Privacy

A Grubhub security breach has exposed personal data for both customers and drivers, says the company, after an “incident” involving a third-party contractor.

The company has not revealed the exact scale of the security fail, but has admitted that the personal data includes names, email addresses, phone numbers, and partial credit card numbers …

A Meta policy document describes the company’s fears that it could accidentally develop an AI model which would lead to “catastrophic outcomes.” It describes its plans to prevent the release of such models, but admits that it may not be able to do so.

Among the capabilities the company most fears are an AI system that could break through the security of even the best-protected corporate or government computer network without human assistance …

A zero-click WhatsApp spyware attack was made against 90 journalists and other “civil society members,” said Meta, which managed to detect the incident.

A zero-click attack means that victims don’t need to tap on a link or take any action in order for their devices to be compromised – simply receiving the message is enough …

DeepSeek privacy concerns have led to investigations being opened in both the US and Europe, and seen the app removed from the App Store in Italy. It seems likely the same will happen in other countries.

Italian’s privacy regulator questioned whether the app complied with GDPR, a tough privacy law that applies across 30 different countries …

Security researchers have discovered two flaws present in all current iPhones, iPads, and Macs – as well as many earlier ones. The vulnerabilities, known as SLAP and FLOP, could potentially allow an attacker to see the current contents of your open web tabs.

The flaws were introduced in the A15 and M2 chips, and are also found in subsequent ones, up to and including the latest version of each device …

A judge has limited FBI powers to trawl through data obtained from tech giants like Apple, Google, and ISPs under FISA (the Foreign Intelligence Surveillance Act).

Separately, a Cloudflare privacy flaw has been identified in one of Apple’s IT service providers, which could have exposed the rough location of millions of web and app users before it was fixed …

The Federal Trade Commission has taken action against General Motors and OnStar for selling location and driving data from millions of GM car owners, allegedly without informed consent. This data was collected as frequently as every three seconds.

Both companies have been banned from selling location and driving behavior data for a period of five years, and will need to ensure they disclose any future sharing plans, and obtain proper consent for it …

Apple was fined a global total of more than $2.1B last year for antitrust violations, but the sum was only the equivalent of just over a week’s worth of free cash flow.

Encrypted email company Proton put together its latest Tech Fines Tracker, in which Google was the most heavily-fined company, with Apple in second place …

Apple’s Photos app employs multiple features to help you find images in your library and learn more about what’s shown in those images. One of those features is called Enhanced Visual Search. Here’s how it works and how Apple protects your privacy when you use it.

A huge data breach involving Gravy Analytics has appeared to expose precise location data for millions of users of popular smartphone apps like Candy Crush, Tinder, MyFitnessPal, and more. Here’s what you should know about the unfolding breach.

Washington State is suing T-Mobile over a 2021 security breach which exposed the personal data of some 79 million people, including 2M Washington residents. Data exposed included social security numbers, phone numbers, physical addresses, unique IMEI numbers, and driver’s license information.

The carrier is accused of failing to follow industry-standard cybersecurity processes, which allowed the breach to go unnoticed for four months …

The Chinese government forced Apple to remove VPN apps from the App Store there way back in 2017, and the company is now having to do the same in India.

So far, a small number of VPN apps have been removed to comply with an anti-privacy law barring anonymous use, but many more are likely to follow …

Update January 6, 2025: In a new statement to 9to5Mac, Apple says:

Siri has been engineered to protect user privacy from the beginning. Siri data has never been used to build marketing profiles and it has never been sold to anyone for any purpose. Apple settled this case to avoid additional litigation so we can move forward from concerns about third-party grading that we already addressed in 2019. We use Siri data to improve Siri, and we are constantly developing technologies to make Siri even more private.

Find more details in our new story on the subject.

Over five years ago, Apple was hit with a lawsuit over ‘unlawful and intentional recording’ of Siri interactions. Now finally, the case is coming to an end, with Apple agreeing to pay $95 million in a settlement.

Phishing attacks are about to get a whole lot more convincing. A new report warns that scammers are now using AI to scrape information about you from your online profiles in order to send hyper-personalized emails which target your login credentials.

By finding out everything from your employer to your interests, scammers can send emails which have a far greater chance of appearing to be genuine …

I’ve been arguing that passwords are horrible for the best part of a decade now, and was an enthusiastic early adopter of the far better approach of passkeys.

Passkeys were supposed to achieve the holy grail of an approach which is both more secure than passwords and so easy to use that everyone would adopt them. But a new piece outlines four problems with the technology …

A US Army soldier has been arrested on suspicion of extorting money from AT&T and Verizon, following data breaches which saw a massive amount of customer data obtained.

The 20-year-old was arrested near the Army base in Fort Hood, Texas, on suspicion of being the cybercriminal known as Kiberphant0m – and statements by his mother aren’t likely to help …

A developer has noted that Apple’s Photos app shares your iPhone photos with Apple by default, for an iOS 18 feature known as Enhanced Visual Search.

This is an expansion of the older Visual Look Up feature, which can recognize objects within your photos, but a privacy note in the Settings app implies that it sends more data to Apple …

The Federal Trade Commission (FTC) has responded to a series of massive Marriott and Starwood data breaches, ordering the companies to make no fewer than 13 changes to ensure it can’t happen again.

More than 344 million customers were impacted by three separate security breaches, which revealed personal data that included credit card details and passport information …

A report over the weekend suggested an Apple smart home doorbell with support for Face ID is in development. It follows an earlier report of an Apple smart home camera next year.

While it could be argued that both are commodity products, and that Apple’s most important contribution is the HomeKit platform rather than the hardware, there seems little doubt about the opportunity here …

The most popular home internet router brand in the US may be banned from sale in the country over fears that it represents a threat to national security.

Three separate US agencies have opened investigations into TP-Link routers, which account for 65% of the US market, in part because badged versions are supplied to customers by more than 300 ISPs …