January 29, 2024 at 02:15AM The U.S. National Security Agency (NSA) admits to purchasing internet browsing records from data brokers without court orders, raising concerns about Americans’ privacy. Senator Wyden criticizes this practice and emphasizes the potential privacy risks, especially relating to sensitive topics like mental health or domestic abuse. The revelation highlights a broader … Read more
January 25, 2024 at 01:38PM iOS apps are using push notifications to collect user data, bypassing Apple’s background app activity restrictions and posing a privacy risk for iPhone users. The practice involves transmitting device data to servers, potentially allowing persistent tracking. Apple plans to tighten restrictions on APIs for device signals to mitigate the issue, … Read more
January 23, 2024 at 04:37PM An exposed Trello API allowed the creation of millions of data profiles, linking public and private information. A threat actor attempted to sell the data of 15,115,516 Trello members containing emails, usernames, and full names. The leaked email addresses were accessed through a publicly exposed API, elevating the severity of … Read more
January 23, 2024 at 11:10AM Baltimore man accused of running online service selling personal data for fraud faces up to 20 years in prison. Chouby Charleron allegedly operated a TLO service, providing victims’ personally identifiable information for a fee. The U.S. Postal Service filed charges based on evidence linking Charleron to the operation from his … Read more
January 22, 2024 at 03:03AM The U.S. FTC has banned InMarket Media from selling precise location data without consumer consent and ordered it to destroy collected data subject to user approval. InMarket and Outlogic faced bans for allegations of improper location data use. InMarket allegedly harvested location data from various apps, while a study revealed … Read more
January 19, 2024 at 04:05PM Apparel conglomerate VF Corporation experienced a data breach in December, compromising personal data of 35.5 million customers. The breach caused disruptions to its operations and led to website slowdowns and order cancellations. The company confirmed minor residual impacts and ongoing investigations but assured that sensitive information like Social Security numbers … Read more
January 19, 2024 at 12:14PM The FTC settled with InMarket, prohibiting it from selling Americans’ location data. The company collects data from its own and third-party apps, creating detailed advertising profiles without users’ consent. The FTC found InMarket’s data retention policy excessive and proposed measures including data deletion and consent enforcement. This is the FTC’s … Read more
January 18, 2024 at 08:18AM Australian researcher Troy Hunt discovered a credential stuffing list named Naz.API, consisting of over 70 million unique email addresses and passwords, sourced from malware and a defunct OSINT tool. One-third of the addresses were not previously known, and the data has been added to Have I Been Pwned and Pwned … Read more
January 17, 2024 at 04:39AM Two UK cold-calling companies, Poxell Ltd and Skean Homes Ltd, face £150,000 and £100,000 fines, respectively, for making millions of unsolicited marketing calls to individuals on the Telephone Preference Service (TPS). The ICO found both companies in violation of regulations, emphasizing the need to prevent unwanted marketing and protect individual … Read more
January 16, 2024 at 11:12AM The Internet of Things (IoT) devices offer great power and convenience, but also pose security and privacy risks. When purchasing IoT devices, it’s important to consider the company’s reputation, country of origin, security measures, and data privacy policies. Additionally, for healthcare-related IoT devices, it’s crucial to scrutinize data handling and … Read more