Privacy & Compliance news & analysis | SC Media

Privacy & Compliance News and Analysis

Instagram fixed after researcher finds way to link account info to PII

Facebook has repaired a vulnerability in its Instagram social media platform, after a researcher found that it could be exploited to link users’ phone numbers to their account numbers, usernames and actual names. With the help a brute-force algorithm and a network of bots, malicious actors could have leveraged the flaw to bypass data security…

stingray2

Israel reportedly behind spying devices found near White House, other sensitive areas

Israel likely planted StingRays found near the White House and other key locations in Washington to spy on President Trump and his advisers, the U.S. government reportedly determined, though the Trump administration took no apparent action to chastise its ally. “It was pretty clear that the Israelis were responsible,” a Politico report cited a former…

flashlightcell

Avast places flashlight apps’ permission requests in the spotlight

An Avast researcher shed some light on the number and invasiveness of the permissions requested by various publishers to download and install their flashlight app. The security firm’s analyst Luis Corrons looked at 937 Android flashlight apps available and found on average each required 25 permissions ranging from the basic and obvious need to access…

Defending the database

Monster.com job applicants info exposed on unprotected server

Personal details from resumes and CVs from job seekers were exposed after a server belonging to a recruitment company that was a customer of Monster.com and others was left unprotected. Monster.com which learned of the breach in August, did not initially alert potential victims to the exposure, contending that notification responsibly lay with the recruitment company…

Google fined $170M for allegedly improper collection of kids’ data from YouTube channels

The Federal Trade Commission and New York Attorney General’s office today announced that Google and its subsidiary YouTube agreed to an unprecedented $170 million in fines for allegedly using cookies to harvest personal data from minors without parental consent and then serve behavioral ads based on this information. Such actions are in violation of the…

419 million Facebook users info exposed, phone numbers and unique IDs

Unprotected databases are behind a leak that exposed information, including unique identifiers and phone numbers, on more than 419 million Facebook users – 133 million of those records belonging to users in the U.S. Security researcher Sanyam Jain, a GDI Foundation member, discovered the databases, which were not password-protected. The records were apparently scraped from…

Defending the database

Aliznet exposed database leaks data on 2.5 million Yves Rocher customers

Personal information on customers of French retail consultancy Aliznet were exposed through an unprotected Elasticsearch server. “The most sensitive leaked data involves [2.5 million Canadian] customers of Aliznet’s client Yves Rocher, an international cosmetics and beauty brand,” according to a blog post by vpnMentor, whose research team led by Noam Rotem and Ran Locar discovered…

Leaks reveal the spy tactics which leveraged Wi-Fi in a major airport to track travelers.

Flight booking site Option Way exposed personal info on customers

A data breach at flight booking site Option Way exposed personal details on passengers and their flight and travel plans. Researchers at vpnMentor led by Noam Rotem and Ran Locar were “able to access over 100 GB of data, a massive amount of customers’ unencrypted Personally Identifiable Information (PII),” including names, birth dates, gender email addresses,…

Despite concerns over breaches, 40% of cardholders have provided Social Security numbers online

Two years after the Equifax breach, four in 10 consumers holding credit or debit cards have included their full Social Security numbers on an online form, a new report has found. In research conducted for the second year in a row to mark the anniversary of the 2017 Equifax breach that exposed the personal information…

Next post in Security News