Its the most massive data breach in history when the data of 500 mn of its users was stolen in 2014
.repubhubembed{display:none;}
For Yahoo, troubled times are far from over. Just a day after it came to light that the personal information of at least 500 million of its users was stolen in a massive data breach in 2014 — the largest-known breach of user accounts — the company is now being sued for gross negligence over its….repubhubembed{display:none;}
Next Story
Over $200 mn fine for major US carriers for selling user location data
The US Federal Communications Commission (FCC) has proposed a fine of over $200 million for all major US mobile carriers for selling the location data of customers to some agencies.
The Federal Communications Commission today proposed fines against the nation’s four largest wireless carriers for apparently selling access to their customers’ location information without taking reasonable measures to protect against unauthorised access to that information. As a result, T-Mobile faces a proposed fine of more than $91 million, AT&T faces a proposed fine of more than $57 million, Verizon faces a proposed fine of more than $48 million, and Sprint faces a proposed fine of more than $12 million, the FCC said in a statement on Friday.
The Enforcement Bureau of FCC opened this investigation after reports surfaced that a Missouri Sheriff, Cory Hutcheson, used a “location-finding service” operated by Securus, a provider of communications services to correctional facilities, to access the location information of the wireless carriers’ customers without their consent between 2014 and 2017.
“American consumers take their wireless phones with them wherever they go. And information about a wireless customer’s location is highly personal and sensitive. The FCC has long had clear rules on the books requiring all phone companies to protect their customers’ personal information. And since 2007, these companies have been on notice that they must take reasonable precautions to safeguard this data and that the FCC will take strong enforcement action if they don’t. Today, we do just that,” said FCC Chairman Ajit Pai.
“This FCC will not tolerate phone companies putting Americans’ privacy at risk.”
The FCC also admonished these carriers for apparently disclosing their customers’ location information, without their authorisation, to a third party.
Also Read- Digital Media Giants Threaten to Suspend Services in Pakistan
The four major US carriers mentioned sold access to their customers’ location information to “aggregators,” who then resold access to such information to third-party location-based service providers (like Securus).
Although their exact practices varied, each carrier relied heavily on contract-based assurances that the location-based services providers (acting on the carriers’ behalf) would obtain consent from the wireless carrier’s customer before accessing that customer’s location information. (IANS)
Next Story
Facebook sues data analytics firm for harvesting users' data
Stung by the Cambridge Analytica scandal, Facebook has filed a federal lawsuit in California court against New Jersey-based data analytics firm OneAudience for secretly harvesting its users’ data.
According to the lawsuit, OneAudience improperly accessed and collected user data from Facebook and other social media companies by paying App developers to install a malicious Software Development Kit (SDK) in their apps.
“After a user installed one of these apps on their device, the malicious SDK enabled OneAudience to collect information about the user from their device and their Facebook, Google, or Twitter accounts, in instances where the user logged into the app using those accounts,” read the lawsuit. Security researchers first flagged OneAudience’s behaviour to Facebook as part of its data abuse bounty programme.
Facebook, and other affected companies, then took enforcement measures against OneAudience.
“Facebook’s measures included disabling apps, sending the company a cease and desist letter, and requesting their participation in an audit, as required by our policies. OneAudience declined to cooperate,” said Jessica Romero, Director of Platform Enforcement and Litigation. “This is the latest in our efforts to protect people and increase accountability of those who abuse the technology industry and users,” she added.
In November last year, Facebook and Twitter admitted that data of hundreds of users was improperly accessed by some third-party apps on Google Play Store as they logged into those apps.
Security researchers discovered that the One Audience and Mobiburn software development kits (SDK) provided access to users’ data, including email addresses, usernames, and recent tweets, on both the platforms.
Twitter and Facebook said they will notify those whose information was likely shared through apps.
Facebook has sued several third-party platforms in the recent past for scrapping users’ data, including Israeli surveillance vendor NSO Group that sells malicious software Pegasus to government agencies.
Also Read- Drivers of Expensive Cars More Dangerous to Pedestrians
“Through these lawsuits, we will continue sending a message to people trying to abuse our services that Facebook is serious about enforcing our policies, including requiring developers to cooperate with us during an investigation, and advance the state of the law when it comes to data misuse and privacy,” said the company. (IANS)
Next Story
Google accessing Fitbit data major privacy risk: EU advisors
The European Data Protection Board (EDPB) was warned the European Commission of the potential privacy risks of Google having access to Fitbit’s data.
This comes in the wake of the tech giant’s plan to scoop up the health and activity data of millions of Fitbit users, months after its parent company Alphabet acquired it.
Regulators are in the process of considering whether to allow the tech giant to gobble up all this data, TechCrunch reported on Thursday.
In a statement, the board writes: “There are concerns that the possible further combination and accumulation of sensitive personal data regarding people in Europe by a major tech company could entail a high level of risk to the fundamental rights to privacy and to the protection of personal data.”
It is pertinent to note that, as it stands today, Google is still waiting on regulatory approval for its Fitbit acquisition.
In the EU, how privacy is handled will have a huge impact on whether or not the deal goes through.
Also Read- Facebook and Twitter Remain Divided due to Bloomberg’s Video
The EDPB also leaves a reminder that Google and Fitbit are obligated to conduct a transparent assessment of “the data protection requirements and privacy implications” regarding this merger. The US Justice Department has also raised concerns, according to 9to5Google.
Aplphabet-Google acquired Fitbit as a whole for $2.1 billion late last year, a deal that includes the user data of Fitbit customers including activity, sleep, location, and other health data. (IANS)
