If you live in the US or in Israel, had a Yahoo account between 2012 and 2016 and have got an email from Yahoo on the settlement claim over data breach, you could be eligible for $358 or more.
Yahoo had in 2017 announced that of all its users “nearly 3 billion in 2013” were impacted by a massive data breach.
Now part of Oath “a subsidiary of Verizon”, Yahoo said it is providing notice to additional user accounts affected by an August 2013 data theft previously disclosed by the company on December 14, 2016.
Hackers were able to gain access to email addresses, telephone numbers, birth dates, passwords and answers to security questions.
Yahoo then began sending email notifications to the additional affected user accounts.
“Yahoo announced that if you had an account any time between Jan 1, 2012, and Dec 31, 2016, and are a resident of the US or Israel, you are part of the settlement class and can file a claim for part of the $117,500,000 settlement fund,” reports CNET.
Yahoo said the payment could range from less that $100 to $358.80, depending on funds available after other benefit payouts.
The US Federal Communications Commission (FCC) has proposed a fine of over $200 million for all major US mobile carriers for selling the location data of customers to some agencies.
The Federal Communications Commission today proposed fines against the nation’s four largest wireless carriers for apparently selling access to their customers’ location information without taking reasonable measures to protect against unauthorised access to that information. As a result, T-Mobile faces a proposed fine of more than $91 million, AT&T faces a proposed fine of more than $57 million, Verizon faces a proposed fine of more than $48 million, and Sprint faces a proposed fine of more than $12 million, the FCC said in a statement on Friday.
The Enforcement Bureau of FCC opened this investigation after reports surfaced that a Missouri Sheriff, Cory Hutcheson, used a “location-finding service” operated by Securus, a provider of communications services to correctional facilities, to access the location information of the wireless carriers’ customers without their consent between 2014 and 2017.
“American consumers take their wireless phones with them wherever they go. And information about a wireless customer’s location is highly personal and sensitive. The FCC has long had clear rules on the books requiring all phone companies to protect their customers’ personal information. And since 2007, these companies have been on notice that they must take reasonable precautions to safeguard this data and that the FCC will take strong enforcement action if they don’t. Today, we do just that,” said FCC Chairman Ajit Pai.
“This FCC will not tolerate phone companies putting Americans’ privacy at risk.”
The FCC also admonished these carriers for apparently disclosing their customers’ location information, without their authorisation, to a third party.
The four major US carriers mentioned sold access to their customers’ location information to “aggregators,” who then resold access to such information to third-party location-based service providers (like Securus).
Although their exact practices varied, each carrier relied heavily on contract-based assurances that the location-based services providers (acting on the carriers’ behalf) would obtain consent from the wireless carrier’s customer before accessing that customer’s location information. (IANS)
Stung by the Cambridge Analytica scandal, Facebook has filed a federal lawsuit in California court against New Jersey-based data analytics firm OneAudience for secretly harvesting its users’ data.
According to the lawsuit, OneAudience improperly accessed and collected user data from Facebook and other social media companies by paying App developers to install a malicious Software Development Kit (SDK) in their apps.
“After a user installed one of these apps on their device, the malicious SDK enabled OneAudience to collect information about the user from their device and their Facebook, Google, or Twitter accounts, in instances where the user logged into the app using those accounts,” read the lawsuit. Security researchers first flagged OneAudience’s behaviour to Facebook as part of its data abuse bounty programme.
Facebook, and other affected companies, then took enforcement measures against OneAudience.
“Facebook’s measures included disabling apps, sending the company a cease and desist letter, and requesting their participation in an audit, as required by our policies. OneAudience declined to cooperate,” said Jessica Romero, Director of Platform Enforcement and Litigation. “This is the latest in our efforts to protect people and increase accountability of those who abuse the technology industry and users,” she added.
In November last year, Facebook and Twitter admitted that data of hundreds of users was improperly accessed by some third-party apps on Google Play Store as they logged into those apps.
Security researchers discovered that the One Audience and Mobiburn software development kits (SDK) provided access to users’ data, including email addresses, usernames, and recent tweets, on both the platforms.
Twitter and Facebook said they will notify those whose information was likely shared through apps.
Facebook has sued several third-party platforms in the recent past for scrapping users’ data, including Israeli surveillance vendor NSO Group that sells malicious software Pegasus to government agencies.
“Through these lawsuits, we will continue sending a message to people trying to abuse our services that Facebook is serious about enforcing our policies, including requiring developers to cooperate with us during an investigation, and advance the state of the law when it comes to data misuse and privacy,” said the company. (IANS)
The European Data Protection Board (EDPB) was warned the European Commission of the potential privacy risks of Google having access to Fitbit’s data.
This comes in the wake of the tech giant’s plan to scoop up the health and activity data of millions of Fitbit users, months after its parent company Alphabet acquired it.
Regulators are in the process of considering whether to allow the tech giant to gobble up all this data, TechCrunch reported on Thursday.
In a statement, the board writes: “There are concerns that the possible further combination and accumulation of sensitive personal data regarding people in Europe by a major tech company could entail a high level of risk to the fundamental rights to privacy and to the protection of personal data.”
It is pertinent to note that, as it stands today, Google is still waiting on regulatory approval for its Fitbit acquisition.
In the EU, how privacy is handled will have a huge impact on whether or not the deal goes through.
The EDPB also leaves a reminder that Google and Fitbit are obligated to conduct a transparent assessment of “the data protection requirements and privacy implications” regarding this merger. The US Justice Department has also raised concerns, according to 9to5Google.
Aplphabet-Google acquired Fitbit as a whole for $2.1 billion late last year, a deal that includes the user data of Fitbit customers including activity, sleep, location, and other health data. (IANS)