According to a recently declassified report, the US government is buying citizens’ personal information. This should come as no surprise, as this had been reported before, but now we’re hearing that agencies like the FBI are buying this data.
This report comes from the Office of the Directorate of National Intelligence (ODNI). This report confirms that government agencies are buying “commercially available information”.
This data comes from devices like smartphones, connected cars, IoT devices, web tracking technologies like cookies and much more. Some of the data that is obtained includes location information, web browsing activity and social media information.
Commercially Available Information or CAI, can often reveal the “detailed movements and associations of individuals and groups, revealing political, religious, travel and speech activities.” It is also able to “identify every person who attended a protest or rally based on their smartphone location or ad-tracking records.”
What is surprising here is that the government is basically admitting to this.
The data is often anonymized
While the data is often anonymized, it is possible to use other forms of commercially available information to identify Americans. The report does also acknowledge that some of this information that can be acquired can be subject to abuse, as is any type of information.
While this report is pretty scary, it is not a surprise in the least. The FBI having access to the same sort of data as Google and Facebook, should not surprise anyone, but it should scare everyone. This is why we need to have some serious privacy improvements, and currently, Apple is really the only one taking steps to help with privacy. And that’s mostly because they are the only tech giant that doesn’t have a huge ad business.
These tech giants collect all of this data to use for ads. Being able to better target ads means that they can charge more for ads, and the advertisers get more clicks on their ads. Which is what both the tech giants and advertisers want.
Bally Sports launched its streaming service, Bally Sports Plus, roughly nine months ago. And now Diamond Sports Group has revealed just how many subscribers the streaming service has. And it might surprise you.
According to Diamond Sports Group, Bally Sports Plus has around 203,000 subscribers, since it launched nine months ago. This means that it is only generating about $36 million in annual revenue, and it’s only about 55% of the goal that Bally Sports has for the service. And obviously, that’s nowhere near enough to help combat the $9 billion in debt that Bally Sports has.
Why does Bally Sports Plus have so few subscribers?
It’s not hard to see why Bally Sports Plus has so few subscribers. For one, Bally Sports only has the streaming rights to a small number of teams. The other reason is, the price. Bally Sports Plus costs $20 per month, per market. However if you live in a market like south Florida and want Orlando and Miami teams, you’ll have to pay $20 per month for each market. So that’s $40 per month for sports.
After Sinclair, the parent-company of Diamond Sports Group, purchased the Fox Sports RSNs and then rebranded them to Bally Sports, the company started to take Bally Sports off of streaming services. That included YouTube TV and Hulu + Live TV. This was so they could create their own streaming service just for sports. Even though the leagues told it, that it was a bad idea. As they don’t have enough content to get users to pay $20 per month.
Given how few subscribers that Bally Sports Plus has, one has to wonder how long before they pull the plug on the streaming service. After all, they are giving up rights to many of the teams that they currently have rights too. Due to the bankruptcy process, they could be forced to pull the plug on Bally Sports Plus. Which might make a lot of people happy.
The return of BreachForums was announced by Baphomet on Telegram, one of the administrators of the original forum.
BreachForums, the well-known cybercrime and hacking forum that was shut down months ago, has reemerged under new management. The notorious hacking group ShinyHunters has assumed control of the revived platform, raising alarm among cybersecurity experts and law enforcement agencies worldwide.
Confirmation of BreachForums’ return under the management of ShinyHunters came through Baphomet, one of the administrators of the original forum. Baphomet, who remains an active figure within the hacking community, announced the resurgence of BreachForums in a PGP-signed message, leaving no room for doubt about its authenticity.
(Editor’s note: You have been warned – use the forum at your own risk.)
Furthermore, a Telegram account using the alias ShinyHunters (@shinycorp) has emerged alongside Baphomet, taking charge of addressing the previous users of BreachForums. The account has already begun disseminating information and updates related to the forum’s operations, attracting attention from both potential members and concerned individuals.
Baphomet’s PGP-Signed message and ShinyHunters on Telegram (Hackread.com)
BreachForums, in its previous incarnation, served as a notorious hub for cybercriminals to exchange stolen data, discuss hacking techniques, and orchestrate illicit activities. The return of the forum, now under the auspices of ShinyHunters, has sent shockwaves through the cybersecurity community.
ShinyHunters, a hacking group infamous for their involvement in several high-profile data breaches, has consistently targeted organizations to steal sensitive information for monetary gain by selling user data on Clear and the dark web.
The resurgence of BreachForums under ShinyHunters’ control has raised concerns about the potential implications for global cybersecurity. Law enforcement agencies and cybersecurity experts fear an upswing in cyberattacks, data breaches, and the facilitation of illegal activities on the platform.
The reincarnation of BreachForums as posted by ShinyHunters (Image: Hackread.com)
As news of the forum’s return spreads, organizations and individuals are urged to remain vigilant regarding their online security. It is crucial to implement strong security measures, regularly update passwords, and exercise caution when sharing personal information or engaging in online discussions.
What Happened to Old BreachForums?
The original BreachForums emerged as an alternative to the seized RaidForums but was compelled to cease operations following the arrest of its owner, Conor Brian Fitzpatrick, also known as Pompompurin or Pom. Fitzpatrick, a 2021 graduate of Peekskill High School, was apprehended by the FBI.
Subsequently, the forum remained offline, prompting its members to convene in a Telegram group named “The Jacuzzi” to discuss the forum’s future. It is important to highlight that the FBI was unable to access the forum’s domain, preventing its seizure.
About ShinyHunters
ShinyHunters have gained prominence for their involvement in high-profile data breaches. They are known for targeting various organizations, including large corporations and popular websites.
ShinyHunters first gained attention in 2020 when they were linked to a series of data breaches, such as the breaches of Tokopedia, a popular Indonesian online marketplace, and Microsoft’s GitHub repository. In these incidents, they reportedly accessed and leaked millions of user records.
The group gained further notoriety by selling stolen data on underground hacking forums and dark web marketplaces. They typically target organizations with large user bases and sensitive data, including personally identifiable information (PII), login credentials, and financial details.
While the exact identity of ShinyHunters remains unknown, their activities and the scale of the breaches they have been associated with have raised concerns about cybersecurity and data protection.
The Arrest and Extradition of Alleged ShinyHunters Member
In June 2022, Hackread.com reported how authorities made an arrest at the Rabat international airport. The detainee was identified as Sébastien Raoult, a 21-year-old French citizen from Epinal City, France. Raoult is believed to be a member of the notorious hacking group known as ShinyHunters.
However, in January 2023, reports emerged stating that Raoult, also known by the alias Sezyo, had been extradited to the United States. He appeared in a Seattle federal court and pleaded not guilty to the charges against him.
Despite Raoult’s arrest, concerns persist regarding the resurgence of cyber threats associated with the ShinyHunters group. One significant cause for worry is the return of BreachForums, a platform previously exploited by the group to trade stolen data. This development poses a substantial cybersecurity threat to unsuspecting users and businesses.
In light of the past activities of ShinyHunters, organizations that have been targeted by this group must take immediate action to fortify their security systems. Strengthening security measures and implementing robust protocols are crucial steps to safeguard user data and prevent future attacks.
The information of hundreds of thousands of Indians who received the COVID vaccination was exposed in a significant data breach and posted on a Telegram channel.
The Fourth News, a Malayalam news portal, said that a Telegram bot on the channel “hak4learn” was providing access to the private information of millions of Indians.
As mentioned by the channel operator, you may access documents of the mobile number registered on the CoWin site.
It is also feasible to determine which vaccination was given and where it was given.
The CoWIN vaccination monitoring app from India, which has more than 1 billion registered users, is noteworthy.
“The scale of the data breach is what makes it hard to guess the repercussions,” says Srikanth Lakshmanan, a researcher who runs the digital payments collective Cashless Consumer.
“Conservative estimates mean at least personal data of several hundred million users was exposed.”
List Of Individuals Whose Data Was Exposed
Several reports claim that sensitive information, including a person’s phone number, gender, ID card details, and date of birth, was exposed on Telegram. By providing a person’s name, a Telegram bot might obtain it.
Local news media have used the bot to gain access to the private data of politicians. The bot stopped functioning on the morning of June 12.
Since the bot was probably merely a shop window for whoever hacked the database, the fact that it has been shut down doesn’t indicate the breach is done, according to Lakshmanan.
“Usually, hackers reveal a slice of data publicly via a bot or web page to prove to the world they have said data and then sell it on the dark web,” Lakshmanan says.
“While the bot is down now, we don’t know where all the data is being traded.”
The Cowin Portal Of The Health Ministry Is Completely Safe
According to the health ministry, allegations that the CoWIN site has been compromised are “without any basis” and the organization in charge of handling cybersecurity issues, the Computer Emergency Response Team, has been requested to look into the accusations.
With ref to some Alleged Cowin data breaches reported on social media, @IndianCERT has immdtly responded n reviewed this
✅A Telegram Bot was throwing up Cowin app details upon entry of phone numbers
✅The data being accessed by bot from a threat actor database, which seems to…
— Rajeev Chandrasekhar 🇮🇳 (@Rajeev_GoI) June 12, 2023
The government said that the Co-WIN portal of the health ministry is completely safe, with adequate safeguards for data privacy
“The development team of COWIN has confirmed that there are no public APIs (application programming interface) where data can be pulled without an OTP (one-time password). In addition to the above, there are some APIs which have been shared with third parties such as ICMR (Indian Council of Medical Research) for sharing data,” the ministry said in its statement.
“It is reported that one such API has a feature of sharing the data by calling using just a mobile number of Aadhaar. However, even this API is very specific and the requests are only accepted from a trusted API which has been white-listed by the CoWIN application,” it added.
According to the health ministry, an internal exercise has also been started to assess the CoWIN security procedures that are now in place.
Minister Rajeev Chandrasekhar said, “National Data Governance policy has been finalized that will create a common framework of data storage, access and security standards across all of government.”
The OnePlus Nord 3 design has just surfaced online yet again, though this time, we get to see the phone from all sides. Truth be said, we knew what the device will look like already, as it will be a rebranded Ace 2V handset, which already launched.
The OnePlus Nord 3 design shown in full ahead of launch
In any case, these renders have been shared by WinFuture, and they show us the phone in both black and cyan colors. The device will have flat sides with chamfered edges, and a flat display.
A centered display camera hole is placed at the top of the display, while you’ll see physical buttons on both the left and right sides. On the left, a volume rocker is placed, while the power/lock button and an alert slider sit on the right side.
There are three cameras placed on the back of the phone, across two camera islands. OnePlus will also include two LED lights on the back, next to the aforementioned camera islands. The back side of the phone will also be flat, but it will curve into the frame on the edge to make the phone more comfortable to use.
It will be a rebranded OnePlus Ace 2V handset which launched in China already
Now, as mentioned earlier, this phone will be a rebranded Ace 2V handset. That device already launched in China. The OnePlus Nord 3 won’t only look like the Ace 2V, but it will also utilize its specs.
The phone will feature a 6.74-inch 2772 x 1240 AMOLED display with a 120Hz refresh rate. The MediaTek Dimensity 9000 SoC will fuel this phone. You can also expect to get up to 16GB of RAM and 256GB of internal storage.
A 50-megapixel main camera will be placed on the back, along with an 8-megapixel ultrawide camera. A 2-megapixel macro shooter will also be in use. A 5,000mAh battery will power the device, and 80W wired charging will be supported.
The OnePlus Nord 3’s price tag is still unknown. The phone is expected to launch in the near future, but the exact date is also a mystery at the moment. One thing to note is that the device won’t launch in Germany due to a dispute with Nokia.
Two US senators have accused TikTok of lying to Congress and giving misleading information. The Chinese video-sharing app must respond to Congress by the end of this week.
It seems that the conflict between the United States and TikTok has no end. TikTok CEO Shou Zi Chew appeared in the House Energy and Commerce Committee in March. He answered questions regarding the app operations in the US and alleged ties with the Chinese government. However, Senators have now brought new charges to TikTok.
Senators Richard Blumenthal, Democrat of Connecticut, and Marsha Blackburn, Republican of Tennessee, have written a letter to the TikTok CEO and accused him of lying to Congress. “We are disturbed by TikTok’s pattern of misleading or inaccurate responses regarding serious matters related to users’ safety and national security, and request that TikTok correct and explain its previous, incorrect claims.” Senators wrote.
US senators are demanding answers from TikTok
This comes at the heels of a report by The New York Times that claimed TikTok and its parent company ByteDance share American users’ data in an internal messaging platform named Lark. The data include driver’s licenses and child sexual abuse materials. Moreover, the report continues that the data was stored on China-based servers, and the company’s employees in China could access them.
TikTok also promised to store the US users’ data in the country and cut China-based workers’ access to that data. However, a recent report by Forbes claims TikTok is storing US-based creators’ financial information, including their tax details and social security numbers, in China. This can be a breach of covenant and have heavy consequences for the company.
The US senators now asked 14 questions from the TikTok CEO. Shou Zi Chew must provide answers by Friday, June 16. The questions mainly revolve around the app’s data storing policies and whether China-based workers could gain access to US users’ data.
TikTok has over 150 million US-based users. Its alleged ties with the Chinese government have become a source of concern for US lawmakers. Some states are passing legislation to ban the app, including Montana, which banned the Chinese app. More states could pass similar legislation.
Strava is a popular mobile app used by over 100 million people worldwide to track their activities, such as running, cycling, and various sports, and keep tabs on their performance statistics. However, an otherwise fun Strava feature that’s been around since 2018 may be a cause for concern for a particular set of users. Researchers from North Carolina State University Raleigh, as reported by Connect The Watts, set out to assess Strava’s safety and the possibility of someone discovering your home address through your app activity. Their findings revealed that it is indeed possible for someone to uncover your home address under certain circumstances.
While using Strava, users allow GPS to track their location. Members of Strava can use heatmaps to discover new trails and see how popular they are. However, researchers discovered a potential method for tracking and identifying users’ addresses by combining publicly available heatmap data from Strava with individual user information.
By analyzing the heatmap data and utilizing OpenStreetMaps, the researchers were able to identify starting and ending locations near specific residences, thereby revealing individual home addresses.
While it is concerning to think that someone could extract your home address from an app, the researchers found that the accuracy rate of the identified addresses was approximately 37.5% when compared to voter registration data.
Additionally, the researcher found out that if you live in a more populated area, the chance of getting your address found is lower than if you live in an area with fewer people, which sounds logical. Imagine you live in a place where there are just 10 to 15 houses, and only you are using Strava – well, maybe the map will lead to your front door, so you should be more careful if that is your case.
To safeguard your privacy and prevent the display of your starting and finishing points on Strava, you have the option to make adjustments:
Go to Settings, located in the upper right-hand corner. Select “Privacy Controls” and then “Map Visibility.” Hide the start and end points of activities originating from a specific address. You can customize the proximity range within which the activity begins or ends, with options up to a 1-mile radius.
Swiss government websites were taken offline through the use of targeted distributed-denial-of-service (DDoS) attacks ahead of a video address by Ukranian President, Volodymyr Zelensky.
DDoS attacks disrupt sites by overwhelming their infrastructure with a large amount of internet traffic. As DDoS attacks overwhelm a site’s bandwidth, this prevents users from accessing it.
The disruption to the Swiss government sites was discovered on June 12, as the Swiss parliament prepared for a video address by President Zelensky.
The address in scheduled for June 15, which is also a national holiday in Russia. The Swiss National Cyber Security Center (NCSC) reported that “various websites of the Federal Administration and enterprises affiliated with the Confederation were unavailable” due to the DDoS attacks launched against them.
The NCSC said that it will be attempting to reduce disruption and return to normalcy by “taking measures to restore accessibility to the websites and applications as quickly as possible”. It also said that it will be “analyzing the attack together with the administrative units concerned and defining appropriate measures”.
Pro-Russia hackers have since come out as the perpetrators of the DDoS attacks, with Russian hacking group NoName claiming the attack. In a post via messaging service Telegram, the group said the DDoS attack was launched against the parliament’s website to “thank Swiss Russophobes” for taking on another EU sanctions package against Moscow.
The group also claimed that it had defended Russia “on the information front” by launching additional DDoS attacks against the websites for Switzerland’s police force and justice ministry. NoName added that it will continue to defend Russia in this manner.
According to some leaked documents from The Mobile Report, it looks like some T-Mobile customers might get access to better phone deals, soon. How soon? Starting around June 21.
Here’s what’s going on, according to some leaked documents from T-Mobile, the carrier is going to be changing how it figures out some subscribers’ credit limits. Previously, it used “credit classes” for subscribers, now it will compute credit limits on an individual basis which will allow them to be considered “well-qualified”, and able to get the best deals on phones and other products.
This is going to allow the subscribers credit line to be raised, lowered, or stay the same depending on their history of paying T-Mobile bills. After six months of having your T-Mobile account, it will be evaluated based on your payment history. If T-Mobile finds that you pay your bill on time each month, then they might raise your credit limit. But if you end up paying late a couple of times, your credit limit might be decreased.
The leaked documents show that T-Mobile will reassess this every six months for the life of your account. Much like a credit card company would. And it’s also important to stress that T-Mobile is not pulling your credit every six months, it is only factoring in whether you pay your T-Mobile bill each month. Not external accounts.
How does this give subscribers access to better phone deals?
Because T-Mobile will now assess your credit limit every six months, automatically now, it means that you could get access to better phone deals. Currently, only those that are well-qualified get access to the $0 down payment offers on new phones. And if you were not well-qualified when you signed up, you never really moved into that group. So this change is a good one for T-Mobile customers.
This will be used only for T-Mobile postpaid accounts, and not on Metro by T-Mobile or T-Mobile Prepaid. Which makes sense, because only postpaid allows for financing phones and other products.
The EU could force Google to break up its ad business
Its goal is to diminish Google’s ad tech dominance, basically. Based on the report, this will come as a result of Google’s failure to address competition concerns. It is worth noting that break-up orders from the EU are rare, though, so we’ll see what happens.
So, what exactly does this mean? What will Google have to do in order to appease the EU? If it comes to that, of course. Well, Google could be forced to sell a part of its advertising-technology business, actually. At least according to the source who talked to Reuters.
The European Commission is the EU’s top antitrust watchdog, and the complaint is expected to come from them. The source seems to be convinced it will happen tomorrow, at which point we’ll have far more information.
This is far from being a new issue
This is actually not a new issue, as mentioned earlier. The EU has been pushing Google to address a number of issues, but the company seemingly didn’t do enough, at least based on the EC’s assessment.
Last year, the European Commission launched an investigation into Google’s advertising presence, as it was concerned about the company’s dominance. Google is easily the most dominant digital advertising platform globally, with a 28% market share of global ad revenue. This comes from a first called Insider Intelligence, a research company.
It is worth noting that the US launched an ad tech lawsuit against Google earlier this year. The US demanded a sale of Google’s ad manager suite. In the lawsuit, the US also claimed that Google abused its dominance in online advertising. Google, however, denied such accusations.
.png
)
