The fallout from Uber’s disclosure yesterday of a massive data breach affecting 57 million users and drivers that it concealed for a year continues: The UK’s data protection watchdog has put out a strongly worded statement saying the company’s announcement “raises huge concerns around its data protection policies and ethics”. Read More
If you have the uncomfortable sense someone is looking over your shoulder as you surf the Web, you’re not being paranoid. A new study finds hundreds of sites—including microsoft.com, adobe.com, and godaddy.com—employ scripts that record visitors’ keystrokes, mouse movements, and scrolling behavior in real time, even before the input is submitted or is later deleted.
Session replay scripts are provided by third-party analytics services that are designed to help site operators better understand how visitors interact with their Web properties and identify specific pages that are confusing or broken. As their name implies, the scripts allow the operators to re-enact individual browsing sessions. Each click, input, and scroll can be recorded and later played back.
A study published last week reported that 482 of the 50,000 most trafficked websites employ such scripts, usually with no clear disclosure. It’s not always easy to detect sites that employ such scripts. The actual number is almost certainly much higher, particularly among sites outside the top 50,000 that were studied.
A German regulator has banned domestic sales of children’s smartwatches that have a listening function — warning that parents have been using the devices to secretly eavesdrop on teachers at their kids’ school. Read More
Two weeks ago today, 26 people were killed by a gunman at First Baptist Church in Sutherland Springs, Texas. Two phones were discovered at the scene: older push-button LG and what local news described as a “blood spattered” Apple iPhone SE. Now local law enforcement has served Apple with a search warrant in order to retrieve information from the smartphone. The news has echoes of… Read More
Companies like Facebook, Google and Amazon happily take our data in exchange for convenience, lower prices or free services, but individuals and businesses are beginning to understand the value of controlling their data instead of simply handing it over to the world’s largest technology companies. The battle to regain control over that data could be starting in earnest. I saw a couple… Read More
A Pentagon contractor left a vast archive of social-media posts on a publicly accessible Amazon account in what appears to be a military-sponsored intelligence-gathering operation that targeted people in the US and other parts of the world.
The three cloud-based storage buckets contained at least 1.8 billion scraped online posts spanning eight years, researchers from security firm UpGuard’s Cyber Risk Team said in a blog post published Friday. The cache included many posts that appeared to be benign, and in many cases those involved from people in the US, a finding that raises privacy and civil-liberties questions. Facebook was one of the sites that originally hosted the scraped content. Other venues included soccer discussion groups and video game forums. Topics in the scraped content were extremely wide ranging and included Arabic language posts mocking ISIS and Pashto language comments made on the official Facebook page of Pakistani politician Imran Khan.
The scrapings were left in three Amazon Web Servers S3 cloud storage buckets that were configured to allow access to anyone with a freely available AWS account. It’s only the latest trove of sensitive documents left unsecured on Amazon. In recent months, UpGuard has also found private data belonging to Viacom, security firm TigerSwan, and defense contractor Booz Allen Hamilton similarly exposed. In Friday’s post, UpGuard analyst Dan O’Sullivan wrote:
SailPoint, the enterprise identity solutions business, went up 9 percent in its debut on the New York Stock Exchange Friday. The company raised $240 million; after pricing its shares at $12, it saw them rise to $13.11 on its first day of trading. Read More
Segment is a startup that helps companies collect customer data from a variety of siloed sources and place that data in a single usable record. Today, it announced it has added a new tool to prepare for the EU’s GDPR privacy guidelines, which are coming in May next year. The new tool makes it a simple matter to stop collecting data or completely remove a person’s information from… Read More