Search Results for “Washington Post”

March 11, 2020
Drew Harwell / Washington Post

Drew Harwell / Washington Post  
Whisper Left Years of Intimate Data Exposed on the Web, User Data Tied to Age, Location, Other Details

Whisper, the secret-sharing app that called itself the “safest place on the Internet,” left years of users’ most intimate confessions exposed on the Web tied to their age, location and other details, cybersecurity consultants Matthew Porter and Dan Ehrlich, who lead the advisory group Twelve Security discovered. Porter and Ehrlich said they were able to access nearly 900 million user records from the app’s release in 2012 to the present day. After the Washington Post contacted the company on Monday, access to the data was removed.

Related: Engadget, Gadgets.NDTV, The Mac Observer, ZDNet Security, Infosecurity Magazine, Graham Cluley, The Register – Security, Newsweek, Android Central , HOTforSecurity

April 22, 2020
Rachel Siegel / Washington Post

Rachel Siegel / Washington Post  
Personal Information of Nearly 8,000 SBA Emergency Loan Program Applicants Potentially Exposed to Other Applicants

The personal information of nearly 8,000 applicants to the Economic Injury Disaster Loan program (EIDL) run by the Small Business Administration (SBA) was potentially exposed to other applicants, marking the latest glitch in the rollout of government programs designed to help companies crippled by the coronavirus pandemic. The SBA said that it “immediately disabled the impacted portion of the website, addressed the issue, and relaunched the application portal.” According to a letter sent by the SBA, there were no signs that the information had been misused.

Related: The Seattle Times, Law & Disorder – Ars Technica, CRN, INC, SC Magazine, Washington Examiner, The Hill: Cybersecurity, Fortune, Politico, SC Magazine, CNBC,,, Dark Reading: Attacks/Breaches,,, SecurityWeek, Threatpost


The Seattle Times: SBA reports data breach in disaster loan application website
Law & Disorder – Ars Technica: SBA says data breach may have affected almost 8,000 loan applicants
CRN: SBA Leak Exposes Personal Data Of Nearly 8,000 Businesses
INC : SBA Disaster Loan Application Glitch Exposed 8,000 Businesses
SC Magazine: SBA emergency loan applicants’ data likely exposed
Washington Examiner: Personal data of almost 8000 small businesses may have been exposed, SBA says
The Hill: Cybersecurity: 8,000 small businesses notified that they may have had information exposed on SBA’s portal
Fortune: SBA website leaks personal data of 8,000 small-business loan applicants
Politico: SBA data breach compromises business owners’ data
SC Magazine: SBA emergency loan applicants’ data likely exposed | SC Media
CNBC: Personal data of nearly 8,000 small business owners seeking relief loans may have been exposed to other applicants SBA May Have Exposed Data Of 8,000 SMBs Seeking Relief Loans
Dark Reading: Attacks/Breaches: SBA Security Incident May Affect Nearly 8,000 Businesses SBA: Data breach may have exposed info on nearly 8,000 loan applicants SBA May Have Exposed Data on 8,000 Loan Applicants
SecurityWeek: SBA Reports Data Breach in Disaster Loan Application Website
Threatpost: Small Businesses Tapping COVID-19 Loans Hit with Data Exposure

@arielmtspeaks: Almost 8,000 could be affected by federal emergency loan data breach: Data was exposed by using the back button. Click back, get someone else's data. *headdesk* How do you accidentally turn a UNIVERSAL BROWSER FEATURE into a DATA BREACH VECTOR!?

May 19, 2020
Joby Warrick and Ellen Nakashima / Washington Post

Joby Warrick and Ellen Nakashima / Washington Post  
Israel Retaliated Against Iran’s Attempted Attack on Its Water Supply by Crippling Computers at Iran’s Shahid Rajaee Port, Sources

More than a week after computers that regulate the flow of vessels, trucks, and goods all crashed at Iran’s Shahid Rajaee port terminal due to a cyberattack, U.S. and foreign government officials say the attack appears to have originated with Iran’s archenemy, Israel. The attack was carried out by Israeli operatives, presumably in retaliation for an earlier attempt to penetrate computers that operate rural water distribution systems in Israel, according to intelligence and cybersecurity officials familiar with the matter.

Related: Cybersecurity Insiders,, Arutz Sheva News, Gadgets Now, Reuters: World News, The Times of Israel, Stars and Stripes,, Al Jazeera, Ynet News, Fars News Agency, Jerusalem Post, Jerusalem Post, Security Affairs, Al-Monitor: The Pulse of the Middle East, NYT > World, Haaretz, The Times of Israel,, The Times of Israel

Cybersecurity Insiders: Israel Cyber Attack on Iran Port and Texas Transport Ransomware Attack Report: Israel behind ‘highly accurate’ cyberattack on Iranian port
Arutz Sheva News: ‘Iran crossed a red line – Israel had to respond’
Gadgets Now: Israel linked to cyberattack on Iranian port: Report
Reuters: World News: Israel linked to cyberattack on Iranian port: Washington Post
The Times of Israel: Israel behind cyberattack that caused ‘total disarray’ at Iran port – report
Stars and Stripes: Officials: Israel linked to a disruptive cyberattack on Iranian port facility Israel was behind cyberattack on Iranian port, report says
Al Jazeera: Israel cyberattack caused ‘total disarray’ at Iran port: Report
Ynet News : As Iran port hacked, IDF chief says Israel using ‘range of tools’
Fars News Agency: Official Underlines Failure of Israel’s Cyberattack against Iranian Port’s Installations
Jerusalem Post: Cyber warfare, Israel, Iran and the new way of total war
Jerusalem Post: Israel strikes back at Iran – the constant cyber warfare paradigm
Security Affairs: Israel is suspected to be behind the cyberattack on Iranian port
Al-Monitor: The Pulse of the Middle East: Israel, Iran trade cyber jabs
NYT > World: Israel Hack of Iran Port Is Latest Salvo in Exchange of Cyberattacks
Haaretz : With Cyberattack on Iranian Port, Tehran Gets a Warning: Civilian Installations Are a Red Line
The Times of Israel: Israel braces for Iranian cyberattack after reportedly targeting strategic port Cyber-Attack on Iran Port Showed Only Fraction of Israel’s Capabilities, Expert Says
The Times of Israel: By design, cyberattack on Iran port caused only minor damage – report

May 14, 2020
Ellen Nakashima / Washington Post

Ellen Nakashima / Washington Post  
Senate Passes Freedom Act Renewal After Amendment Mandating Warrants For Browser and Search Data Fails

The Senate adopted a package of surveillance reforms its backers say will help rein in abuses by voting 80 to 16 in favor of a bill that renews the USA Freedom Act. The law, which facilitates the FBI’s use of several surveillance tools, expired in March. Many public interest and privacy advocates had hoped the bill would contain deep reforms to protect civil liberties. Among the promising privacy amendments which did not ultimate survive was one that reined in abuses under the Foreign Intelligence Surveillance Act (FISA) by banning access to browsing histories and search activity without a warrant. A less privacy-friendly version of the legislation now heads to the House for final passage. The Senate bill did, however, strengthen third-party oversight of the process used to obtain court approval for wiretaps and searches in espionage and counterterrorism investigations under FISA.

Related: The Huffington Post, Privacy Online News, Mashable, Tech Insider, Vox, Roll Call,TechCrunch, Techdirt, POLITICO, VICE News, RT USA, The Hill: Cybersecurity, Slashdot, CNET, The Huffington Post, Tech Xplore, 9to5Mac, ExtremeTech, Roll Call, ET news, Input, ABC News: U.S., POLITICO, The Verge

Tweets:@TheHat2 @demandprogress @dellcam @alfredwkng @martinmatishak @lhautala

The Huffington Post: Senate Rejects Bid To Prevent Warrantless Government Surveillance Of Internet Use
Privacy Online News: Congress plans to expand Patriot Act with DOJ access to your web browsing and search activity without a warrant
Mashable: Senate votes down ban on spying on internet history without a warrant
Tech Insider: Mitch McConnell is pushing the Senate to pass a law that would let the FBI collect Americans’ web-browsing history without a warrant
Vox: The Senate just voted to let the government keep surveilling your online life without a warrant
Roll Call: Senate may have the votes to limit surveillance of browser history
TechCrunch: Senate narrowly rejects plan to require a warrant for Americans’ browsing data
Techdirt: One Vote Short: FISA Amendment Requiring Warrants For Browser & Search Data Fails
POLITICO: Senate defeats amendment to shield browsing histories in FISA searches
VICE News: Senate Votes to Allow FBI to Look at Your Web Browsing History Without a Warrant
RT USA: Senate votes down anti-surveillance amendment, as both parties back warrantless spying on Americans’ browser history
The Hill: Cybersecurity: In win for privacy hawks, Senate adds more legal protections to FISA bill
Slashdot : Senate Defeats Amendment To Shield Browsing Histories in FISA Searches
CNET: Senate rejects tougher standards for collection of search and browsing data
The Huffington Post: Senate Rejects Bid To Prevent Warrantless Government Surveillance Of Internet Use
Tech Xplore – electronic gadgets, technology advances and research news: Senate may have the votes to limit surveillance of browser history
9to5Mac : Senate votes to allow FBI to access your browsing history without a warrant
ExtremeTech: US Senate Falls One Vote Short of Protecting Your Online Privacy
Roll Call: Senate passes amended FISA surveillance overhaul
ET news: US Senate votes against ban on unwarranted internet surveillance
Input: The U.S. government can legally spy on your web activity
ABC News: U.S.: Senate to consider renewal of surveillance laws
POLITICO: Senate passes FISA renewal bill, sends it back to the House
The Verge: Senate passes surveillance bill without ban on web history snooping

@TheHat2: Warrantless surveillance on its own should fuck right off.
@demandprogress: 'Here's who just voted to let the FBI seize your online search history without a warrant' — great reporting from @dellcam #PATRIOTAct #FISA
@dellcam: Wow, the Leahy-Lee amendment did pass. Have not read it entirely, but it says the FISA Court "shall" appoint someone w/ privacy/civil liberties expertise in cases w/ "significant concerns" re: 1st Amendment activities & expands requirements 4 disclosure of exculpatory material
@alfredwkng: The Wyden amendment to FISA requiring the FBI to get a warrant to get web browsing data falls short by 1 vote: 59-37
@martinmatishak: Where things stand on the Senate floor re: #fisa. The current tally on the @SenMikeLee @SenatorLeahy amendment is 75-19 in favor. We're awaiting @SenJohnHoeven & @SenCoryGardner , who is at the White House.
@lhautala: Senate rejects tougher standards for collection of search and browsing data

May 23, 2020
Geoffrey Fowler / Washington Post

Geoffrey Fowler / Washington Post  
Coronavirus Tracing App Developed for North and South Dakota Sends Location Data to Third Parties

Care 19, a coronavirus tracing app developed for both North and South Dakota, which launched in April sends location data to Foursquare, along with something called an Advertising Identifier (commonly referred to as an IDFA), to third parties including Google and data intelligence company Foursquare privacy research firm Jumbo discovered. Foursquare said the Care 19 app data is promptly deleted. The app is also sending data to a company called Bugfender, which said the data doesn’t correlate any information to the user. The developer of the app, a company called ProudCrowd, admitted it provides the users’ data to third parties but said it does not do so for commercial purposes.

Related: Security News | Tech Times, The Independent, Tech Insider, The Mac Observer, The Register – Security, Digital Journal, Lifehacker, Futurism, MacDailyNews, Fortune, WebProNews, Input, Slate Articles, Associated Press Technology, iMore, Slashdot, MacDailyNews, Jumbo

Tweets:@ruskin147 @stevebellovin @agidari

Security News | Tech Times: Contact-Tracing App Care19 Caught Sharing Location Data To Foursquare Thus Violating Their Own Privacy Agreement
The Independent: Coronavirus: US contact tracing app shares private data with outside firm
Tech Insider: Researchers found North Dakota’s contact-tracing app covertly sending location and advertising data to third parties
The Mac Observer: The Care19 Contact Tracing App Gives Your Location Data to Foursquare
The Register – Security: UK’s Ministry of Defence: We’ll harvest and anonymise private COVID-19 apps’ tracing data by handing it to ‘behavioural science’ arm
Digital Journal : Q&A: India contact tracing app — 3rd party risk implications
Lifehacker: What Does a Contact Tracer Really Do?
Futurism: Gov Contact-Tracing App Sends User Data to Foursquare, Google
MacDailyNews: North and South Dakota’s COVID-19 contact tracing app sends location data to Google and Foursquare
Fortune: Tech privacy firm warns contact tracing app violates policy
WebProNews: North Dakota’s Contact Tracing App Shares Location Data With Advertisers
Input: Contact-tracing apps aren’t meant to share location data, but Care19’s does
Slate Articles: The Apple-Google Contact Tracing System Won’t Work. It Still Deserves Praise.
Associated Press Technology: Tech privacy firm warns contact tracing app violates policy
iMore: North Dakota’s contact tracing app shares location with Foursquare, Google
Slashdot: North Dakota’s COVID-19 App Has Been Sending Data To Foursquare and Google
MacDailyNews: North and South Dakota’s COVID-19 contact tracing app sends location data to Google and Foursquare
Jumbo: Jumbo Privacy Review: North Dakota’s Contact Tracing App

@ruskin147: if you think there are privacy issues with contact tracing apps prepare to be shocked by this thread on manual contact tracing
@stevebellovin: Important thread on contact tracing
@agidari: 1/ This is a longer tweet on manual contact tracing and your privacy. Many oppose using tech like bluetooth to fight COVID, arguing manual contact tracing works, it is "tried & true" and has none of the privacy concerns that tech raises. But are those claims true?

May 28, 2020
Tony Romm / Washington Post

Tony Romm / Washington Post  
Arizona Sues Google for Allegedly Violating Users’ Privacy by Not Turning Off Location Data Tracking Even When Users Disable It

Arizona Attorney General Mark Brnovich sued Google alleging the tech giant violated its users’ privacy by collecting their location information even if they had turned off such digital tracking. The lawsuit alleges that the Android maker set up its mobile software in a way that enriched its advertising empire and deceived device owners about the protections actually afforded to their data, running afoul of Arizona consumer-protection laws that prohibit companies from misrepresenting their business practices. The Internet giant defended its privacy practices in a statement, stressing the state and its “contingency fee lawyers filing this lawsuit appear to have mischaracterized our services.” The state alleged in its complaint that these Google’s Android devices still recorded and kept location records for certain apps, including mapping and weather, as well as searches, even for users who disabled location tracking. Users instead had to turn off a second, hard-to-find setting if they wanted to prevent the location data from being recorded, according to Arizona’s lawsuit, which criticized Google’s maze of menus as deceptive.

Related: Law360, Security News | Tech Times, The Verge, WebProNews, Boing Boing, Business Insider, RT USA

Tweets:@mrddmia @tonyromm

June 2, 2020
Tony Romm / Washington Post

Tony Romm / Washington Post  
Members of Congress Introduce Bipartisan Bill to Regulate Contact Tracing and Exposure Notification Apps So They Don’t Pose Privacy Violations

Members of Congress introduced yesterday a bipartisan bill, the Exposure Notification Privacy Act, to regulate contact tracing and exposure-notification apps so that they don’t pose privacy violations to users. The draft law requires companies developing contact-tracing applications to do so in collaboration with public-health authorities. The tools must also obtain consent before they can begin tracking a user’s location to determine the spread of the coronavirus. Moreover, under the bill, any data collected as part of coronavirus monitoring technology could not be used for commercial purposes, and users could request at any time to delete it.

Related: Reuters, MacRumors, iMore, iPhone Hacks, EFF, Six Colors, MacDailyNews, Vox, Multichannel, The Register, Tech Insider, Tech Insider, The Register – Security, MacDailyNews, Vox

March 18, 2020
Tony Romm, Elizabeth Dwoskin and Craig Timberg / Washington Post

Tony Romm, Elizabeth Dwoskin and Craig Timberg / Washington Post  
Tech Giants Including Facebook and Google Are Talking With Federal Government About Using Americans’ Location Data Gleaned From Mobile Devices to Combat COVID-19

Raising a host of privacy issues, the U.S. government is in active talks with Facebook, Google, and a wide array of tech companies and health experts about how they can use location data gleaned from Americans’ phones to combat the novel coronavirus. These discussions include the prospect of tracking whether people are keeping one another at safe distances to stem the outbreak. Facebook executives said the U.S. government is particularly interested in understanding patterns of people’s movements, which can be derived through data the company collects from users who allow it. Google confirmed it is talking with the government on its own to tap its trove of location data, particularly any insights it can derive from its popular maps app.

Related: TechSpotiMore, Android Central , The Hill: Cybersecurity, POLITICO, GeekWire, TODAYonline, Fortune, PhoneArena, Vox, Android Authority, CNET

April 30, 2020
Lindsey O'Donnell / Threatpost

Lindsey O'Donnell / Threatpost  
Critical Severity Vulnerability Flaws Found in Three Popular WordPress Plugins Used Widely by Colleges and Universities

Critical-severity flaws in three popular WordPress plugins used widely by colleges and universities, LearnPress, LearnDash, and LifterLMS, could allow students to steal personal information, change their grades, cheat on tests and more, Check Point researchers discovered. The flawed plugins have been installed on more than 130,000 school websites, including ones used by the University of Florida, University of Michigan, and the University of Washington. LearnPress is used on LMS platforms to create courses with quizzes and lessons for students and has an install base of 80,000. LearnDash provides tools for selling online coursework and is used by more than 33,000 websites. And, LifterLMS provides sample course and quizzes and is used by more than 17,000 websites. All vulnerabilities have been reported and patched.

Related: ITProPortal, ZDNet Security, Reddit – cybersecurity, The Hacker News, ITProPortal, Dark Reading: Vulnerabilities / Threats, Jerusalem Post

April 10, 2020
Mark Gurman / Bloomberg

Mark Gurman / Bloomberg  
Apple and Google Form Rare Alliance to Partner on Opt-In COVID-19 Contact Tracing Technology That Will Be Managed by Public Health Authorities

Apple and Google unveiled a rare partnership to add opt-in contact tracing technology to their smartphone platforms that will alert users if they have come into contact with a person with COVID-19, a system has the potential to monitor about a third of the world’s population. The companies said the technology would be deployed in two steps: In mid-May, the companies will add the ability for iPhones and Android phones to wirelessly exchange anonymous information via apps run by public health authorities. The companies will also release frameworks for public health apps to manage functionality. The much longer-term second step entails both companies adding the technology directly into their operating systems so that the contact-tracing software works without having to download an app. The combination of both the massive data caches that both Google and Apple maintain on their users combined with the power of state and local governments has some public interest, privacy and security advocates concerned over privacy and surveillance abuses even if the technology can ultimately save lives.

Related: Financial Times Technology, Daring Fireball, The Apple Post, Android Central, Tom’s Guide, Cult of MacTIME, Fortune, New on MIT Technology Review, iMore, TechCrunch, MacDailyNews, Mercury News, WCCFtech, Pocket-lint, Axios, RT News, SlashGear, iClarified, iPhone Hacks, Tom’s Guide, The Next Web, Gizmodo, Mashable, MacRumors, POLITICO, Tech Insider,  Apple, Google (PDF), Washington Post, The Verge

Tweets:@tim_cook @aslavitt @lukOlejnik @RonDeibert · @ashk4n @natfriedman @kurtopsahl @lukOlejnik @jsnell @fs0c131y @Khanoisseur

Financial Times Technology: Apple and Google join forces to develop contact-tracing apps
Daring Fireball: Draft Technical Documentation for Apple and Google’s Privacy-Preserving Contact Tracing
The Apple Post: Apple and Google partner on new coronavirus contact tracing technology
Android Central : Apple and Google announce partnership to help track COVID-19 infections
Tom’s Guide: Apple and Google teaming up to fight coronavirus with contact tracing
Cult of Mac: Apple and Google team up to build COVID-19 contact tracing apps
TIME: Apple, Google Announce COVID-19 Smartphone Contact Tracing in Rare Partnership
Fortune: Apple, Google bring coronavirus contact-tracing to 3 billion people
New on MIT Technology Review: Apple and Google are building coronavirus tracking into iOS and Android
iMore: Apple and Google announce partnership to help track COVID-19 infections
TechCrunch: Apple and Google are launching a joint COVID-19 tracing tool for iOS and Android
MacDailyNews: Apple and Google team on cross-platform COVID-19 contact tracing tool
Mercury News: Coronavirus: Apple, Google to work on contact tracing tech
WCCFtech: Apple and Google Partner to Launch a Joint COVID-19 Contact Tracing Framework
Pocket-lint: How Apple and Google plan to use your phone to track COVID-19
Axios: Apple, Google team up on coronavirus contact tracing
RT News: Apple and Google debut Bluetooth-based contact-tracing platform to combat Covid-19…and end privacy?
SlashGear: Apple and Google team up to use phones for coronavirus contact-tracing
Axios: Apple, Google team up on coronavirus contact tracing
iClarified: Apple and Google Announce Partnership to Build Contract Tracing Functionality Into iOS and Android
iPhone Hacks: Apple and Google Collaborating on Bringing COVID-19 Contact-Tracing Tech
Tom’s Guide: Apple and Google teaming up to fight coronavirus with contact tracing
The Next Web: Apple and Google team up to build a coronavirus tracking system
Gizmodo: Apple and Google Are Teaming Up to Build Coronavirus-Tracking Tech. Hold Your Applause.
Mashable: Google and Apple team up to support coronavirus contact tracing
MacRumors: Apple and Google Partner on Opt-In COVID-19 Contact Tracing Technology to Be Added to iPhone and Android Smartphones
WCCFtech: Apple and Google Partner to Launch a Joint COVID-19 Contact Tracing Framework
POLITICO: Apple, Google team up on big effort to trace coronavirus cases
Tech Insider: Apple and Google are teaming up to create a way for your smartphone to alert you if you’ve come into contact with someone infected with the coronavirus (AAPL, GOOG, GOOGL)
Apple: Apple and Google partner on COVID-19 contact tracing technology
Google: Contact Tracing (PDF)
Washington Post: Apple, Google debut major effort to help people track if they’ve come in contact with coronavirus
The Verge: Apple and Google are building a coronavirus tracking system into iOS and Android

@tim_cook: Contact tracing can help slow the spread of COVID-19 and can be done without compromising user privacy. We’re working with @sundarpichai & @Google to help health officials harness Bluetooth technology in a way that also respects transparency & consent.
@aslavitt: BREAKING: New infrastructure for contract tracing is coming to our phones using Bluetooth. Strong privacy protections— but I hope EVERYONE opts in for one another. This is time to pull together in new ways. Thank you to @Apple & @Google
@lukOlejnik: Cryptography specification of the Google-Apple contact-tracing API protocol is here ( #COVID?19
@RonDeibert ·: Important observations from @ashk4n on @Apple and @Google plans to roll-out contact tracing apps for #COVID19 . Down pointing backhand index
@ashk4n: BIG MOVE: @Apple and @Google are creating API's to permit health authorities implement 'Contact Tracing' apps that monitor Bluetooth signals and identify whether individuals have been in contact with someone that has been infected by #COVID19 THREAD:
@natfriedman: Huge thanks to Apple and Google for building privacy-preserving contact tracing into iOS and Android. Tech is emerging as a pillar of civilization and a critical reservoir of competence.
@kurtopsahl: Apple and Google announced a joint Bluetooth based proximity API for contract tracing, to be used by approved apps. Later they will be building this functionality into the underlying iOS/Android platforms.
@lukOlejnik: Will integrate this with their operating systems? "in the coming months, Apple and Google will work to enable a broader Bluetooth-based contact tracing platform by building this functionality into the underlying platforms" #COVID?19
@jsnell: Apple has experience with something similar to contact tracing thanks to the new Find My system. Probably gave them a head start. Good to see Apple and Google doing this and emphasizing consent and privacy.
@fs0c131y : Contact tracing apps will not defeat the #Covid19... even with the support of Apple and Google... A contact tracing app is for sure a way to monitor a population, #PrivacyByDesign or not. Don’t give your privacy to your gov or the GAFA against something which is not even working
@Khanoisseur: Apple and Google are partnering on technology for smartphones that will alert users if they’ve come into contact with a person with Covid-19 (but could be useful later for HIV, Ebola and other diseases). People must opt in and “privacy advocates” may fight this.