Wiz Research uncovered a publicly accessible ClickHouse database belonging to DeepSeek, a Chinese AI startup. The database exposed over a million sensitive log entries, including chat history, API keys, and backend details. The database was entirely open, allowing full control without authentication. This posed severe security risks, making it vulnerable to unauthorized access and potential […]
Italy’s Privacy Guarantor has requested information from DeepSeek AI providers in China about their data collection practices. Authorities are concerned about potential risks to the personal data of millions of Italians. Key inquiries include data sources, the legal basis for collection, storage locations, and the use of web scraping. Regulators want to understand how DeepSeek […]
Otelier, a platform used by hotel chains worldwide for managing reservations, transactions, and billing, has fallen victim to a data breach that exposed the personal information of hundreds of thousands of guests. The affected individuals include patrons of major hotel chains like Marriott, Hilton, and Hyatt, according to Troy Hunt of the data breach search […]
Generative AI (gen AI), like ChatGPT and image-generating tools, is revolutionizing job markets, particularly in writing, coding, and design. This technological shift is reshaping the demand for certain roles and creating both challenges and opportunities for workers. Research analyzing 1.4 million online job posts from 2021 to 2023 shows a significant impact of AI tools […]
Bunnings, Australia’s largest hardware chain, has been accused of violating the privacy of hundreds of thousands of customers by using facial recognition technology in over 60 stores. According to the OAIC, Australia’s privacy regulator, the system was overly intrusive and operated without obtaining proper customer consent. The OAIC found that Bunnings failed to meet transparency […]
The FBI, NSA, and other global authorities are warning vital infrastructure organizations about the rise of password spraying and MFA fatigue (push bombing) attacks. Hackers use common passwords to access accounts, then repeatedly send MFA requests until a user mistakenly approves one, granting access. Once in, attackers register their own devices for persistent control. Targeted […]
The FTC revealed that major social media and streaming platforms, like Facebook, YouTube, and TikTok, engage in large-scale user surveillance for profit. The investigation found that these companies collect and monetize vast amounts of personal data. This raises serious privacy concerns, especially for children. The report highlights how these companies’ reliance on targeted ads drives […]
Victims of Finland’s largest psychotherapy data breach are seeking higher compensation. In 2020, a hacker stole sensitive information from 40,000 clients of Vastaamo, including patient records, and used it for extortion. While the Finnish government has offered compensation ranging from €500 to €1500, lawyers argue that this is insufficient, given the severe privacy violations the […]
The Dutch Data Protection Authority (AP) has fined Clearview AI over €30 million for illegally scraping facial images from the internet. Despite previous fines from other European regulators, Clearview continued its violations, amassing a database of 30 billion facial images for use in law enforcement. The AP emphasized that Clearview violated the GDPR by creating […]
Today, the FBI issued a warning to cryptocurrency companies and individuals holding cryptocurrencies about social engineering attacks attributed to North Korea. The U.S. law enforcement agency advises against storing information about crypto wallets on internet-connected devices. The “malicious cyber actors” pose as recruitment agencies or tech companies and attempt to trick employees of crypto companies […]