⚡ Webinar ▶ Level-Up SaaS Security: A Comprehensive Guide to ITDR and SSPM Save Your Seat
#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
CrowdSec

data privacy | Breaking Cybersecurity News | The Hacker News

E.U. Regulators Hit Meta with Record $1.3 Billion Fine for Data Transfer Violations

E.U. Regulators Hit Meta with Record $1.3 Billion Fine for Data Transfer Violations

May 22, 2023 Data Protection / Privacy
Facebook's parent company Meta has been fined a record $1.3 billion by European Union data protection regulators for transferring the personal data of users in the region to the U.S. In a binding decision taken by the European Data Protection Board (EDPB), the social media giant has been ordered to bring its data transfers into compliance with the GDPR and delete unlawfully stored and processed data within six months. Additionally, Meta has been given five months to suspend any future transfer of Facebook users' data to the U.S. Instagram and WhatsApp, which are also owned by the company, are not subject to the order. "The EDPB found that Meta IE's infringement is very serious since it concerns transfers that are systematic, repetitive, and continuous," Andrea Jelinek, EDPB Chair,  said  in a statement. "Facebook has millions of users in Europe, so the volume of personal data transferred is massive. The unprecedented fine is a strong signal to organizati
Italian Watchdog Bans OpenAI's ChatGPT Over Data Protection Concerns

Italian Watchdog Bans OpenAI's ChatGPT Over Data Protection Concerns

Apr 03, 2023 Artificial Intelligence / Data Safety
The Italian data protection watchdog, Garante per la Protezione dei Dati Personali (aka Garante), has imposed a temporary ban of OpenAI's ChatGPT service in the country, citing data protection concerns. To that end, it has ordered the company to stop processing users' data with immediate effect, stating it intends to investigate the company over whether it's unlawfully processing such data in violation of the E.U. General Data Protection Regulation ( GDPR ) laws. "No information is provided to users and data subjects whose data are collected by Open AI," the Garante  noted . "More importantly, there appears to be no legal basis underpinning the massive collection and processing of personal data in order to 'train' the algorithms on which the platform relies." ChatGPT, which is estimated to have reached over 100 million monthly active users since its release late last year,  has not   disclosed   what it used  to train its latest large languag
cyber security

external linkThe Latest SaaS Security Information Resource

websiteSaaS Security on TapSaaS Security
Discover SaaS Security on Tap, a video series bringing you all the ins and outs of securing your SaaS stack. Watch now.
Italy's Antitrust Regulator Fines Google and Apple for "Aggressive" Data Practices

Italy's Antitrust Regulator Fines Google and Apple for "Aggressive" Data Practices

Nov 27, 2021
Italy's antitrust regulator has fined both Apple and Google €10 million each for what it calls are "aggressive" data practices and for not providing consumers with clear information on commercial uses of their personal data during the account creation phase. The Autorità Garante della Concorrenza e del Mercato (AGCM)  said  "Google and Apple did not provide clear and immediate information on the acquisition and use of user data for commercial purposes," adding the tech companies chose to emphasize the data collection as only necessary to improve their own services and personalize user experience without offering any indication that the data could be transferred and used for other reasons. The concerns have to do with how the companies omit relevant information when creating an account and using their services, details which the authority said are critical to making an informed decision as to whether or not to give permission for utilizing their data for comme
Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud

Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud

Aug 25, 2020
A popular iOS software development kit (SDK) used by over 1,200 apps—with a total of more than a billion mobile users—is said to contain malicious code with the goal of perpetrating mobile ad-click fraud and capturing sensitive information. According to a report published by cybersecurity firm Snyk , Mintegral — a mobile programmatic advertising platform owned by Chinese mobile ad tech company Mobvista — includes an SDK component that allows it to collect URLs, device identifiers, IP Address, operating system version, and other user sensitive data from compromised apps to a remote logging server. The malicious iOS SDK has been named "SourMint" by Snyk researchers. "The malicious code can spy on user activity by logging URL-based requests made through the app," Snyk's Alyssa Miller said in a Monday analysis. "This activity is logged to a third-party server and could potentially include personally identifiable information (PII) and other sensitive in
How to Clear Data Facebook Collects About You from Other Sites and Apps

How to Clear Data Facebook Collects About You from Other Sites and Apps

Jan 29, 2020
Facebook is one of the world's biggest advertising platforms, and that's because it knows a lot about you, me, and everyone. Facebook uses many tools to track people across the Internet, whether they have an account with the social networking site or not, and most of them rely on the online activity data other apps and websites share with Facebook. Everything we do online generates an extensive amount of behavioral data, from buying clothes to looking for hotels, which apps and websites often share with advertising companies, allowing them to build more accurate profiles of your interests and needs. However, after facing worldwide criticism over privacy and data breach controversies, Facebook last summer announced a privacy tool, called Off-Facebook Activity , which gives users more control of their data collected by Facebook. Starting today on Data Privacy Day 2020 , the Off-Facebook Activity feature is now available to every user around the world, which was initiall
Researchers Demonstrate How to Hack Any TikTok Account by Sending SMS

Researchers Demonstrate How to Hack Any TikTok Account by Sending SMS

Jan 08, 2020
TikTok , the 3rd most downloaded app in 2019, is under intense scrutiny over users' privacy, censoring politically controversial content and on national-security grounds—but it's not over yet, as the security of billions of TikTok users would be now under question. The famous Chinese viral video-sharing app contained potentially dangerous vulnerabilities that could have allowed remote attackers to hijack any user account just by knowing the mobile number of targeted victims. In a report privately shared with The Hacker News, cybersecurity researchers at Check Point revealed that chaining multiple vulnerabilities allowed them to remotely execute malicious code and perform unwanted actions on behalf of the victims without their consent. The reported vulnerabilities include low severity issues like SMS link spoofing, open redirection, and cross-site scripting (XSS) that when combined could allow a remote attacker to perform high impact attacks, including: delete any videos
Popular Period Tracking Apps Share Your Sexual Health Data With Facebook

Popular Period Tracking Apps Share Your Sexual Health Data With Facebook

Sep 12, 2019
Hello Ladies, let's talk about periods, privacy, and Facebook. Are you using an app on your smartphone to keep tracks on your periods? Well, it's worrying, because it might be sharing your extremely sensitive information like menstrual cycle and sexual activities with Facebook. A new investigative report from UK-based advocacy group Privacy International revealed how some most popular period tracker apps used by millions of women share their most private health information—including monthly period cycles, contraception use, sexual life, symptoms, like swelling and cramps, and more—directly with Facebook. These period-tracking apps, listed below, transfer your data to Facebook the moment you open them, regardless of the fact that you have a Facebook account or not, and whether you are logged into the social network platform or not. Period-tracking apps are used by women to keep tracks on their monthly period cycles, but mostly they are being used by those who want t
Facebook to Pay $5 Billion Fine to Settle FTC Privacy Investigation

Facebook to Pay $5 Billion Fine to Settle FTC Privacy Investigation

Jul 13, 2019
After months of negotiations, the United States Federal Trade Commission (FTC) has approved a record $5 billion settlement with Facebook over its privacy investigation into the Cambridge Analytica scandal . The settlement will put an end to a wide-ranging probe that began more than a year ago and centers around the violation of a 2011 agreement Facebook made with the FTC that required Facebook to gain explicit consent from users to share their personal data. The FTC launched an investigation into the social media giant last year after it was revealed that the company allowed Cambridge Analytica access to the personal data of around  87 million Facebook users without their explicit consent. Now, according to a new report published by the Wall Street Journal, the FTC commissioners this week finally voted to approve a $5 billion settlement, with three Republicans voting to approve the deal and two Democrats against it. Facebook anticipated the fine to between $3 billion and
New York, Canada, Ireland Launch New Investigations Into Facebook Privacy Breaches

New York, Canada, Ireland Launch New Investigations Into Facebook Privacy Breaches

Apr 27, 2019
Facebook has a lot of problems, then there are a lot of problems for Facebook—and both are not going to end anytime sooner. Though Facebook has already set aside $5 billion from its revenue to cover a possible fine the company is expecting as a result of an FTC investigation over privacy violations, it seems to be just first installment of what Facebook has to pay for continuously ignoring users' privacy. This week, Facebook has been hit with three new separate investigations from various governmental authorities—both in the United States and abroad—over the company's mishandling of its users' data . New York Attorney General to Investigate Facebook Email Collection Scandal New York Attorney General is opening an investigation into Facebook's unauthorized collection of the email contacts of more than 1.5 million users during site registration without their permission. Earlier this month, Facebook was caught practicing the worst ever user-verification mechanism
Russia Fines Facebook $47 Over Citizens' Data Privacy Dispute

Russia Fines Facebook $47 Over Citizens' Data Privacy Dispute

Apr 12, 2019
Yes, you read that right! Russia has fined Facebook with 3,000 rubles, roughly $47, for not complying with the country's controversial Data Localization law. It's bizarre and unbelievable, but true. In December last year, Russian Internet watchdog Roskomnadzor sent notifications to Twitter and Facebook asking them to provide information about the location of servers that store the personal data of its citizens. Roskomnadzor – also known as the Federal Service for Supervision in the Sphere of Telecom, Information Technologies, and Mass Communications – is Russian telecommunications watchdog that runs a huge blacklist of websites banned in Russia. Though the social media platforms had one month to reply, they choose not to disclose this information, as a result of which Moscow's Tagansky District Court imposed 3,000 rubles fine on Twitter last week and the same on Facebook today. The fine is the minimum that Russian courts can impose on companies for violatin
Apple Transfers Chinese Users' iCloud Data to State-Controlled Data Centers

Apple Transfers Chinese Users' iCloud Data to State-Controlled Data Centers

Jul 18, 2018
There's terrible news for Apple users in China. Apple's Chinese data center partner has transferred iCloud data, belonging to 130 million China-based users, to a cloud storage service managed by a state-owned mobile telecom provider—raising concerns about privacy. Back in February this year, Apple moved the encryption keys and data of its Chinese iCloud users from its US servers to local servers on Chinese soil to comply with the new regulation of the Chinese government , despite concerns from human rights activists. For this Apple controversially signed a deal with Guizhou-Cloud Big Data (GCBD), a Chinese company who gained operation control over Apple's iCloud business in China earlier this year. Now, that sensitive data, which includes users' emails, text messages, pictures, and the encryption keys that protect it, has been passed on to Tianyi cloud storage service, a business venture managed by government-owned mobile operator China Telecom. In case you ar
Facebook Accused of Giving Over 60 Device-Makers Deep Access to User Data

Facebook Accused of Giving Over 60 Device-Makers Deep Access to User Data

Jun 04, 2018
After being embroiled into controversies over its data sharing practices , it turns out that Facebook had granted inappropriate access to its users' data to more than 60 device makers, including Amazon, Apple, Microsoft, Blackberry, and Samsung. According to a lengthy report published by The New York Times, the social network giant struck data-sharing partnerships with at least 60 device manufacture companies so that they could offer Facebook messaging functions, "Like" buttons, address books, and other features without requiring their users to install a separate app. The agreements were reportedly made over the last 10 years, starting before Facebook apps were widely available on smartphones. Most notably, the publication suggests that the partnerships could be in breach of a 2011 consent decree by the Federal Trade Commission (FTC), which barred Facebook from granting other companies access to data of users' Facebook friends without their explicit consent
Apple Allows Uber to Use a Powerful Feature that Lets it Record iPhone Screen

Apple Allows Uber to Use a Powerful Feature that Lets it Record iPhone Screen

Oct 06, 2017
If you are an iPhone user and use Uber app, you would be surprised to know that widely popular ride-hailing app can record your screen secretly. Security researcher Will Strafach recently revealed that Apple selectively grants (what's known as an " entitlement ") Uber a powerful ability to use the newly introduced screen-recording API with intent to improve the performance of the Uber app on Apple Watch. The screen-recording API allows the Uber app to record user's screen information even when the app is closed, giving Uber access to all the personal information passing through an iPhone screen. What's more?  The company's access to such permission could make this data vulnerable to hackers if they, somehow, able to hijack Uber's software. "It looks like no other third-party developer has been able to get Apple to grant them a private sensitive entitlement of this nature," Strafach told Gizmodo , who first reported about the issue. &q
Windows 10 to Give More Control Over App-level Permissions

Windows 10 to Give More Control Over App-level Permissions

Sep 14, 2017
Microsoft has been gradually changing its privacy settings in Windows 10 with the Fall Creators Update to give its users more controls over their data. In April, Microsoft addressed some initial privacy concerns in the Windows 10 Creators Update with simplified data collection levels—Security, Basic, Enhanced, and Full—and eventually revealed its data collection practices . Now, the software giant is making another privacy-related change with the upcoming Windows 10 Fall Creators Update, which is due for release in October 2017, giving you much more control over what apps can do with your device. Just like apps on your smartphone's app store, apps on Windows Store also require permission to access your computer's critical functionalities like camera, microphone, calendar, contacts, and music, pictures and video libraries. While Android and iOS allow you to limit an app's permissions to access these sensitive things, these permissions have currently been provided
Facebook slapped with $1.43 million fine for violating users' privacy in Spain

Facebook slapped with $1.43 million fine for violating users' privacy in Spain

Sep 11, 2017
Facebook is once again in trouble regarding its users' privacy. The social media giant has recently been heavily fined once again for a series of privacy violations in Spain. Recently, Google also incurred a record-breaking fine of $2.7 billion (€2.42 billion) by the European antitrust officials for unfairly manipulating search results since at least 2008. Now, the Spanish Data Protection Agency (AEPD) has issued a €1.2 Million (nearly $1.4 Million) fine against Facebook for breaching laws designed to protect its people's information and confidentiality. According to the data protection watchdog, the social network collects its users' personal data without their 'unequivocal consent' and makes the profit by sharing the data with advertisers and marketers. The AEPD also found Facebook collects sensitive data on user's ideology, religious beliefs, sex and personal tastes and navigation—either directly from its own services or through third parties—w
Russia Threatens to Ban Telegram Messaging App, Says It Was Used By Terrorists

Russia Threatens to Ban Telegram Messaging App, Says It Was Used By Terrorists

Jun 26, 2017
Russia has threatened to ban Telegram end-to-end encrypted messaging app, after Pavel Durov, its founder, refused to sign up to the country's new data protection laws. Russian intelligence service, the FSB, said on Monday that the terrorists that killed 15 people in Saint Petersburg in April had used the Telegram encrypted messaging service to plot their attacks. According to the new Russian Data Protection Laws, as of January 1, all foreign tech companies have been required to store the past six months' of the personal data of its citizens and encryption keys within the country; which the company has to share with the authorities on demand. "There is one demand, and it is simple: to fill in a form with information on the company that controls Telegram," Alexander Zharov said, head of communications regulator Roskomnadzor (state communications watchdog). "And to officially send it to Roskomnadzor to include this data in the registry of organizers of d
European Parliament Proposes Ban On Encryption Backdoors

European Parliament Proposes Ban On Encryption Backdoors

Jun 19, 2017
Prime Minister Theresa May wants tech companies, like Facebook, Apple, and Google, to create controversial 'backdoors' for police, but even somewhere she knows that it's not that easy as it sounds. The Civil Liberties, Justice and Home Affairs Committee of the European Parliament has released a draft proposal [ PDF ] for new laws on privacy and electronic communications, recommending end-to-end (E2E) encryption on all communications and forbidding backdoors that offer access to law enforcement. "The protection of confidentiality of communications is also an essential condition for the respect of other related fundamental rights and freedoms, such as the protection of freedom of thought, conscience and religion, and freedom of expression and information," the draft reads. Draft Says, Your Security is Our Top Priority According to the draft, EU citizens need more protection, not less and they need to know that the "confidentiality and safety" of their
Cybersecurity Resources