This Week in Data Breaches: Collection of 841M Stolen Records For Sale Online
From a new collection of more than 840 million stolen records being sold on the dark web to a potential multibillion-dollar fine for Facebook looming on the horizon, here we round up the latest in data news.
Another Massive Collection of Stolen Data For Sale Online
A hacker who stole more than 840 million records from 32 websites is selling the stolen data for roughly $45,000 in Bitcoin on the dark web. The hacker released the stolen databases in multiple waves over the past two weeks. The treasure trove includes data from previously disclosed breaches such as MyFitnessPal (151 million records) and MyHeritage (92 million), as well as data from breaches that were not previously disclosed, including 500px (15 million) and Coffee Meets Bagel (6 million). Most of the data consists of usernames, passwords, and email addresses. A credential dump of this magnitude will most likely lead to another spike in credential stuffing attacks, similar to those seen in the wake of the Collection #1-5 leak in January.
To protect yourself, make sure you never reuse passwords across sites, setup a password manager to generate unique passwords for every online account, and turn two-factor authentication on for all accounts that support it. You can also use sites such as haveibeenpwned to check if any of your accounts have been compromised in a data breach. If you have an account on one of the affected sites, make sure you reset your password if you haven’t already. The full list of sites compromised in this latest collection includes: Dubsmash, 500px, EyEm, 8fit, Fotolog, Animoto, MyHeritage, MyFitnessPal, Artsy, Armor Games, Bookmate, CoffeeMeetsBagel, DataCamp, HauteLook, ShareThis, WhitePages, Ixigo, Houzz, YouNow, Ge.tt, Coinmama, Roll20, Stronghold Kingdoms, PetFlow, Legendas.tv, OneBip, StoryBird, Jobandtalent, Gyfcat, ClassPass, Pizap, and StreetEasy.
Read more from TechCrunch.
China Uses Facial Tracking to Monitor 2.6 Million People in Xinjiang
A new data leak has revealed that China is using facial recognition technology to track more than 2.6 million people in Xinjiang, a region where Uyghurs and other Muslim populations are under extensive surveillance. Reports suggest that millions are also being held in de facto detention camps in the region. SenseNets, a Chinese security contractor, leaked a database showing that the company collected more than 6.7 million GPS coordinates in a single 24-hour period, location data which was connected to names, addresses, ID numbers, photos, and employers and was being accessed by police departments, hotels, and other local authorities.
Along with GPS tracking, facial recognition cameras are ubiquitous in the region and have become one of the preferred methods of the Chinese security apparatus used to track and surveill ethnic minorities. China isn’t alone in its use of facial recognition technology by the police though, Amazon has recently come under fire for selling its facial recognition service, aptly named Rekognition, to law enforcement agencies in the US.
Read more from Wired.
Facebook Facing Record Multibillion-Dollar Fine
The Washington Post reported last week that Facebook and the Federal Trade Commission are in talks over what could be a multibillion-dollar fine to settle the company’s violations of its 2011 consent decree with the FTC. If settled, this would be the largest fine ever imposed by a US regulator for privacy violations. The FTC’s current investigation stems from last year’s Cambridge Analytica scandal, in which the personal information of 87 million Facebook users was obtained by the political consulting firm in an effort to build psychographic profiles of voters. If a multibillion-dollar settlement is reached it will mark the dawn of a new era for regulation of Big Tech and signal strict enforcement of consumer privacy protections by the agency moving forward.
Read more from the New York Times.
Bloom: Take Back Control of Your Data
At Bloom, we are giving you the tools to take back control of your data.
Bloom enables you to own, authorize the use of, and protect your data using the latest advancements in blockchain technology. With Bloom, the risk of your data being exposed in a data breach or leak is greatly reduced. No more centralized data storage. No more selling off your data to the highest bidder. No more risking identity theft. Your identity, and your highly sensitive personal and financial information, is securely safeguarded on your own personal device using cutting-edge cryptography.
