Privacy

A massive Twitter data breach last year, exposing more than five million phone numbers and email addresses, was worse than initially reported. We’ve been shown evidence that the same security vulnerability was exploited by multiple bad actors, and the hacked data has been offered for sale on the dark web by several sources.

It had previously been thought that only one hacker gained access to the data, and Twitter’s belated admission reinforced this impression …

Mozilla has announced an update to its Firefox Relay and VPN security offerings today with the main change making them a more affordable, bundled subscription. For $6.99/month, you can get both the Relay and VPN services from the non-profit to protect your devices.

iOS privacy concerns were raised last week when security researchers appeared to demonstrate that iPhones send the same analytics data to Apple whether you grant or decline permission.

The same researchers have now demonstrated that Apple can – despite assurances to the contrary – link this data back to individual users, as the same ID is used as that for iCloud accounts …

A potentially sensitive US Army iOS app is among thousands of iOS and Android apps to include user-profiling code from a Russian company that pretended to be an American one – raising both privacy and security concerns.

The Centers for Disease Control and Prevention (CDC) also used the code in seven of its apps. Both organizations have now removed the code, but it remains present in thousands of other apps …

A security researcher has discovered that Apple analytics data is collected and sent from iPhones, whether or not users consented during the setup process. The amount of data collected was described by the researcher as “shocking.”

A class action lawsuit has now filed, which says that Apple’s privacy promises are “completely illusory” …

Apple has always stood for privacy as a “human right” while the company has never liked the idea of having advertisements on its platforms. But as the App Store is now getting new ad placements, some people have become concerned about how the company’s policies may change. To add more fuel to the fire, developers have discovered that Apple may keep track of everything you tap while browsing the App Store.

Security researchers have found a surprising method for exposing location data in otherwise secure messaging apps WhatsApp, Signal, and Threema.

While the method sounds imprecise, tests showed that it provided greater than 80% reliability …

A security researcher back in August found a significant flaw in iOS VPN apps, and a second researcher has now demonstrated another major issue.

The first problem was that opening a VPN app should close all existing connections, but didn’t. The second is that many Apple apps send private data outside the VPN tunnel, including Health (above) and Wallet …

A new report reveals that Pegasus spyware was used in Mexico after the president expressly said that the government no longer used the malware.

It was used to capture data from the phones of two journalists specialising in reporting on government corruption, as well as a prominent human rights defender …

One of the important new features in iOS 16 is Safety Check. Designed as a tool for those at risk for domestic abuse or similar situations, Safety Check for iPhone lets users immediately revoke location access others have – including apps – and also walks through a security review.

Brought to you by Mosyle, the only Apple Unified Platform. Mosyle fully integrates 5 different applications on a single Apple-only platform. Businesses can automatically deploy, manage & protect all their Apple devices. Request a FREE account to learn how to put your Apple fleet on auto-pilot at a price point that is hard to believe.

Meta is facing a class action lawsuit after both Facebook and Instagram were found to be using an App Tracking Transparency workaround to track users on the web, even after they were denied permission to do so.

The company is accused not just of breaking Apple’s privacy rules, but also violating both state and federal laws …

An Uber hacker who has gained access to a number of the company’s internal systems, including its Slack channels, claims to have full control of the company’s cloud-based servers and more. This includes the company’s servers on both Amazon Web Services and Google’s GSuite.

Incredibly, the attack appears to have mimicked the one back in 2016, which compromised the personal data of 57 million. This suggests that Uber failed to fix a massive security hole, enabling the same attack to be made six years later …

A report shows the average price of in-app purchase has increased 40% on iOS since last year, and one of the main reasons is Apple’s App Tracking Transparency function that it’s making it more expensive to reach the right users.

Ring doorbell security has been a source of controversy for some time, but the company finally appears to be taking privacy issues seriously. It is now supporting end-to-end encryption of video footage for wireless as well as wired products.

The change will finally address security flaws which have been highlighted as far back as 2019 …

There have been plenty of signs lately that the Apple ad business is growing fast, and that the company plans to turn it into a significant source of revenue. But while there is plenty of money to be made, some are accusing Apple of making a U-turn – and even Machiavellian-level plotting to take business from companies like Google and Facebook.

The latest report suggests that Apple has quadrupled its hires for ad roles in the past couple of years, and one research group has suggested the company’s ad business could be worth $30B a year by 2026 …

We argued only this week that the sale of smartphone location data is out of control, and a new report today provides a perfect illustration. It found that location data was pulled from a number of popular smartphone apps for use by US police, without the knowledge of app users – or even the companies who created the apps.

Billions of location records from some 250 million phones were searched by more than 20 US government agencies, after the private data was purchased from a company called Fog Data Science…

Major VPN services have shut down service in India, as there is no way to comply with a new law without breaching their own privacy protection standards.

The law also applies to iCloud Private Relay, but Apple has not yet commented on its own plans …

A Californian bill colloquially known as the Kids’ Code has been unanimously passed by the State Senate, following earlier approval by the State Assembly. It now requires the signature of Gov. Gavin Newsom to take effect.

The California Age-Appropriate Design Code Act addresses a key loophole in the equivalent federal law, the much weaker Children’s Online Privacy Protection Act of 1998 …

The sale of location data sales has become both big business, and one of the biggest privacy threats in recent years. While the companies involved in this $14B industry claim that only aggregated and anonymized data is sold, numerous investigations have shown that this simply isn’t true.

Just yesterday, we learned that the Federal Trade Commission is suing a data broker that can identify people seeking abortions, and that it made samples of that data publicly available. In the past, we’ve seen how location data can reveal everything from where cops’ kids go to school to US troop movements in war zones …

A DoorDash hack has been confirmed by the company, with full customer contact details exposed by the security breach: name, address, and phone numbers.

Separately, LastPass has also confirmed an attack on its own systems, but says it doesn’t believe that any user data was obtained …