled Transactions

Changes in WhatsApp’s Privacy Policy

Trending Sources

Collection #1 Mega Breach Leaks 773 Million Email Accounts

Passport scam foxing Texas populace with data collection

Gambling firms are secretly sharing your data with Facebook

Over 100,000 ChatGPT Accounts Compromised by Cybercriminals

Privacy and Security of Data at Universities

Election season raises fears for nearly a third of people who worry their vote could be leaked

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

Facebook and Twitter warn of malicious SDK harvesting personal data from its accounts

GUEST ESSAY: What everyone should know about the pros and cons of online fingerprinting

Inside the DemandScience by Pure Incubation Data Breach

Hundreds of C-level executives credentials available for $100 to $1500 per account

Google aims to reduce data theft with app data and account deletions

“We will hold them accountable”: General Motors sued for selling customer driving data to third parties

How threat actors can use generative artificial intelligence?

LLM Summary of My Book Beyond Fear

Senators Urge FTC to Probe ID.me Over Selfie Data

Prominent US law firm Wolf Haldenstein disclosed a data breach

Confessions of an ID Theft Kingpin, Part I

114 Million US Citizens and Companies Found Unprotected Online

A Deep Dive Into the Residential Proxy Service ‘911’

Mobile virtual network operator Mint Mobile discloses a data breach

“BlueLeaks” Exposes Huge Trove of Law Enforcement Data

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

Privacy Roundup: Week 12 of Year 2025

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

OpenAI Is Not Training on Your Dropbox Documents—Today

IT threat evolution Q3 2024

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

Happy 13th Birthday, KrebsOnSecurity!

Experts claim that iPhone’s analytics data is not anonymous

US sued TikTok and ByteDance for violating children’s privacy laws

Delaware Personal Data Privacy Act (DPDPA)

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

COVID-19 Vaccination Management Problems Have Created a Privacy Nightmare For Americans – Even Without Vaccine Passports

US senators ask FTC to investigate car makers’ privacy practices

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

Italy’s Antitrust Agency fines Apple and Google for aggressive practices of data acquisition

Meet Bluetana, the Scourge of Pump Skimmers

Top 7 CIAM tools

Taking Control Online: Ensuring Awareness of Data Usage and Consent

Microsoft AI “Recall” feature records everything, secures far less

Stay Connected