The Irish privacy regulator DPC has imposed a GDPR fine of 265 million euros, around a €0.5 fine per leaked dataset, on Meta for a major data breach at Facebook that left the data of 533 million users on the street. Last year, Ireland’s data protection authority launched an investigation after media reported about a […]
German privacy regulators have ruled that the use Microsoft 365 by governments, companies and educational institutions is in violation of GDPR. Only by taking additional technical measures is it possible to use the software in Germany. This was the opinion of the German regulators during the Datenschutzkonferenz (DSK) that took place last week (see below […]
Someone is allegedly selling up-to-date mobile phone numbers of nearly 500 million WhatsApp users. A data sample investigated by Cybernews likely confirms this to be true.
Worldwide, a total of 890,000 computers were infected and more than fifty million passwords were stolen. This is the conclusion of security company Group-IB based on its own research. Investigators from the company identified 34 gangs behind the attacks using known malware such as RedLine and Raccoon Infostealer. This malware is capable of stealing login […]
Online gambling platform DraftKings has been hit by a credential stuffing attack in which attackers managed to break into users’ accounts and steal some $300,000. Credential stuffing uses previously leaked email addresses and passwords to gain automated account access. Attackers check whether they can also log in to website B with credentials stolen from website […]
Free service offers such as Office365 and Google Workspace are excluded from public procurement according to the French Ministry. Their position reflects ongoing European concerns about cloud data sovereignty, competition, and privacy rules. Paid versions of these cloud services might be an option if they hadn’t already been disallowed based on worries about data safety. […]
Analysts see an uptick in token theft from authenticated users, allowing threat actors to bypass MFA protections. Stealing session cookies has become one of the most common ways that attackers circumvent multifactor authentication. For unmanaged devices, they recommend conditional access policies and strong controls.
The CNIL pronounced against the company Discord INC. a fine of 800,000 euros for failing to comply with several GDPR obligations, in particular with regard to retention periods and the security of personal data. Discord is a voice over IP (technology that allows users to chat via their microphone and/or webcam over the Internet) and […]
Google has settled in the United States for misleadingly obtaining location data from millions of users for an amount of $ 391 million. Forty US states participated in the lawsuit against the tech company. According to state attorneys general, Google has violated consumer law by misleading users about location settings since at least 2014. This […]
New research suggests that even if you disable the sharing of Device Analytics and turn on other privacy settings, Apple apps track you; data is being collected by a number of Apple iPhone apps—the App Store, Apple Music, Apple TV, Books, and Stocks.