Search Results for “Financial Times”


July 19, 2019
Mehul Srivastava and Tim Bradshaw / Financial Times

Mehul Srivastava and Tim Bradshaw / Financial Times  
Spyware Company NSO Group Tells Prospective Clients It Can Scrape Users’ Data from Servers of Apple, Google, Facebook, Amazon, and Microsoft, Report

Notorious Israeli spyware company NSO Group, whose flagship malware Pegasus has been used by authoritarian regimes to spy on smartphones, has told buyers its technology can surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon, and Microsoft, according to sources familiar with the company’s sales pitch. Pegasus has evolved to capture ever greater amounts of information, including a target’s location data, archived messages or photos, according to people who shared documents with the Financial Times and described a recent product demonstration for the government of Uganda. The new capabilities are said to copy the authentication keys of services such as Google Drive, Facebook Messenger and iCloud, among others, from an infected phone, allowing a separate server to then impersonate the phone, including its location, giving open-ended access to the cloud storage of those apps without “prompting 2-step verification or warning email on target device,” according to the demonstration. Amazon, Facebook, and Microsoft say they have no evidence of Pegasus access to their cloud files but say they are investigating. Google has not responded.

Related: The Next Web, CNBC, Forbes, Digital Journal, MacRumors, The Loop, Tech Insider, The Mac Observer, AppleInsider, MediaNama: Digital Media in IndiaiPhone Hacks, Softpedia News, HotHardware.com, The Register – Security, SecurityWeek, MacDailyNews, Slashdot

Tweets:@Bing_Chris @hatr @josephfcox @zackwhittaker

The Next Web: NSO Group’s WhatsApp spyware can now snoop on your Facebook, Google, and iCloud data too
CNBC: Israeli security company reportedly has tool that spies on Apple, Google and Facebook cloud data
Forbes : Israel’s NSO Spyware Can Now Hack Google, iCloud And Facebook Via Phones: Report
Digital Journal: Israel spyware firm can mine data from social media: FT
MacRumors: Israeli Security Firm Claims Spyware Tool Can Harvest iCloud Data in Targeted iPhone Attack
The Loop: Israeli Security Firm Claims Spyware Tool Can Harvest iCloud Data in Targeted iPhone Attack
Tech Insider: The Israeli firm behind software used to hack WhatsApp boasted that it can scrape data from Amazon, Apple, Facebook, Google, and Microsoft cloud servers
Verdict: NSO denies having spyware that can hack cloud servers
The Mac Observer: NSO Group Tool Harvests Targeted iCloud Data
AppleInsider: Israeli spyware claims to beat Apple’s iCloud security
MediaNama: Digital Media in India: NSO spyware targets phones to get data from Google, Facebook, iCloud
HotHardware.com: NSO Claims Its WhatsApp Spyware Can Universally Hack iCloud, Google, Facebook, Amazon, Microsoft Cloud Data
The Register – Security: Israel’s NSO Group: Our malware? Slurp your cloud backups plus phone data? They’ve misunderstood
SecurityWeek: Israel Spyware Firm Can Mine Data From Social Media: FT
MacDailyNews: NSO Group says it can scrape data from Apple, Google, Facebook, Amazon, and Microsoft cloud services
Slashdot: NSO Spyware ‘Targets Big Tech Cloud Services’

@Bing_Chris: Per FT, new NSO sales pitch includes claim it can pull data from popular Cloud services. Also reveals Ugandan government had shown interest in capability. Comment from NSO spokesperson says "no mass collection" but that's clearly not the point.
@hatr: NSO seems to have a new pitch and new abilities. Accessing cloud data."This grants open-ended access to the cloud data of those apps without “prompting 2-step verification or warning email on target device”, according to one sales document."https://www.ft.com/content/95b91412-a946-11e9-b6ee-3cdf3174eb89 …
@josephfcox: NSO's malware can log into Facebook, Amazon etc, download content. FT has bizarrely framed this as an issue for the cloud services, when it's really about how end devices secure auth tokens. You own the device, you are the device. This will get dumb hyped
@zackwhittaker: I've been thinking about this FT story. The short of it is that NSO-developed spyware "can surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon and Microsoft," say people familiar with its sales pitch. (1/)


July 29, 2019
Emily Flitter and Karen Weise / New York Times

Emily Flitter and Karen Weise / New York Times  
Firewall Misconfiguration by Capital One Allowed Hacker to Steal Millions of Credit Applications, Social Security and Bank Account Numbers Affecting More Than 100 Million People in North America

In one of the largest cases of bank data theft ever, software engineer Paige Thompson hacked into a server holding customer information for Capital One, exploiting a firewall misconfiguration in the bank’s network to steal millions of credit card applications, federal prosecutors say. Thompson, who used the online handle “erratic” was the organizer of a group on Meetup, a social network, called Seattle Warez Kiddies, described as a gathering for “anybody with an appreciation for distributed systems, programming, hacking, cracking.” The F.B.I. noticed her activity on Meetup and used it to trace her other online activities, eventually linking her to posts describing the data theft on Twitter and the Slack messaging service. Thompson stole 140,000 U.S. Social Security numbers and 77,000 bank account numbers, along with one million Canadian social insurance numbers affecting more than 100 million people in the United States and Canada. A“firewall misconfiguration” by the bank had allowed Ms. Thompson to communicate with the server where Capital One was storing its information and, eventually, gain access to customer files, an FBI agent investigating the case said in court documents. Ms. Thompson worked as a systems engineer at Amazon from 2015 to 2016.

Related: CNN, Reuters, Associated Press, Axios, CNBC, NBC News, Politico, Capital One, The Register, Bloomberg, Washington Post, TechCrunch, TechCrunch, Wired, Justice.gov, Ars Technica, CNET, Wall Street Journal, The Verge, The Hill, Venture Beat, Law360, Reuters, Daily Mail,DataBreachToday.com, BGR, USATODAY, Business Insider, The Daily Swig, Newsweek, Financial Times, CRN, CRN, UPI.comDataBreaches.net, SecurityWeek, MobileSyrup.com, BetaNews, The Verge, GBHackers On Security, SlashGear » security, E-Commerce Times, CNN.com, PCMag.com, The VergeEvening Standard, EngadgetMarketWatch.com – Software Industry News, TechSpot, Digital Trends, Neowin, Fast Company, Mother Jones, New York Daily News, New on MIT Technology Review, FOX News, The Hacker News, Help Net Security, CBSNews.com, Fortune, Technology News | Boston.com, SecurityWeek, The Huffington Post, Cyberscoop, IT World Canada, ARN, The Guardian, Digital Trends, The Next Web, Android Central , GeekWire, SC Magazine, Techerati, SlashdotABC News: U.S., Graham Cluley, Japan Times,Security Affairs, Cyber Kendra, PYMNTS.com, Heavy.com, Computer Business Review, TechNadu, Silicon Republic, Infosecurity Magazine, The State of Security, DataBreaches.netGadgets Now, Courthouse News Service, BBC News – WorldBleepingComputer.comITV News, RT USA, AOL, New York Post, EJ Insight, Mercury News, TODAYonline, CBC , Deutsche Welle, Gizmodo, News : NPR, POLITICO, Gizmodo, Daily BeastGeekWire

Tweets:@zackwhittaker @briankrebs @cnbcnow @gregotto @yoda @RepKatiePorter @zackwhittaker @Wired @BleepingComputer @kimzetter @dnvolz @BleepingComputer @McGrewSecurity @weldpond @h0tdish @hacks4pancakes @RayRedacted @catcalvinla @malwarejake @somanyshrimp @TorresLuzardo

CNN: A hacker gained access to 100 million Capital One credit card applications and accounts
Reuters: Capital One reveals 100M affected by data breach, hacker arrested
Associated Press: Capital One says hacker gained access to personal information of more than 100 million people
Axios: 100 million credit card applications stolen from Capital One
CNBC: Capital One data breach exposes tens of thousands of Social Security numbers, linked bank accounts
NBC News: Over 100 million credit card applicants at risk in Capital One breach, Seattle woman arrested
Politico: Capital One reveals historic data breach after FBI arrests Seattle suspect
Capital One: Capital One Announces Data Security Incident
The Register: Capital One gets Capital Done: Hacker swipes personal info on 106 million US, Canadian credit card applicants
Bloomberg: Capital One Says Breach Hit 100 Million Individuals in U.S.
Washington Post: Capital One says data breach affected 100 million credit card applications
TechCrunch: Capital One’s breach was inevitable, because we did nothing after Equifax
TechCrunch: Capital One hacked, over 100 million customers affected
Wired: THE ALLEGED CAPITAL ONE HACKER DIDN’T COVER HER TRACKS
Justice.gov: Seattle Tech Worker Arrested for Data Theft Involving Large Financial Services Company
Ars Technica: Feds: former cloud worker hacks into Capital One and takes data for 106 million people
CNET: Capital One data breach involves 100 million credit card applications
Wall Street Journal: Capital One Reports Data Breach Affecting 100 Million Customers, Applicants
The Verge: Massive Capital One breach exposes personal info of 100 million Americans
The Hill: Woman arrested, accused of hacking 100 million Capital One records
Venture Beat : Capital One announces hack affecting 106 million U.S. and Canadian customers
Law360: Capital One Says Breach Impacted 106M As Suspect Arrested – Law360
Daily Mail : Ex-tech worker arrested for Capital One hack after stealing data from 100 million customers
DataBreachToday.com: Woman Arrested in Massive Capital One Data Breach
BGR: Hacker steals data for more than 100 million Capital One users, then brags about it and gets arrested
USATODAY: Massive data breach hits Capital One affecting more than 100 million customers
Business Insider: Capital One data breach, affecting tens of millions
The Daily Swig: Millions affected by Capital One data breach
Newsweek: Capital One Data Breach: How to Know, and What You Should Do, If Your Account Has Been Compromised
Financial Times: Capital One reports massive data breach
CRN: Capital One Breach Exposed Data From 106M Credit Card Applicants, Users
UPI.com: Capital One data breach affects 100M credit card applicants
DataBreaches.net: Capital One says data breach affected 100 million credit card applications
SecurityWeek: CapitalOne Discloses Massive Data Breach: 106 Million Impacted
MobileSyrup.com: Capital One data breach could have affected six million Canadian bank accounts
BetaNews: Personal details of 106 million Americans and Canadians stolen in huge Capital One data breach
The Verge: Massive Capital One breach exposes personal info of 100 million Americans
GBHackers On Security: Capital One Hacked – Over 100 Million Credit Card Application Data Exposed
SlashGear » security: Capital One hack affects over 100 million people in the US and Canada
E-Commerce Times: Equifax Data Breach Settlement No Wrist Slap
CNN.com: Worried about the Capital One hack? Here’s what to do
PCMag.com: Capital One Suffers Data Breach Affecting 100 Million Customers
Evening Standard: Capital One data breach 2019: What to do if you have been affected
Engadget: Capital One data breach affected 100 million in the US
MarketWatch.com – Software Industry News: Everything you need to know about the massive Capital One hack, but were afraid to ask
TechSpot: Capital One hack exposed 100 million US customers’ personal details
Digital Trends: New Capital One data breach affects 100 million people. Here’s the very latest
Neowin: Over 100 million accounts compromised after Capital One data breach
Fast Company: Capital One data breach: what was stolen and how to find out if you are affected
Mother Jones: What’s In Your Wallet?
New York Daily News: Capital One hit with data breach affecting some 100 million U.S. customers
New on MIT Technology Review: A hacker stole the personal data of 100 million Capital One customers
FOX News: Capital One data breach exposes info of 106M customers, applicants; suspect arrested
The Hacker News: Capital One Data Breach Affects 106 Million Customers; Hacker Arrested
Help Net Security: Capital One breach: Info on 106 million customers compromised, hacker arrested
CBSNews.com: Capital One data breach hits more than 100 million people
CNBC: Capital One data breach exposes tens of thousands of Social Security numbers, linked bank accounts
Fortune: Hacker May Have Stole Info About Millions of Capital One Customers, U.S. Says
Technology News | Boston.com: Capital One target of massive data breach
SecurityWeek: Capital One Target of Massive Data Breach
The Huffington Post: Credit Card Company Reveals 100 Million People May Be Affected By Hack
Cyberscoop: Capital One announces massive data breach; lone suspect arrested in Seattle
IT World Canada: Six million Canadians impacted by Capital One data breach
ARN: Capital One: hacker gained access to personal information of over 100 million Americans
The Guardian: Capital One: hacker stole data of over 100m Americans
Ars Technica: Hacker ID’d as former Amazon employee steals data of 106 million people from Capital One
Axios: 100 million credit card applications were stolen from Capital One
The Next Web: Capital One data breach compromises 106 million customers’ personal data
Android Central : Capital One breach exposes personal details of over 100 million customers
SC Magazine: Capital One hacker who stole personal info on 100M arrested | SC Media
AP Breaking News: Capital One target of massive data breach
Techerati: Capital One breach affecting 106 million customers caused by misconfigured cloud storage
Slashdot: Capital One Says Hacker Breached Accounts of 100 Million People; Ex-Amazon Employee Arrested
ABC News: U.S.: Capital One target of massive data breach
Graham Cluley: Woman arrested after Capital One hack spills personal info on 106 million credit card applicants
Japan Times: Hacker accesses over 100 million Capital One credit applications in massive data breach
Zero Hedge: Capital One Admits Massive Data Breach: 100 Million Americans Affected, Seattle Woman Arrested
Security Affairs: Capital One data breach: hacker accessed details of 106M customers before its arrest
Cyber Kendra: Capital One Suffered Data Breach 106 Million People Affected
PYMNTS.com: Cap One Hack Hits 100M Credit Card Applications
Heavy.com: Paige Adele Thompson: 5 Fast Facts You Need to Know
Computer Business Review: Capital One Hacker was Ex-AWS Employee
TechNadu: Capital One Reports a Major Data Breach Affecting 106 Million Individuals in the USA & Canada
Infosecurity Magazine: Capital One Breached by Cloud Insider in Major Attack
Tech Insider: Amazon’s cloud was at the heart of the big Capital One hack, even though it doesn’t seem to be at fault (AMZN, COF)
The State of Security: Woman arrested after Capital One hack spills personal info on 106 million credit card applicants
DataBreaches.net: Capital One says data breach affected 100 million credit card applications
Gadgets Now: Capital One hacked, says information of 100 million-plus users leaked
Reuters: Capital One says information of over 100 million individuals in U.S., Canada hacked
BBC News – World: Capital One data breach: Arrest after details of 100m US individuals stolen
TIME: Capital One Information Hacked in Massive Data Breach
NDTV Gadgets360.com: Capital One Bank Targeted in Massive Data Breach
BleepingComputer.com: Capital One Data Breach Affects 106 Million People, Suspect Arrested
ITV News: 100 million applications targeted in Capital One bank data breach
RT USA: 100mn+ people’s data exposed in Capital One bank hack, thousands of SSNs & accounts leaked
AOL: Capital One: information of over 100 mln individuals in U.S., Canada hacked
New York Post: Capital One reveals 100M affected by data breach, hacker arrested
EJ Insight: Capital One data breach affects millions in US, Canada
Mercury News: Capital One: Hacker got info on 100M in the US, 6M in Canada
CBC : Hacker obtained personal information of 6 million people in Canada
Deutsche Welle: Capital One data theft: US arrests ‘erratic’ hacker
Gizmodo: Hacker Claims to Be in Possession of Personal Info on Up to 20,000 LAPD Applicants
The Register: Capital One gets Capital Done: Hacker swipes personal info on 106 million US, Canadian credit card applicants
POLITICO: Capital One reveals historic data breach after FBI arrests Seattle suspect
Daily Beast: Tens of Millions of Credit Card Applications Stolen in Capital One Breach
GeekWire: Seattle engineer arrested for Capital One hack that affected 100M people

@zackwhittaker: Wow. Capital One discloses massive data breach: 100M in US, 6M in Canada. One person in FBI custody. Credit files, applications, the lot. Hard to see this as anything other than Equifax 2.0. (link: http://press.capitalone.com/phoenix.zhtml?c=251626&p=irol-newsArticle&ID=2405043) press.capitalone.com/phoenix.zhtml?…
@briankrebs: Nice write up. Yes, this appears to be her resume. Worked at Amazon 2015-2016
@cnbcnow: BREAKING: Capital One says data breach has “affected approximately 100M individuals in the United States & approximately 6M in Canada” but “no credit card account numbers or log-in credentials were“ taken and “99% of Social Security numbers” weren’t stolen
@gregotto: According to the FBI, a firewall misconfiguration was partly responsible for allowing Thompson to access the Capital One cloud storage
@yoda: what kind of wordsmith fuckery is this???
@RepKatiePorter: One week *to the day* after Equifax announced its settlement terms. It’s clear corporations won’t clean up their acts on their own. We need to create an enforceable federal data privacy standard, so I’m drafting that bill.
@zackwhittaker: Incredible. Capital One's data breach site is titled "Facts."And yet it also pulls this bullshit by saying that no Social Security numbers were breached... except for all the Social Security numbers that were breached.Fuck you, Capital One.
@Wired: On Monday, the FBI and Capital One disclosed a data breach of 106 million credit card applications, one of the biggest breaches of a major financial institution ever.And now someone has been arrested in connection with the crime:
@BleepingComputer: The suspect allegedly posted about her accessing of Capital One's data on GitHub. A security researcher saw her post and contacted Capital One.
@kimzetter: This Capital One breach definitely has more going on to it than the headlines suggest. Perhaps not a coordinated vuln disclosure gone wrong ?but something is def weird about it - she used Tor to access the data but then publicly posted the data to an account with her name?
@dnvolz: The arrested suspect behind the hack, Paige Thompson, is a former employee of Amazon Web Services, according to people familiar with the matter. She is accused of breaching a misconfigured Capitol One firewall to access data stored in AWS. via @nicole_hong
@BleepingComputer: This breach was discovered by a security researcher who responsibly disclosed a vulnerability to Capital One. After investigating the vulnerability, Capital One discovered that an unauthorized user accessed their systems and data between March 22 and 23, 2019.
@McGrewSecurity: Located the Capital One hacker's twitter (also thanks to those that backchanneled on the topic). Clearly they were/are in a bad state mentally/emotionally. I've deleted the earlier tweets about her. I hope they find some peace.
@weldpond: The FBI said the suspect, Paige A. Thompson, was apprehended after she “made statements on social media for evidencing the fact that she has information of Capital One, and that she recognizes that she has acted illegally,”
@h0tdish: Insider/ex employee threats and those who willingly commit crimes, creating, selling malware or stealing info via exploit/breach ARE NOT hero's & anyone who frames it that way has to explain why they're not currently launching a legal $ raiser for her but did for other criminals.
@hacks4pancakes: I feel a great disturbance in the Force, like dozens of Capital One cybersecurity analysts who were screaming futilely for into the wind for years were suddenly silenced.
@RayRedacted: I have removed all of my OSINT posts about the Capital One hacker, because it is clear that she is suffering from mental illness.Mental illness does not discriminate. It can affect anyone. I truly hope she gets the help she needs.
@catcalvinla: At this point, I’m getting like two breach notices a day. Who DOESN’T have my info?
@malwarejake: Takeaways from #CapitalOne: 1. Having a disclosure program may have saved them. I'm FAR less likely to report to an org that lacks a disclosure policy. (link: http://press.capitalone.com/phoenix.zhtml?c=251626&p=irol-newsArticle&ID=2405043) press.capitalone.com/phoenix.zhtml?…
@somanyshrimp: Losing your personal information in a massive data breach is just a thing that happens now, like 110 degree days and regular mass shootings
@TorresLuzardo: I'm trying to come up with an analogy but there's really no topping this.No SSNs were stolen except 140,000 of them.


July 22, 2019
Stacy Cowley / New York Times

Stacy Cowley / New York Times  
Equifax Settles State, Federal and Consumer Claims Over 2017 Data Breach With Record-Breaking Payments of Nearly $700 Million

In the largest settlement reached for a data breach, credit bureau Equifax will pay at least $650 million and potentially more to end an array of state, federal and consumer claims over a 2017 data breach that exposed the sensitive personal and financial information of more than 148 million people. The deal requires Equifax to put a minimum of $380.5 million into a restitution fund for American consumers who file claims showing that they were financially harmed, with at least $300 million going to consumers. The balance is reserved for attorneys’ fees, according to settlement documents. If the initial cash is depleted, the company will add up to $125 million more to settle consumers’ claims, bringing the total fund size to more than $500 million. Equifax also agreed to provide up to 10 years of free credit monitoring services to those who had their data exposed and the settlement assumes seven million people will sign up for that service. If more consumers sign up for credit monitoring, Equifax’s costs could rise substantially. Equifax will pay an additional $175 million in fines to end investigations by 50 attorneys general. The settlement also resolves investigations by the Consumer Financial Protection Bureau, to which Equifax will pay a $100 million fine, and the Federal Trade Commission.

Related: ARN, PYMNTS.com, ZDNet Security, Washington Post, Silicon Republic, CNBC, Silicon UK, Tom’s Hardware, Reuters, NDTV Gadgets360.com, SecurityWeek, Silicon UK, Tom’s Hardware, CISO MAG, Equifax, Financial Times, The Guardian, Courthouse News Service, TribLIVE, Mercury News, AP Breaking News, Techdirt, Fast Company,The Huffington Post, The Hill: Cybersecurity, ABC News: U.S., TIME, Chicago Tribune, Technology – Boston.com, Reuters, NDTV Gadgets360.com, SecurityWeek, Miami Herald, The Verge, WRAL Tech Wire, TechCrunch, Geek News Central, Zero Hedge, CNN.com, Homeland Security Today, VentureBeat, USA Today, AppleInsider, Security Magazine, CNET News, Wall Street Journal, News : NPRDataBreachToday.com, UPI.com, Security Affairs, SecurityWeek

ARN: Equifax nears deal to pay about US$700 million to settle US data breach probes
PYMNTS.com: Equifax Nears $700M Settlement For Data Breach
ZDNet Security: Equifax, regulators close to signing $700m deal to settle data breach lawsuits
Washington Post: Equifax to pay up to $700 million to settle state and federal investigations into 2017 security breach
Silicon Republic: Equifax data breach may cost the company $700m
CNBC: Equifax to pay up to $650 million in data breach settlement
Silicon UK: Equifax To Pay $700m For Data Breach Settlement
Tom’s Hardware: Reports: Equifax Will Pay $700 Million for 2017 Data Breach
Reuters: Equifax to pay up to $650 million in data breach settlement
NDTV Gadgets360.com: Equifax Set to Pay Around $700 Million for 2017 Data Breach: Report
SecurityWeek: Report: Equifax to Pay $700 Million in Breach Settlement
Silicon UK: Equifax To Pay $700m For Data Breach Settlement
Tom’s Hardware: Reports: Equifax Will Pay $700 Million for 2017 Data Breach
CISO MAG: Equifax to pay $700 million for data breach settlement
Equifax: EQUIFAX DATA BREACH SETTLEMENT
Financial Times: Equifax to pay up to $700m in data breach settlement
The Guardian: Equifax to pay $700m over breach that exposed data of 150m people
Courthouse News Service: Equifax to Pay $700M in Data Breach Settlement
TribLIVE: Equifax to pay up to $700M in data breach settlement
Mercury News: California Supreme Court rules defense in murder case can obtain private Facebook, Instagram and Twitter posts
AP Breaking News: Equifax to pay up to $700M in data breach settlement
Techdirt: FTC’s YouTube Privacy Settlement Pisses Everyone Off; Perhaps We’re Doing Privacy Wrong
Fast Company: Equifax forced to pay $4 per person in data breach
The Huffington Post: Equifax To Pay Up To $650 Million In Data Breach Settlement
The Hill: Cybersecurity: Equifax to pay up to $700 million to feds, states in 2017 data breach settlement
ABC News: U.S.: Equifax to pay up to $700M in data breach settlement
TIME: Equifax Will Pay Up to $700 Million in Data Breach Settlement
Chicago Tribune: Equifax will pay up to $700M over data breach that exposed personal info of 150 million
Technology – Boston.com: Equifax to pay up to $700M in data breach settlement
Reuters: Equifax to pay up to $650 million in data breach settlement
NDTV Gadgets360.com: Equifax Set to Pay Around $700 Million for 2017 Data Breach: Report
SecurityWeek: Equifax to Pay up to $700 Million to Consumers, Authorities Over 2017 Breach
Miami Herald: Equifax to pay up to $700M in data breach settlement
The Verge: Equifax agrees to settlement of up to $700 million over 2017 data breach
WRAL Tech Wire: Infographic: Breaking down the Equifax settlement
TechCrunch: FTC hits Equifax with fine of up to $700M for 2017 data breach
Geek News Central: Equifax Will Pay $575 Million as Part of Settlement With FTC
Zero Hedge: Equifax Will Pay $700 Million To Settle Data Breach Probe
CNN.com: Equifax exposed 150 million Americans’ personal data. Now it will pay up to $700 million
Homeland Security Today: Equifax Agrees to Pay $701 Million to Consumers, Agencies in 2017 Data Breach
VentureBeat: Equifax to pay at least $575 million settlement for 2017 data breach
USA Today: Equifax to pay up to $700 million in FTC settlement over security breach
AppleInsider: Equifax to pay $700 million for breach of 140 million Americans’ data
Security Magazine: Equifax to Pay $700M for 2017 Data Breach
CNET News: Equifax to pay at least $575M as part of FTC settlement – CNET
Wall Street Journal: Equifax to Pay Up to $700 Million in Data Breach Settlement
News : NPR: Equifax To Pay Up To $700 Million In Data Breach Settlement
DataBreachToday.com: Equifax Negotiates Potential $700 Million Breach Settlement
UPI.com: Equifax to pay up to $700M for 2017 data breach
Security Affairs: WSJ says Equifax to Pay $700 million settlement for 2017 breach
SecurityWeek: Report: Equifax to Pay $700 Million in Breach Settlement


July 24, 2019
MARCY GORDON and BARBARA ORTUTAY / Associated Press

MARCY GORDON and BARBARA ORTUTAY / Associated Press  
FTC Privacy Probe Settlement Imposes $5 Billion Penalty, New Restrictions and Modified Corporate Structure on Facebook, Mark Zuckerberg Held Personally Responsible for Privacy Programs Compliance

The Federal Trade Commission (FTC) announced that Facebook will pay a record-breaking $5 billion penalty and submit to new restrictions and a modified corporate structure to hold the company accountable for the decisions it makes about its users’ privacy. The fine and new restrictions settle an FTC investigation into whether Facebook violated a 2012 FTC order by deceiving users about their ability to control the privacy of their personal information specifically in regards to the data of  87 million Facebook users used without their permission in the Cambridge Analytica scandal. Under the settlement between Facebook and the FTC, Mark Zuckerberg is held personally responsible in a limited fashion and will have to personally certify his company’s compliance with its privacy programs. False certifications could expose him to civil or criminal penalties.

Related: Gadgets Now, NDTV Gadgets360.com, The Drum, Al Bawaba, CCN, The Guardian, Wall Street Journal, CNET, E-Commerce Times, PYMNTS.com, Tech Insider, Tech Insider, MarketWatch.com – Software Industry New, Asia One World, Reuters, Federal Trade Commission, Politico, Vox, CNET, FOX News, Voice of America, Washington Post, Zero Hedge, Axios, AndroidHeadlines.com, TechCrunch, Facebook Newsroom, The Verge, TechCrunch, TIME, LA Daily News, CNET, Wall Street Journal, Technology News | Boston.com, The Age, Al BawabaUSA Today, Gizmodo, New York Times, Financial Times, News : NPR, USA Today, CNBC, TechJuice, Telecomlive.com, Courthouse News Service, TribLIVE, NYT > Business Day, CBC , Star Tribune, Chicago Tribune, CNBC, Engadget, Telecompaper Headlines, CCN, AppleInsider, CPO MagazineSky News, 9to5Mac, Tech Insider, Bloomberg, NDTV Gadgets360.com, VentureBeat

Tweets:@sarahfrier @sarahfrier @jtrevorhughes @DaveLeeBBC @ashk4n

Gadgets Now: Facebook to create privacy panel, pay $5 billion to US to settle allegations
NDTV Gadgets360.com: Facebook Said to Agree to Create Privacy Panel as Part of US FTC Settlement
The Drum: Facebook appoints board-level privacy panel as part of $5bn US FTC settlement
Al Bawaba: Facebook to Pay $5 Billion Fine Over Users’ Privacy Violations
CCN: Facebook’s Stock Falters as the DOJ Knives Come Out
The Guardian: Facebook agrees to pay $5bn in vast privacy settlement, insiders say
Wall Street Journal: Facebook Expected to Settle SEC Claims of Inadequate Disclosures Over Privacy Practices
CNET: Facebook to settle with SEC after probe into privacy practices
E-Commerce Times: Facebook Unfazed by $5B FTC Settlement
PYMNTS.com: Facebook Could Pay $100M To Settle SEC Investigation
Tech Insider: ‘Too cheap to keep ignoring’: Wall Street thinks Facebook is set to soar because its loyal users outweigh its endless scandals (FB)
MarketWatch.com – Software Industry News: The Wall Street Journal: Facebook set to pay fine of more than $100 million to settle SEC investigation
Asia One World: Facebook agrees to pay $6.8 billion fine over privacy issues; will set up privacy panel
Reuters: Facebook to create privacy panel, pay $5 billion to U.S. to settle allegations
Federal Trade Commission: FTC Imposes $5 Billion Penalty and Sweeping New Privacy Restrictions on Facebook
Politico: FTC announces $5B settlement with Facebook
Vox: Facebook will pay the US government a $5 billion fine for privacy failures — but it won’t have to change the way it does business
CNET: Facebook agrees to $100 million SEC settlement after privacy probe
FOX News: Facebook pays historic $5B fine and agrees to new privacy regulations as part of massive settlement
Voice of America: Big Tech Faces Broad US Justice Department Antitrust Probe
Washington Post: U.S. government issues stunning rebuke, historic $5 billion fine against Facebook for repeated privacy violations
Zero Hedge: Facebook To Pay Record $5 Billion Fine In FTC Settlement
Axios: Facebook settles with FTC regulators over privacy
AndroidHeadlines.com: FTC Slaps Facebook With $5B Fine Over Cambridge Analytica Scandal
TechCrunch: Facebook ends friend data access for Microsoft and Sony, the last 2 of its legacy partners, under FTC deal
Facebook Newsroom: Cleaning Up Data Access for Partners
The Verge: FTC hits Facebook with $5 billion fine and new privacy checks
TechCrunch: Facebook settles with FTC: $5 billion and new privacy guarantees
TIME: Facebook Agrees to Pay Record $5 Billion Settlement in Privacy Investigation
LA Daily News: FTC fines Facebook $5 billion, adds limited oversight on privacy
CNET: Facebook agrees to $100 million SEC settlement after privacy probe
Wall Street Journal: Facebook Expected to Settle SEC Claims of Inadequate Disclosures Over Privacy Practices
Technology News | Boston.com: FTC fines Facebook $5B, adds limited oversight on privacy
The Age: Facebook to pay record $7.1b fine over privacy violations
Al Bawaba: Facebook to Pay $5 Billion Fine Over Users’ Privacy Violations
USA Today: Facebook fined $5 billion by FTC, must update and adopt new privacy, security measures
Gizmodo: Report: FTC to Accuse Facebook of Using 2FA Numbers for Ads, Hiding Facial Recognition Settings
New York Times: Facebook Fined $5 Billion and Ordered to Add Oversight of Data Practices
Financial Times: Facebook to pay $5bn to resolve probe into privacy violations
News : NPR: FTC To Hold Facebook CEO Mark Zuckerberg Liable For Any Future Privacy Violations
USA Today: Facebook fined $5 billion by FTC, must update and adopt new privacy, security measures
CNBC: FTC slaps Facebook with record $5 billion fine, orders privacy oversight
TechJuice: Facebook won’t have to admit guilt in shocking user privacy settlement
Telecomlive.com: Why $5-bn fine is just the tip of the iceberg of Facebook’s settlement woes
Courthouse News Service: FTC Fines Facebook $5 Billion for Privacy Violations
CBC : FTC fines Facebook $5B for privacy violations
Star Tribune: FTC fines Facebook $5B, adds limited oversight on privacy
Chicago Tribune: Feds fine Facebook $5 billion for privacy violations, establish new oversight
CNBC: FTC slaps Facebook with record $5 billion fine, orders privacy oversight
Engadget: Facebook will pay $5 billion fine for Cambridge Analytica data breaches
Wall Street Journal: Facebook Agrees to Pay $5 Billion in FTC Settlement
Telecompaper Headlines: FTC confirms USD 5 bln fine and 20-year compliance agreement for Facebook privacy violations
CCN: Facebook’s Stock Falters as the DOJ Knives Come Out
AppleInsider: Facebook fined $5B by FTC over Cambridge Analytica scandal charges
CPO Magazine: Record-Setting $5 Billion Facebook Fine Too Little Too Late?
Sky News: Facebook to pay record $5bn fine to end US privacy probe
9to5Mac: [Update: It’s official] Facebook fined record $5 billion by FTC for privacy violations
Bloomberg: Facebook’s FTC Privacy Settlement Won’t Hinder Ad Business
NDTV Gadgets360.com: Facebook Said to Agree to Create Privacy Panel as Part of US FTC Settlement
VentureBeat: Facebook to create a privacy panel as part of $5 billion FTC settlement

@sarahfrier: Tucked deep in Facebook’s announcement of the $5 billion FTC settlement is the announcement of a $100 million SEC settlement
@sarahfrier: Both the FTC and Facebook are telling you the $5 billion settlement fundamentally changes how Facebook operates. But the company will still be able to collect the same data and target ads in the same way. @KurtWagner8 and I explain
@jtrevorhughes: Official now. Just as Mueller hearing starts.FTC Imposes $5 Billion Penalty and Sweeping New Privacy Restrictions on Facebook
@DaveLeeBBC: Facebook’s $5bn fine confirmed by FTC. Company must appoint privacy compliance officers + undergo privacy audits of which Zuckerberg must personally be a part. Also this morn - US financial regulator fines FB additional $100m for misleading investors.
@ashk4n: 1) UPDATE: Having now fully digested the FTC settlement and complaint, I'm of the opinion that this was a *terrible* outcome for our leading privacy regulator and a very sweet deal for @Facebook


September 4, 2019
Natasha Singer and Kate Conger / New York Times

Natasha Singer and Kate Conger / New York Times  
Google and YouTube to Pay $170 Million to Settle Allegations by FTC, New York Attorney General That YouTube Violated COPPA by Illegally Collecting Children’s Personal Information

In the largest penalty paid to date for violation of a key children’s online protection law, Google and its subsidiary YouTube will pay a record $170 million to settle allegations by the Federal Trade Commission and the New York Attorney General that YouTube illegally collected personal information from children without their parents’ consent. Google and YouTube will pay $136 million to the FTC and $34 million to New York for allegedly violating the Children’s Online Privacy Protection Act (COPPA) Rule. The FTC and the New York Attorney General allege that YouTube collected personal information in the form of persistent identifiers that are used to track users across the Internet from viewers of child-directed channels, without first notifying parents and getting their consent. YouTube also agreed to create a system that asks video channel owners to identify the children’s content they post so that targeted ads are not placed in such videos. YouTube must also now obtain consent from parents before collecting or sharing personal details like a child’s name or photos. Critics, including Senator Ed Markey (D-MA), who sponsored COPPA back in 1998, say the settlement is merely slap on the wrist for Google given the Internet company’s massive financial resources and revenues.

Related: Financial Times, AppleInsider, CNBC, Bloomberg, New York PostBBC News – Home, ITWeb.co.za latest news, FOX News, The Verge, Technology News | Boston.com, City A.M. – Technology, Ars Technica, AP Breaking News, VentureBeat, TIME, POLITICO EU, Tech Insider, Axios, RT News, WRAL Tech Wire, Federal Trade Commission, New York Attorney General

Tweets:@alfredwkng

Financial Times: Google and YouTube pay $170m to settle child privacy claims
AppleInsider: Google fined $170M for violating children’s privacy
CNBC: YouTube will pay $170 million to settle claims it violated child privacy laws
Bloomberg: Google to Pay $170 Million for YouTube Child Privacy Breaches
New York Post: Google fined $170M for YouTube’s violation of child privacy laws
BBC News – Home: YouTube fined $170m in US over children’s privacy violation
ITWeb.co.za latest news: Google to spend $200m on YouTube settlement
FOX News: YouTube to pay massive $170M fine as it settles claims it violated children’s privacy laws
The Verge: Google will pay $170 million for YouTube’s child privacy violations
Technology News | Boston.com: The Latest: Advocacy groups disappointed in YouTube-FTC deal
City A.M. – Technology: Google accused of sharing personal data with advertisers
Ars Technica: YouTube fined $170 million for violations of children’s privacy
AP Breaking News: YouTube to pay $170M fine after violating kids’ privacy law
VentureBeat: FTC fines YouTube $170 million for alleged child privacy violations
TIME: YouTube Fined $170 Million for Collecting Kids’ Data Without Parental Consent
POLITICO EU: Google’s YouTube hit with $170M fine over children’s privacy
Tech Insider: Google will pay $170 million to settle allegations that YouTube illegally collected kids’ data without their parents consent (GOOGL, GOOG)
Axios: Google to pay $170 million over claim that YouTube violated child privacy law
RT News: YouTube to cough up $170mn in fines over charge of grabbing kids’ data
WRAL Tech Wire: Feds fine YouTube $170M for collecting kids’ data without parents’ consent
Federal Trade Commission: Google and YouTube Will Pay Record $170 Million for Alleged Violations of Children’s Privacy Law
New York Attorney General: AG James: Google And Youtube To Pay Record Figure For Illegally Tracking And Collecting Personal Information From Children

@alfredwkng: . @SenMarkeywas the author of COPPA back in 1998. On today's settlement with YouTube, he says: "This settlement makes clear that this FTC stands for ‘Forgetting Teens and Children’."


August 25, 2019
Mike Baker / New York Times

Mike Baker / New York Times  
Astronaut Accused of Unauthorized Bank Account Access, ‘Identity Theft’ While in Space Amid Marital Conflict

In what may be the first allegation of criminal wrongdoing in space, Anne McClain, a decorated NASA astronaut on a six-month mission aboard the International Space Station admitted she had accessed the bank account of her estranged spouse Summer Worden while in space. The alleged unauthorized access prompted Worden to file a complaint with the Federal Trade Commission and her family to lodge one with NASA’s Office of Inspector General accusing McClain of identity theft and improper access to Worden’s private financial records. McClain said she was doing what she had always done, with Ms. Worden’s permission, to make sure the family’s finances were in order.

Related: The Independent, Irish Times, Quartz, Telegraph, Engadget, Heavy.com, CTOvision.com, TIME, Atlanta Journal-Constitution, New York Post, RT News, BBC News, KPRC Houston

Tweets:@laurence_diver @MalwareJake @ICS_SCADA

The Independent : Nasa investigating first ever ‘space crime’ as astronaut accused of committing theft from ISS
Irish Times : How a bitter divorce on Earth led to a claim of crime in space – The Irish Times
Quartz : NASA is investigating what may be the first space crime – Quartz
Telegraph : The first crime in space? Nasa investigates an unprecedented divorce case
Engadget : Divorce dispute leads to accusation of crime in space
Heavy.com: Anne McClain: 5 Fast Facts You Need to Know
CTOvision.com: Potential Malicious Use Of IT By NASA Astronaut While On Orbit: Thought provoking but probably not hacking
TIME: Divorcing Spouse Claims NASA Astronaut Committed Crime in Space: Report
Atlanta Journal-Constitution : Astronaut accused of hacking former spouse’s bank account from space – Atlanta Journal Constitution
Daily Mail : NASA investigates claims an astronaut accessed wife’s bank account from space
Business Insider : An astronaut may have committed the first space crime while aboard the International Space Station – Business Insider
New York Post: NASA astronaut accused of stealing her estranged wife’s identity from space
RT News: NASA astronaut accused of hacking ex-spouse’s bank account from space
BBC News: Nasa said to be investigating first allegation of a crime in space
KPRC Houston: Houston astronaut accused of hacking ex-spouse’s bank account from space

@laurence_diver: NASA said to be investigating first allegation of a crime in space
@MalwareJake: Do our laws cover hacking crimes committed in space? I'm sure some do, but I'll bet there's some legislation that doesn't account for this...
@ICS_SCADA: Who has jurisdiction? Space Marshals or FBI? I didn’t realize that folks had much time on their hands up there. Oh well


October 10, 2019
Jack Nicas / New York Times

Jack Nicas / New York Times  
Apple Caves to Chinese State Criticism and Pulls App That Allowed Hong Kong Protesters to Track Police

In a move among several recent developments that shows the power of the Chinese state to dictate policies by American companies, Apple removed an app, HKmap.live, from its app store that enabled protesters in Hong Kong to track the police, a day after facing intense criticism from Chinese state media for it. Apple’s removal of the app followed an editorial by the People’s Daily, the flagship newspaper of the Chinese Communist Party, that accused Apple of aiding “rioters” in Hong Kong. Apple said it verified with the Hong Kong Cybersecurity and Technology Crime Bureau that the app has been used to target and ambush police, threaten public safety, and criminals have used it to victimize residents in areas where they know there is no law enforcement.

Related: The Next Web, Reuters, Forbes, ZDNet Security, News.com, Apple Insider, Newsweek, Israel National News, South China Morning Post, The Korea Times News, Hong Kong Free Press HKFPPOLITICO, Financial Times, iMoreDaring FireballFortune, Security, Privacy & Tech Inquiries, EJ Insight, The New Daily, RT News, rthk.hk Local, WRAL Tech Wire, MacRumors, TechCrunch, Tech Insider, iPhone Hacks, MacRumors, Silicon Republic, Tech Insider, Z6 Mag, Global Voices, ReutersFortune  iMore, Tech Insider, WRAL Tech Wire, Fortune, Z6 Mag, BBC News, CRN, NDTV, Telegraph, QuartzNaked Security, EFF, Threatpost

Tweets:@juhasaarinen @Pinboard @thegrugq @jpwarren @jeffstone500

The Next Web : Apple bans app that warns Hong Kong citizens about police activity, again
Reuters : Apple pulls police-tracking app used by Hong Kong protestors after consulting authorities
Forbes : Apple Removes App Used To Track Hong Kong Police After Pressure From China
ZDNet Security: Apple pulls HKmap.live from app store
News.com.au : Apple bans app after China threat
Apple Insider : Apple again pulls police monitoring app from Hong Kong app store
Newsweek: What is HKmap? Apple’s Removal of App Used by Hong Kong Protesters is ‘Political Decision to Suppress Freedom,’ Devs Say
Israel National News : Apple withdraws Hong Kong police-tracking app
South China Morning Post: Swedish tech firm Yubico hands Hong Kong protesters free security keys amid fears over police tactics online
The Korea Times News: Swedish firm gives Hong Kong protesters security keys amid police hacking fear
Hong Kong Free Press HKFP: ‘You’re not alone’: Hong Kong activists united over raising awareness about gender-based violence
POLITICO: U.S. passing Hong Kong human rights and democracy act will ‘punish the wrong people,’ says ex-Trump envoy
Financial Times: Apple pulls Hong Kong map used by protesters from App Store
iMore : Hong Kong mapping app removed from App Store
Daring Fireball: Apple Removes HKmap.live From App Store
Fortune: Apple Removes Hong Kong Protest Map From App Store The Day After Beijing Complains
Security, Privacy & Tech Inquiries: Censorship-resilient apps with Progressive Web Applications
EJ Insight: Apple pulls HK police-tracking app after China criticism
The New Daily: Apple removes Hong Kong police tracker app
RT News: Apple removes app that Hong Kong protesters used to track police movements following vandalism, attacks on officers
rthk.hk Local: Apple pulls HK protester app after Beijing warning
WRAL Tech Wire: Apple drops Hong Kong activists app; Huawei may be able to buy some US goods
MacRumors: Apple Pulls Hong Kong Protest App From App Store Following Chinese Criticism
TechCrunch: Apple pulls HKmap from App Store, the day after Chinese state media criticized its “unwise and reckless decision” to approve it
Tech Insider: China’s grip on Apple tightens as it boots a Hong Kong police-tracking app and news app Quartz
iPhone Hacks: Tim Cook Explains Why Apple Removed the Controversial Hong Kong Protest App
MacRumors: Tim Cook Defends Removal of Hong Kong Mapping App From App Store in Leaked Memo
Silicon Republic: Apple accused of bowing to political pressure amid Hong Kong app removal
Tech Insider: Hong Kong lawmaker who relied on the banned HKMap Live app warns Apple from becoming an ‘accomplice for Chinese censorship’
Z6 Mag: Apple CEO Tim Cook justifies removal of Hong Kong maps app from App Store
Global Voices: Google removes Hong Kong protester role-playing game from its Play Store
Reuters : Apple pulls app used to track Hong Kong police, Cook defends move
Fortune: Apple CEO Tim Cook Defends Decision to Drop Hong Kong Protest Map From App Store After China Complaint
iMore: Read Charles Mok’s open letter to Tim Cook about Hong Kong
Tech Insider: Hong Kong lawmaker who relied on the banned HKMap Live app warns Apple from becoming an ‘accomplice for Chinese censorship’
WRAL Tech Wire: Tim Cook’s choice: Apple kowtows to China or face punishing costs
Fortune: Apple CEO Tim Cook Defends Decision to Drop Hong Kong Protest Map From App Store After China Complaint
Z6 Mag: Apple CEO Tim Cook justifies removal of Hong Kong maps app from App Store
BBC News : Few convinced by Apple’s case for Hong Kong app removal – BBC News
CRN : Apple criticised for pulling app that tracks Hong Kong police
NDTV : Apple Removes Quartz News App From China App Store Over Hong Kong Protest Coverage
Telegraph : Fury as Apple pulls US news app Quartz from China ‘over Hong Kong coverage’
Quartz: Tim Cook doesn’t seem to know how the Hong Kong app Apple removed actually works
Naked Security: Apple removes app that tracks Hong Kong police and protestors
EFF: China’s Global Reach: Surveillance and Censorship Beyond the Great Firewall
Threatpost: China’s Sway Over Tech Companies Tested with Apple, Blizzard

@juhasaarinen: Apple pulls http://HKmap.live from app store https://zd.net/2nxabSt via @ZDNet & @dobes
@Pinboard: This is important. Note the hypothetical language used here by Hong Kong police—they contacted "several app stores" (presumably including Apple) with the complaint that @hkmaplive "could leak the officers' whereabouts, which could facilitate the criminals to ambush our officers."
@thegrugq: This pure information warfare attack surface is brilliant. Blizzard punished a player for being pro Hong Kong. Players are attempting to get Blizzard games banned by Chinese censors. Winnie the Pooh is already censored due to memes about Xi, so this isn’t too unrealistic a goal.
@jpwarren: I am doubling my order of @Yubico keys and telling everyone I know to do the same, because of their principled stance on Hong Kong. And so should you. Please RT.
@jeffstone500: Censorship is just the beginning. China is using powerful DDoS attacks to knock foreign websites offline, per @EFF @Mala. Recent victims include Telegram, a Hong Kong protest forum, and social media outside government control.


August 15, 2019
Jordan Novet / CNBC

Jordan Novet / CNBC  
Cloudflare Issues Pre-IPO Filing Showing Revenue Jump of 48%, Loss Increase of 13% in First Half of 2019, Notes That Offensive Customers Such as 8chan Could Have Negative Consequences

Cybersecurity and content distribution network company Cloudflare issued its pre-initial public offering S-1 filing showing a $36.8 million net loss on $129.2 million in revenue for the first half of 2019, with revenues up 48%  and loss up 13% year-over-year. The company had 74,873 paying customers at the end of the first half of 2019, with 408 of them contributing more than $100,000 in annualized billings. In the filing, the company noted the recent controversies of its hosting of notorious 8chan, which it stopped providing services for in the wake of the massacre by a white nationalist gunman in El Paso, as well as its hosting of neo-Nazi website Daily Stormer, which it dropped in 2017. “Activities of our paying and free customers or the content of their websites or other Internet properties, as well as our response to those activities, could cause us to experience significant adverse political, business, and reputational consequences with customers, employees, suppliers, government entities, and others,” the company said in the filing.

Related: Financial Times, Tech Insider, TechCrunch, The Verge, Forbes, Marketwatch, Cyberscoop, Financial Times, Barron’s, Bloomberg, SEC.gov


August 8, 2019
Hannah Murphy / Financial Times

Hannah Murphy / Financial Times  
Facebook Hasn’t Addressed a Known Critical Security Flaw in WhatsApp That Allows Hackers to Manipulate Messages and Check Point Releases Tool to Prove It

Facebook-owned messaging app WhatsApp has a critical security flaw that allows hackers to manipulate messages and Facebook has failed to address the flaw a year after it was notified of the problem by security researchers at Check Point. Speaking at Black Hat, Oded Vanunu, head of product vulnerability research at the security company, said Facebook blamed WhatsApp’s flaws on “limitations that can’t be solved due to their structure and architecture.” Check Point has now launched a tool that would allow users to carry out the manipulations, in order to raise greater awareness of the issue.

Related: Firstpost, The Sun, Techradar, Silicon Republic, fossBytes, Dark Reading, Channel News Asia, Digital Journal, iPhone Hacks, xda-developers, Trusted Reviews, NewsBytes App, HotHardware.com, Silicon, Cyber Kendra, MSPoweruser, The Next Web, Fast Company, Forbes, Financial Times, Check Point

Firstpost: WhatsApp is reportedly vulnerable to a flaw that could allow hackers to edit messages
The Sun: WhatsApp bug lets people edit YOUR texts as experts warn ‘bin the app now’
Techradar: WhatsApp security flaw could let hackers alter your chats
Silicon Republic: Cyberattackers can change and manipulate your WhatsApp messages
fossBytes: Hackers Can Manipulate Your WhatsApp Messages With This Security Flaw
Dark Reading: WhatsApp Messages Can Be Intercepted, Manipulated
Channel News Asia: WhatsApp flaw allows hackers to manipulate messages: Cybersecurity firm
Digital Journal: New tool exploits WhatsApp and ‘puts words in your mouth’
iPhone Hacks: WhatsApp’s Security Flaw Will Allow Threat Actors to Impersonate You and Send Messages
xda-developers: WhatsApp is developing an Instagram-like Boomerang feature for looped videosTrusted Reviews: WhatsApp brings Instagram edits to messaging with new Boomerang feature
NewsBytes App: How to trace fake WhatsApp forwards? IIT-M Professor explains
HotHardware.com: WhatsApp Is Vulnerable To Hack That Could Allow Attackers To Put Words In Your Mouth
Cyber Kendra: Researcher Hack WhatsApp to Change Your Message
MSPoweruser: Beware! WhatsApp security flaws may allow hackers to fake messages from you
The Next Web: WhatsApp’s chat manipulation exploit remains unresolved even after a year (Updated)
Fast Company: Report: WhatsApp security flaws let people put words in your mouth
Forbes: WhatsApp Hack Attack Can Change Your Messages
Check Point: Black Hat 2019 – WhatsApp Protocol Decryption for Chat Manipulation and More


September 20, 2019
Jennifer Valentino-DeVries / New York Times

Jennifer Valentino-DeVries / New York Times  
FBI Has Used National Security Letters to Obtain Individuals’ Personal Data, Including IP Addresses, Locations, and Purchases, From Scores of Companies Including Credit Rating Agencies, Banks, Universities

The F.B.I. has used secret subpoenas called national security letters (NSLs) to obtain personal data from far more companies beyond the usual tech providers than previously disclosed, according to newly released documents obtained by the Electronic Frontier Foundation through a Freedom of Information Act request. These subpoenas, only a small fraction of those that have been issued by the FBI, encompass more than 120 companies and other entities including banks, credit agencies, cellphone carriers, and even universities. Usually protected by a gag order, the national security letters yield a wealth of data on individuals including usernames, locations, IP addresses and records of purchases. Equifax, Experian and TransUnion received a large number of the letters in the filing but so did financial institutions like Bank of America, Western Union and even the Federal Reserve Bank of New York. A number of smaller requests went out to Kansas State University and the University of Alabama at Birmingham, probably because of their role in providing internet service. Other companies included AT&T and Verizon, as well as tech giants like Google and Facebook, which have in the past publicly acknowledged receiving the NSLs.