Blogs

Warner Music Group Hacked Personal Data Leaked

By Dave McKay in cybersecurity

September 6, 2020

Warner Music Group (WMG) has suffered a data breach that has compromised the personal and financial information of thousands of its customers. Its e-commerce sites have been attacked and breached by a group of alleged Magecart operators. Magecart attacks are based on injecting malicious scripts into JavaScript-based websites in order to “skim” sensitive information such as financial and payment details. WMG has c. 4,000 employees and operates in 70 countries, so the number of affected data subjects could run into the millions.

Continue reading

Age Appropriate Design for Online Services

By Dave McKay in privacy

August 30, 2020

New Code of Practice for Online Services The Age Appropriate Design Code drawn up by the Information Commissioner’s Office (ICO) will come into force in the UK on 2nd September 2020. The much-anticipated has a 12-month transition period. The code is based on 15 flexible standards to ensure a high level of privacy settings by default. They affect website designers and mobile application developers. “We want coders, UX designers and system engineers to engage with these standards in their day-to-day work and we’re setting up a package of support to help,” said the ICO.

Continue reading

Oracle and Salesforce Face £900 million Class Action

By Dave McKay in privacy

August 22, 2020

PECR and GDPR Gotchas Catch Oracle and Salesforce The Privacy and Electronic Communications Regulations govern electronic marketing in the UK. They were not changed when the General Data Protection Regulations came into force, but they were affected by them. That’s because when the PECR talks about consent, it says that the consent required must be that of the current data protection regulations. And, of course, the acceptable means of securing and recording consent changed when the GDPR superseded the 1998 Data Protection Act.

Continue reading

Intel Data Breach and Poor Passwords

By Dave McKay in privacy

August 8, 2020

Intel Data Protected By Worthless Passwords Intel: “We believe an individual with access downloaded and shared this data” McKay Consulting: No shock, Sherlock. Intel has suffered a data breach of sensitive and company-confidential information related to its as yet unlreased Tiger Lake platform. This is design level data including source code, development and debugging tools, schematics, roadmaps and other similar information. A misconfigured Akamai content delivery network (CDN) server seems to have been the entry point for the hackers.

Continue reading

US Bans Tiktok and Wechat

By Dave McKay in privacy

August 7, 2020

US Bans TikTok and WeChat Mobile Apps It has long been known that free mobile apps make their money by selling your data to advertisers. That’s what funds most of the mobile apps in existence and, for that matter, many of the websites around the world. That’s the economics of the digital world. What is more sinister is the collection of data for surveillance, or the censoring of messages that pass through those apps.

Continue reading

Three Arrests Made Following Twitter Hack

By Dave McKay in cybercrime

August 1, 2020

It Was Those Pesky Kids Mason Sheppard, 19, of Bognor Regis has had felony charges filed against him, for his participation in the recent Twitter hack. Nima Fazeli, 22, from Florida and an unnamed juvenile (suspected to be 17-year-old teen Graham Clark of Tampa) were also charged this week with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer. In its statement, Twitter also revealed that some of its employees were targeted using a spear-phishing attack via phone calls, which mislead “certain employees and exploited human vulnerabilities to gain access to our internal systems.

Continue reading

Twitter Hack Was the Result of Social Engineering

By Dave McKay in cybersecurity

July 31, 2020

Social Engineering Attack Vector Twitter have declared that the route taken by the threat actors who pulled off this month’s Twitter hack and Bitcoin scam was social engineering. They made convincing but bogus phone calls to Twitter employees and managed to convince them to reveal their credentials. According to Twitter, the social engineering attack gave the threat actors the credentials of a limited set of employees, making it possible for the bad guys to access Twitter’s internal network and support tools.

Continue reading

ICO Exam Exceptions for Data Access Requests

By Dave McKay in compliance

July 30, 2020

ICO Exemptions on Exam Scripts Because of the Covid-19 pandemic, most school and university exams have been abandoned. Teachers and lecturers will be conducting and submitting pupil assessments. These will form the basis of grades. We’re getting a lot of questions regarding the rights of the pupils and students, under the General Data Protection Regulations (GDPR). What people want to know is, can you use the GDPR to find out what has been submitted by the institution about a student or pupil?

Continue reading

386 Million User Records Offered for Free

By Dave McKay in cybersecurity

July 29, 2020

Personal Data from 18 Data Breaches Offered to Hackers - At no cost! A threat actor has offered the databases from 18 breaches to other hackers without cost. The figures are mind-boggling—386 million personal records. Usually the data is sold to other cybercriminals. They buy it to perpetrate identity and fraud based crimes, and to use it in phishing campaigns and other email-based scams. The databases came from breaches at these companies:

Continue reading

Substack Privacy Policy Update Email Blunder

By Dave McKay in privacy

July 29, 2020

A Simple Human Error Exposes Email Addresses Substack, a subscription newsletter service sent an email to its users telling of them of a change of terms, and an updated privacy policy. Which is fine, that’s required practice. But they pasted about 500 emails into the cc field, instead of the bcc field. That meant that everyone on the email saw all of the other recipients’ email addresses. In an email about a privacy policy - whoops.

Continue reading

Categories

Tags