Tag: data

Largest Data Breach in History: *16 Billion* Login Credentials Exposed in Databases

Security researchers have uncovered potentially the largest data breach in history, comprising an astounding 16 billion login credentials, which include Apple accounts.

9to5Mac reports that a team of security researchers has stumbled upon a massive trove of stolen login credentials, exposing an unprecedented 16 billion records, including Apple accounts. The discovery, which researchers describe as “one of the largest data breaches in history,” has sent shockwaves through the cybersecurity community and raised serious concerns about the potential for widespread account takeovers, identity theft, and highly targeted phishing attacks.

The researchers, from the cybersecurity firm Cybernews, initially found a database containing 184 million records sitting unprotected on a web server last month. However, as they delved deeper, they realized that this was just one of many unsecured databases full of private information. Further investigation revealed an additional 29 datasets, each containing tens of millions to over 3.5 billion records. In total, the researchers uncovered a staggering 16 billion records, making this one of the biggest stolen login discoveries of all time.

What sets this breach apart from others is the freshness and organization of the data. The researchers emphasized that these are not just recycled old breaches, but rather “fresh, weaponizable intelligence at scale.” The neatly structured data, which includes URLs, usernames, and passwords, points to infostealers as the likely source. Infostealers are a type of malware specifically designed to collect login credentials in this exact format.

The implications of this breach are far-reaching and deeply concerning. With access to such a vast number of login credentials, cybercriminals can easily carry out account takeovers, steal identities, and launch highly targeted phishing campaigns. Apple accounts, which are among the exposed credentials, are particularly worrisome, as they can be used to access a wide range of sensitive information and services, including iCloud, Apple Pay, and the App Store. Other logins reportedly included in the massive datasets include Google, Facebook, instagram, Amazon, and many other popular web services.

Keep reading

‘This is insane:’ Lawmakers grill 23andMe exec on what sale means for genetic data

The bankruptcy sale of the direct-to-consumer genetic testing company 23andMe and its trove of genetic data has raised serious national security concerns among lawmakers on Capitol Hill. They want to know what will be done to make sure the data will stay out of the hands of adversaries like China.

“It’s hard to not sit here and listen to this conversation and not feel like we’re living through a sci-fi movie,” Rep. Melanie Stansbury, D-N.M., said during Tuesday’s House Oversight Committee hearing where 23andMe’s interim CEO Joe Selsavage and founder and former CEO Anne Wojcicki, who is also bidding to buy the company, appeared as witnesses.

“A private company has our data, they experience bankruptcy and now, we have no federal regulatory system to protect that data. And we’re concerned that foreign adversaries might purchase the company and thus, the data. I mean, this is insane. Like this is crazy,” Stansbury said.

Keep reading

Meta Is Accused of Flouting Privacy Rules With AI Training Data

Meta’s attempt to restart AI training using Europeans’ public social media activity has drawn renewed resistance, as the privacy rights organization noyb threatens fresh legal action. The group has formally challenged Meta’s latest move to mine user data, asserting the tech giant is sidestepping EU privacy obligations and advancing without regulatory clearance.

Following a halt in June 2024 prompted by regulatory concerns, Meta announced in April it would resume training its language models. This time, it intends to use public posts and user interactions, including with Meta AI, from adults across the European Union and European Economic Area.

The initial pause came after mounting pressure from the Irish Data Protection Commission and a wave of complaints submitted to authorities in various member states. According to Meta, a December opinion from the European Data Protection Board signaled that its approach satisfied legal standards.

Keep reading

New Montana Law Blocks the State From Buying Private Data To Skirt the Fourth Amendment

The Fourth Amendment to the U.S. Constitution is not long—only 54 words, in total. But its core premise can be summed up with a simple phrase: Come back with a warrant.

The Fourth Amendment protects people “against unreasonable searches and seizures.” Any law enforcement operative hoping to search or seize your “persons, houses, papers, [or] effects” must get a warrant, showing “probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

But in recent years, as Americans began storing larger portions of their personal information online, governments started buying this data, circumventing the Fourth Amendment’s guarantees of protection. This week, Montana became the first state to restrict the practice.

In 2018, the U.S. Supreme Court affirmed in Carpenter v. United States that the government cannot search a suspect’s cell phone without a warrant.

“A person does not surrender all Fourth Amendment protection by venturing into the public sphere,” including by storing personal information on their phone, Chief Justice John Roberts wrote for the majority. “Although such records are generated for commercial purposes,” that does not “negate” one’s “anticipation of privacy.”

But in the years since, governments have gotten around that pesky constitutional prohibition by simply buying people’s data, with the public’s money.

Companies have access to reams of information about their users, and they often sell that data—anonymized—to firms called data brokers, who then bundle it and sell it to other companies, like advertisers. “A large portion of data brokerage is used for identity verification or fraud prevention,” Paul Boutin wrote in Newsweek. “Much of it is used for traditional marketing.”

But governments got in on the action, too. Federal agencies like the IRS and Immigration and Customs Enforcement spent millions of dollars buying access to data that would otherwise require a warrant. In 2022, the Associated Press reported that police departments across the country had purchased and used “an obscure cellphone tracking tool, at times without search warrants, that gives them the power to follow people’s movements months back in time.”

Keep reading

Coinbase Customers’ Personal Data Stolen in Hack, Stock Drops

The cryptocurrency exchange Coinbase was recently targeted in a hacking incident that led to the personal data of thousands of customers being stolen, the company said in a May 15 statement.

According to a March 31 filing with the Securities and Exchange Commission (SEC), Coinbase had 9.7 million monthly transaction users (MTU) by the end of that month.

Since the company claims that less than 1 percent of MTUs have been impacted by the hack, the number of affected individuals could be around 97,000.

Hackers got access to names, addresses, phone numbers, emails, last four digits of Social Security numbers, masked bank account numbers and identifiers, government ID images such as driver’s licenses and passports, and account data such as balance snapshots and transaction history.

Hackers did not get access to login credentials or 2FA codes, private keys, customer funds and the ability to move these funds, Coinbase Prime accounts, Coinbase or Coinbase customer hot or cold wallets.

Following the revelation, Coinbase shares crashed by 7.2 percent on Thursday.

Keep reading

Gun Owners Group Calls for Inquiry into Firearms Industry’s Secret Sharing of Customer Data

A coalition of firearm owners is pressing federal regulators to investigate whether the National Shooting Sports Foundation (NSSF), the gun industry’s chief lobbying group, covertly exploited consumer data for political purposes, despite publicly promoting itself as a defender of privacy.

In a formal appeal submitted to three federal agencies, Gun Owners for Safety is demanding accountability over a long-running data-sharing operation first exposed by a ProPublica report.

That investigation revealed that for years, the NSSF quietly received personal details from gun buyers, collected by manufacturers, without informing those individuals that their information would be funneled into a political targeting effort.

The group’s letter, sent to the FBI, Federal Trade Commission (FTC), and the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), described the practice as “underhanded” and deceptive.

Malcolm Smith, a longtime gun owner and member of the group, underscored the nonpartisan stakes of the issue. “Gun owners’ privacy is not a partisan or ideological issue,” he wrote. “No matter the industry, exploiting customers’ private data like their underwear size and children’s ages in a secret scheme is reprehensible and cannot be permitted.”

Gun Owners for Safety, backed by the gun violence prevention group Giffords, operates across nine states and is composed of firearm owners who support tighter safeguards around gun ownership, including safety measures and enhanced background checks. The organization was launched in 2019 under the leadership of former Congresswoman Gabby Giffords, a gun violence survivor.

Regulatory responses to the complaint have been minimal so far. The ATF confirmed receipt of the letter but offered no additional comment. The FBI, FTC, and NSSF remained silent when approached by ProPublica for statements.

Though the NSSF is less widely known than the National Rifle Association, its influence spans the firearms business ecosystem, representing manufacturers, shooting ranges, ammunition retailers, and industry publishers.

Keep reading

Israeli Intelligence Is Now In Charge of Your Google Data

Google recently announced it would acquire Israeli-American cloud security firm Wiz for $32 billion. The price tag — 65 times Wiz’s annual revenue — has raised eyebrows and further solidified the close relationship between Google and the Israeli military.

In its press release, the Silicon Valley giant claimed that the purchase will “vastly improve how security is designed, operated and automated—providing an end-to-end security platform for customers, of all types and sizes, in the AI era.”

Yet it has also raised fears about the security of user data, particularly of those who oppose Israeli actions against its neighbors, given Unit 8200’s long history of using tech to spy on opponents, gather intelligence, and use that knowledge for extortion and blackmail.

Israel’s Global Spy Network

Wiz was established only five years ago, and all four co-founders — Yinon Costica, Assaf Rappaport, Ami Luttwak, and Roy Reznik — were leaders in Israel’s elite military intelligence unit, Unit 8200. Like many Israeli tech companies, Wiz is a direct outgrowth of the military intelligence outfit. A recent study found that almost fifty of its current employees are Unit 8200 veterans.

“That experience showed me the impact you can make when you combine great talent with amazing technology,” Rappaport said of his time in the military.

Former Unit 8200 agents, working hand-in-glove with the Israeli national security state, have gone on to produce many of the world’s most infamous malware and hacking tools.

Perhaps the most well-known of these is Pegasus, spyware used by governments around the world to surveil and harass political opponents. These include India, Kazakhstan, the UAE, and Saudi Arabia, the latter of which used the tool to spy on Washington Post journalist Jamal Khashoggi before he was assassinated by Saudi agents in Türkiye.

In total, more than 50,000 journalists, human rights defenders, diplomats, business leaders and politicians are known to have been secretly surveilled. That includes heads of state such as French President Emmanuel Macron, Pakistani Prime Minister Imran Khan and Iraqi President Barham Salih. All Pegasus sales had to be approved by the Israeli government, which reportedly had access to the data Pegasus’ foreign customers were accruing.

Unit 8200 also spies on Americans. Whistleblower Edward Snowden revealed that the National Security Agency regularly shared the data and communications of U.S. citizens with the Israeli intelligence group. “I think that’s amazing…It’s one of the biggest abuses we’ve seen,” he said.

For the Israeli government, the utility of these private spying firms filled with former IDF intelligence figures is that it allows it some measure of plausible deniability when confronted with spying attacks. As Haaretz explained: “Who owns [these spying companies] isn’t clear, but their employees aren’t soldiers. Consequently, they may solve the army’s problem, even if the solution they provide is imperfect.”

Today, former Unit 8200 agents not only create much of the world’s spyware, but also the security features that claim to protect against unwanted surveillance. A MintPress investigation found that three of the six largest VPN companies in the world are owned and controlled by an Israeli company co-founded by a Unit 8200 veteran.

Keep reading

Data of thousands of Israel soldiers leaked

A security breach on an external Israeli ticketing website led to sensitive data belonging to soldiers in the Israeli occupation army, including Chief of Staff Eyal Zamir and high-ranking officers, being made available online, Haaretz reported yesterday.

According to the report, the breach allowed access to personal information, including their full names, ID numbers and phone numbers, through the TickChak website, which is used by army units to offer recreational benefits to their employees.

The breach, coupled with the weak security of the website, allows anyone to access soldiers’ data simply by entering their ID number, without going through any additional verification. This allowed for the extraction and collection of personal information belonging to tens of thousands of soldiers.

The breach occurred using simple software tools created by an anonymous user identifying themselves as the “Persian Prince”. The user was able to run a programme that tested potential ID numbers and extracted the details of their owners.

Keep reading

House Republicans launch group for comprehensive data privacy legislation

Republican leaders on the House Committee on Energy and Commerce are forming a working group designed to help write a comprehensive data privacy bill.

John Joyce of Pennsylvania, the committee’s vice chairman and a physician, will lead the group, according to a press release issued on Wednesday. The working group currently includes nine Republicans and no Democrats.

The committee is inviting “stakeholders” to work with members to draft legislation that can “get across the finish line,” the press release said, quoting Joyce and committee Chairman Brett Guthrie of Kentucky.

Congressional leaders have worked on comprehensive data privacy legislation in the past, but have never succeeded in getting a floor vote due to sharp dissent over what protections and consumer rights should be included. In that vacuum, 13 states have enacted their own.

“We strongly believe that a national data privacy standard is necessary to protect Americans’ rights online and maintain our country’s global leadership in digital technologies, including artificial intelligence,” the Republicans’ announcement says. “We are hopeful that we can start building a strong coalition to address this important issue.”

In January, more than three dozen industry groups sent a letter to Republican and Democratic leaders of the Commerce Committee on each side of Congress, imploring them to pass data privacy legislation that would preempt the state laws.

The provisions proposed by the industry groups are similar to laws in states like Texas and Kentucky, which experts say are weaker than those in other states.

Data privacy legislation had been scheduled for a House Energy and Commerce markup last June but it was cancelled due to controversy over its text. 

Keep reading

Data Centers Are Eating the Grid Alive

The future of data centers is about to make a huge draw on the power grid. According to a DOE-backed report from Lawrence Berkeley National Lab, U.S. data center energy use could nearly triple by 2028, eating up as much as 12% of the country’s electricity. Why? Blame AI and its insatiable hunger for powerful chips and energy-guzzling cooling systems.

Currently, data centers are responsible for a modest 4% of U.S. power demand. But with AI servers becoming the star of the show, the power draw has already doubled since 2017. The GPU chips that are needed to run complex machine learning algorithms are pushing the limits of what the grid can handle. And then there is the heat they generate, causing cooling systems to work overtime.

The report warns that this growth could strain electrical grids, spike energy prices, and raise a few eyebrows about the climate impact. Researchers are calling for better transparency around energy use and efficiency improvements, but Big Tech isn’t exactly eager to spill the tea on their proprietary power habits.

And don’t count on renewables to ride to the rescue just yet. A study last month highlighted that scaling up solar and wind power isn’t happening fast enough to keep up with this demand surge. Plus, when the sun doesn’t shine or the wind doesn’t blow, the grid still needs fossil fuels to back it up.

Keep reading