Privacy

Hackers have obtained customer data from a third-party company used by major Wall Street banks, including JPMorgan Chase and Citi. The disclosure comes just days after a Doordash data breach exposed names, addresses, phone numbers, and more.

SitmusAMC helps banks process mortgage applications and other real estate loans, and says that accounting records and legal agreements have been impacted by the hack …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Plastic webcam covers—especially of the sliding kind—boomed in popularity sometime in the 2010s as a low-tech way to keep hackers from eavesdropping on compromised machines. The concern felt justified at the time. But by 2020, Apple was beginning to issue warnings that those covers aren’t actually needed and can even damage a MacBook’s display.

For this Security Bite, let’s set the tin-foil hats aside and talk about why webcam covers don’t meaningfully improve privacy, can cause features like True Tone to not work properly, and are far more likely to damage your screen than stop someone from spying on you.

A Doordash data breach has exposed the personal data of an unspecified number of customers, including name, phone number, email address, and physical address.

The food delivery company says that it has implemented a number of security measures in response, including reporting the attack to law enforcement …

Update, 7:11 p.m. ET: A Meta representative reached out to 9to5Mac and provided the following statement:

“We are grateful to the University of Vienna researchers for their responsible partnership and diligence under our Bug Bounty program. This collaboration successfully identified a novel enumeration technique that surpassed our intended limits, allowing the researchers to scrape basic publicly available information. We had already been working on industry-leading anti-scraping systems, and this study was instrumental in stress-testing and confirming the immediate efficacy of these new defenses. Importantly, the researchers have securely deleted the data collected as part of the study, and we have found no evidence of malicious actors abusing this vector. As a reminder, user messages remained private and secure thanks to WhatsApp’s default end-to-end encryption, and no non-public data was accessible to the researchers.” 

A massive WhatsApp security flaw exposed the phone number of almost every user on the planet – despite the fact that parent company Meta had been alerted to the vulnerability way back in 2017.

Security researchers were able to use what they described as a “simple” exploit to extract a total of 3.5 billion phone numbers from the messaging service …

Roblox, one of the most popular kids’ apps in the world, is now requiring children as young as nine years old to submit a video selfie for age verification.

While the developer is doing this for good reasons, it adds further weight to the argument that Apple and Google, rather than individual app developers, should be responsible for age verification …

Some 2 billion email addresses and 1.3 billion passwords have been compromised in a series of data breaches highlighted by a cybersecurity company.

Microsoft regional director Troy Hunt, who runs the site Have I Been Pwned, says the stolen data is more extensive than anything the site has ever processed …

Today, Google announced its own version of what Apple is doing with Private Cloud Compute, in what may be a landmark moment for the consumer AI market. Here’s why.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

PSA! Starting today (Nov. 3), Microsoft-owned LinkedIn will expand its use of user profile details, posts, and feed activity — excluding private messages — in the UK, EU, Switzerland, Canada, and Hong Kong to train its artificial intelligence models, as well as support personalized ads across Microsoft products.

The good news here: You can opt out of having your, presumably very humble posts and professional achievements, scraped into LLM-training pens.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Update, November 1, 10:59 a.m. ET: Apple has removed the sketchy ChatGPT clone app mentioned below. I’ve also received unverified claims that many other copycats have been taken down too.

Around this time two years ago, OpenAI’s incredibly popular GPT-4 API was spreading like wildfire all over the App Store. It wasn’t long before AI-powered productivity apps, chatbot companions, nutritional trackers, and basically anything else you could think of dominated the charts, garnering millions of downloads. Fast forward to today, many of those vibe-coded, opportunistic apps have disappeared, partly due to cooling hype but also Apple’s tougher stance against knockoffs and misleading apps.

However, this week, security researcher Alex Kleber noticed that one misleading AI chatbot, impersonating OpenAI’s branding, managed to achieve top marks in the Business category. Albeit on the less popular Mac App Store, this is still significant and warrants a brief PSA to be cautious when sharing personal information with these apps.

Security-conscious readers probably already use the data breach alert site Have I Been Pwned, but a new Proton website is aiming to alert you at an earlier stage with what the company says will be near real-time reporting.

The company behind ProtonMail says it has launched the Data Breach Observatory because it can sometimes take too long to find out when your personal data has been made available for sale on the dark web …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

When Apple dropped App Tracking Transparency (ATT) prompts in iOS 14.5 back in 2021, it was a watershed moment for user privacy within third-party applications. Nothing like it had existed prior. The initiative gave iPhone users control over whether their in-app data could be aggregated and shared with third parties for advertising or other various purposes.

Still, today, I often find comments online from people who don’t really know what it does and find the wording very taboo. Like, why “Ask” the app? And is it still effective? Let’s briefly look at App Tracking Transparency in 2025…

In a statement to the German Press Agency, Apple claimed that it may have to turn off App Tracking Transparency in Europe as a result of “intense lobbying efforts”. Here’s why.

A tactic used by a growing number of scammers is to impersonate help centres in order to trick victims into sharing their screens via WhatsApp. By doing so, they can obtain sensitive information like bank account details and verification codes.

Meta says WhatsApp will now intervene when someone attempts to use screen sharing with an unknown contact during a video call. The company will also proactively flag suspicious-looking chats in Facebook Messenger …

The Department of Homeland Security says that Chinese criminal gangs have made more than $1 billion from text scams sent to US phone numbers over the past three years.

Scam texts about fake highway toll payments, US Postal Service fees, and traffic violation fines are used to obtain credit card details. They also trick victims into submitting a one-time code from their bank, which allows the criminals to add the card to Apple Wallet …

Apple recently explained how it will comply with an App Store age verification law in Texas, and it will now face a similar requirement in California.

Apple found a privacy-respecting approach to the Texas law, and it seems that it will be able to adopt a similar one here …

Security researchers at two US universities were able to intercept T-Mobile customer call and text data from completely unencrypted satellite communications.

Researchers were also able to eavesdrop on sensitive government communications, including US military and law enforcement agencies – and they did all of it using nothing more than an $800 off-the-shelf satellite receiver system …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

In this week’s Security Bite, I’m taking it back over 20 years to the launch of Gmail in 2004–because that’s how long its little-known plus addressing (aliasing) feature has quietly existed. It was originally created to help with filtering and keeping inboxes tidy long before spam became what it is today. Google never really promoted it, so most people still don’t realize it’s a thing. But over the years, it’s become popular among privacy-minded folks to track which online services, subscriptions, etc., are selling email addresses to other companies or leaking them.

California Governor Gavin Newsom signed the “California Opt Me Out Act”, which will require web browsers to include an easy, universal way for users to opt out of data collection and sales. Here are the details.

Apple is facing a cybercrime investigation in France over its capture and review of voice recordings to improve the quality of Siri responses.

The probe faces complaints by a human rights organization over a 2019 revelation that Apple was using contractors to listen to voice recordings of Siri interactions by its customers despite its privacy promises …

Direct payments between Venmo and PayPal will finally become possible from November, some 11 years after it was first expected.

While some may find it convenient, it also opens a new route to scammers, so there’s a privacy setting you may wish to change when it goes live …