Marriott announced that hackers have had access to its subsidiary Starwood’s reservation system for four years, resulting in a breach that exposed 500 million guests’ private information. Marriott refused to disclose whether guests’ PII was encrypted.
Lawmakers have taken note of the number of recent data breaches: In another effort to add more protections for consumers, Senators Richard Blumenthal (D) and Jerry Moran ® are working on a bipartisan privacy bill that could pave the way for the U.S.’s own version of the EU’s GDPR.
Consumer groups across seven European countries have filed GDPR complaints against Google based on its location-tracking activities. The European Consumer Organisation (BEUC) claims that Google’s “deceptive practices” around location tracking don’t give users a real choice about whether to enable it, and that Google doesn’t properly inform them about what this tracking entails.
Google isn’t alone: Ireland’s Data Protection Commissioner recently published a report outlining GDPR violations committed by LinkedIn, including its use of non-member email addresses to target ads on Facebook, and its pre-computation of social networks for non-members.
Researchers used neural nets to generate artificial master fingerprints to fool devices using biometric sensors. For devices with a false-match rate of just one-tenth of one percent, the generated fingerprints had a 22% success rate.
That’s not the only problem with fingerprint keys: Some iOS fitness apps have been using the Touch ID feature on iPhones and iPads to scam people out of cash. They asked users to secure their personalized data by scanning their fingerprints, and then quickly displayed a pop-up confirming $100+ in-app purchases. Apple has since removed the apps.
According to Rolling Stone, a kiosk at a Taylor Swift concert in California took fans’ photos for comparison with a database of potential stalkers, raising privacy concerns from, among others, the ACLU.
Increment, a magazine about how teams build and operate software systems at scale, recently released an issue that explores technical, tactical, and empathetic ways to make the systems we build more secure.
New research suggests that 49% of all phishing scams are hosted on websites whose URLs include the padlock security icon next to the domain name in browser and use SSL (i.e., start with “https”)—up from just 25% one year ago.
An investigation by the New York Times found that dozens of companies collect detailed location data from their users (potentially sufficient to identify the users), and sell it to third parties, including advertisers and hedge funds.
Our mission is to build trust on the internet. We do this by empowering innovative teams to build strong data protection programs and become trustworthy custodians of sensitive data. Are you interested in being part of our team? Join us!
Aptible's Defense in Brief is a free security awareness update newsletter for modern, cloud-based teams. Once a month, you will receive a digest of interesting and useful articles on security, compliance, and DevOps. We cover topics like new attacks against web services, users and devices, new social engineering and phishing methods, data breaches, and legal, regulatory and political current events related to privacy and security.