Accountability, Blog and Data collection

Collection #1 Mega Breach Leaks 773 Million Email Accounts

Adam Levin

JANUARY 18, 2019

Hunt transferred the compromised emails and passwords to the website haveibeenpwned.com , where users can check to see if their account data was compromised. If this Collection #1 has you spooked, changing your password(s) certainly can’t hurt — unless of course you’re in the habit of re-using passwords. “If

Accountability

Accountability Passwords Data breaches Data collection

Inside the DemandScience by Pure Incubation Data Breach

Troy Hunt

NOVEMBER 13, 2024

Apparently, before a child reaches the age of 13, advertisers will have gathered more 72 million data points on them. I knew I'd seen a metric about this sometime recently, so I went looking for "7,000", which perfectly illustrates how unaware we are of the extent of data collection on all of us.

Data breaches

Data breaches Passwords B2B Technology

Senators Urge FTC to Probe ID.me Over Selfie Data

Krebs on Security

MAY 18, 2022

for “deceptive statements” the company and its founder allegedly made over how they handle facial recognition data collected on behalf of the Internal Revenue Service , which until recently required anyone seeking a new IRS account online to provide a live video selfie to ID.me. ” But several days after a Jan.

Government

Government Accountability Surveillance Data collection

GUEST ESSAY: What everyone should know about the pros and cons of online fingerprinting

The Last Watchdog

MAY 21, 2020

The idea was that by fingerprinting devices used to connect to the internet we could achieve better accountability. Fingerprinting is considered a necessary practice to fight challenges such as fake accounts and the misuse of internet services. However, online fingerprinting is also being used to track users.

Advertising

Advertising Internet Internet Accountability

114 Million US Citizens and Companies Found Unprotected Online

Adam Levin

DECEMBER 3, 2018

Hackenproof, the Estonian cybersecurity company that found the data trove online, announced their discovery on their blog. The data was found on Shodan , an IoT-centric search engine that allows users to look up and access “power plants, Smart TVs, [and] refrigerators.” The takeaway?

Identity Theft

Identity Theft Data collection Engineering Passwords

OpenAI Is Not Training on Your Dropbox Documents—Today

Schneier on Security

DECEMBER 19, 2023

Simon Willison nails it in a tweet: “OpenAI are training on every piece of data they see, even when they say they aren’t” is the new “Facebook are showing you ads based on overhearing everything you say through your phone’s microphone.” How many people cancelled their Dropbox accounts in the last 48 hours?

Government

Government Banking Risk Internet

Twitter inadvertently collected and shared iOS location data

Security Affairs

MAY 15, 2019

A new story of a violation of the user’s privacy made the lines, Twitter revealed that due to a bug is collected and shared iOS location data with a third-party advertising company, Fortunately, only one partner of the micro-blogging firm was involved and the data collection and sharing occurred in certain circumstances.

Advertising

Advertising Accountability Data collection Mobile

Fixing Data Breaches Part 1: Education

Troy Hunt

DECEMBER 17, 2017

Before I left DC, I promised the folks there that I'd come back with recommendations on how we can address the root causes of data breaches. I'm going to do that in a five-part, public blog series over the course of this week. They may deny the usefulness of the skill. "god rights"). Oh - and it uses a password of 12345678.

Data breaches

Data breaches Education Passwords Penetration Testing

Purpose Limitation Compliance with OpenAI | Cyera Blog

Security Boulevard

JUNE 20, 2023

NIST Privacy Framework - organizations must identify the purposes for collecting and using PII. Federal Trade Commission (FTC) Act, Section 5 - organizations must disclose their data collection practices, including the purposes for which they collect and use PII.

Data collection

Data collection IoT Marketing Data privacy

Phishers migrate to Telegram

Security Affairs

APRIL 6, 2023

User personal data for sale. Crooks offers data collected through phishing campaign to the subscribers. Data includes verified online banking credentials, in some cases phishers also provides info on the account balances. ” continues the analysis. ” Phishing-as-a-Service. .

Phishing

Phishing Scams Social Engineering Accountability

Making authentication faster than ever: passkeys vs. passwords

Google Security

MAY 5, 2023

This technology behind passkeys allows users to log in to their account using any form of device-based user verification, such as biometrics or a PIN code. If you create a passkey on one device the Google Password Manager can make it available on your other devices that are signed into the same system account.

Authentication

Authentication Passwords Technology Password Management

Malicious ads for restricted messaging applications target Chinese users

Malwarebytes

JANUARY 25, 2024

The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote Administration Trojan (RATs) instead. While we don’t know the threat actor’s true intentions, data collection and spying may be one of their motives.

Malware

Malware Advertising Accountability Encryption

How to Secure Your Business Social Media Accounts

BH Consulting

AUGUST 31, 2023

Having policies and procedures to secure social media accounts and minimise the potential for incidents can help. So in this blog, I’ll talk about the risks and steps to mitigate them. The organisation had suffered reputational damage after one of the team followed some accounts that didn’t fit with its values. More than 4.7

Media

Media Accountability Passwords Authentication

New Android malicious library Goldoson found in 60 apps +100M downloads

Security Affairs

APRIL 15, 2023

The collected data is sent to the C2 server every two days, but the cycle depends on the remote configuration. The level of data collection depends on the permissions granted to the app using the malicious library.

Data collection

Data collection Mobile Malware Education

Threat Report Portugal: Q3 & Q4 2022

Security Affairs

APRIL 6, 2023

The Threat Report Portugal: H2 2022 compiles data collected on the malicious campaigns that occurred from July to December, H2, 2022. The Portuguese Abuse Open Feed 0xSI_f33d is an open-sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports

Threat Reports Phishing Malware Banking

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

Back to the bit about risks impacting data collected by IoT devices and back again to CloudPets, Context Security's piece aligned with my own story about kids' CloudPets messages being left exposed to the internet. Here we had a situation where an attacker could easily control moving parts within a car from a remote location.

IoT

IoT Firmware Risk Encryption

Fixing Data Breaches Part 3: The Ease of Disclosure

Troy Hunt

DECEMBER 20, 2017

I try the "report abuse" feature (the closest thing I could find to a contact form) except that error'd out because I allegedly had an account with them and wasn't logged on (I later learned that someone else had created an account using my email address). — Michael Kan (@Michael_Kan) February 28, 2017.

Data breaches

Data breaches Risk Accountability Data collection

Security experts disclosed Wyze data leak

Security Affairs

DECEMBER 29, 2019

According to Twelve Security , the exposed data includes: User name and email of those who purchased cameras and then connected them to their home 24% of the 2.4 According to Twelve Security , the exposed data includes: User name and email of those who purchased cameras and then connected them to their home 24% of the 2.4

IoT

IoT Accountability Advertising Wireless

How boards can manage digital governance in the age of AI

BH Consulting

MARCH 26, 2025

It introduces accountability measures for large platforms, and strengthens users’ rights. The Data Act enhances access to and use of non-personal data across sectors. The Digital Services Act regulates online services to enhance digital trust.

Government

Government Artificial Intelligence Risk Digital transformation

PIP-INTEL Open Source Intelligence Tool Designed Using Open-Source Tools and PIP Packages

Hacker's King

AUGUST 7, 2024

In this article, we will explore how to use an OSINT tool to gather information about a phone number, email address, and social media account. It combines many open-source tools into a single tool, simplifying the data collection and analysis processes for researchers and cybersecurity professionals.

Media

Media Data collection Accountability Hacking

Regional privacy but global clouds. How to manage this complexity?

Thales Cloud Protection & Licensing

MAY 31, 2022

To that effect, TCS, Global leader in cyber security services, and Thales recently announced a partnership offering a one-stop solution for data privacy that organisations leverage to manage this complexity and help reach compliance. Accountability and delegated responsibility. Implementing privacy. Glocal” expertise, global and local.

Data privacy

Data privacy Digital transformation Accountability Data collection

Fixing Data Breaches Part 2: Data Ownership & Minimisation

Troy Hunt

DECEMBER 19, 2017

The site asks you for some personal information when you create the account which it then stores in a database. Who now owns that data? This is an important question because it drives the way organisations then treat that data. Data Collection Should be Minimised, Not Maximisation. The cat site?

Data breaches

Data breaches Data collection B2B Mobile

ICFR Best Practices: How to Design and Maintain Strong Financial Controls

Centraleyes

APRIL 17, 2025

Various regulatory bodies and industry organizations either require or recommend the use of COSO: The Securities and Exchange Commission (SEC) and the Public Company Accounting Oversight Board (PCAOB) recognize COSO as a valid framework for SOX compliance, ensuring public companies maintain strong internal controls over financial reporting.

Risk

Risk Technology Accountability Cybersecurity

A Pandora's Box: Unpacking 5 Risks in Generative AI

Thales Cloud Protection & Licensing

APRIL 17, 2024

Security researchers from Imperva described in a blog called XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT how they discovered multiple security vulnerabilities in OpenAI’s ChatGPT that, if exploited, would enable bad actors to hijack a user’s account. Consent management is also considered critical.

Risk

Risk Data collection Artificial Intelligence Accountability

What To Know About Privacy Data

Identity IQ

JANUARY 17, 2023

Staying safe on the internet means knowing what privacy data is and how to help protect your personal information. In this blog, we will take a closer look at what privacy data is and share details about how you can keep yourself safe. Login information for online accounts you have. Why Is Data Privacy Important?

Data privacy

Data privacy Identity Theft Accountability Banking

A Pandora’s Box: Unpacking 5 Risks in Generative AI

Security Boulevard

APRIL 17, 2024

Security researchers from Imperva described in a blog called XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT how they discovered multiple security vulnerabilities in OpenAI’s ChatGPT that, if exploited, would enable bad actors to hijack a user’s account. Consent management is also considered critical.

Risk

Risk Data collection Artificial Intelligence Accountability

The state of generative AI in 2024

Webroot

OCTOBER 3, 2024

As OpenText’s Muhi Majzoub, EVP and Chief Product Officer, points out: “ As personal and family AI use increases, it’s essential to have straightforward privacy and security solutions and transparent data collection practices so everyone can use generative AI safely.

Education

Education Passwords Password Management Authentication

Tom Cruise,?TikTok?and Fraud: How to combat?DeepFakes

CyberSecurity Insiders

APRIL 30, 2021

where fraudsters impersonated a trusted business partner , manipulat ing the CEO into transferring $243,000 to the scammers’ account. . In this blog, we look at the rise of deepfakes and how businesses and consumers alike can protect themselves. ? . one business leader fell victim to a deepfake scam ?where What are deepfakes? .

Technology

Technology Authentication Media Accountability

Drawing the RedLine – Insider Threats in Cybersecurity

Security Boulevard

MARCH 31, 2022

Data collection from FTP clients, IM clients. In a blog post published on March 22nd, 2022, Microsoft confirmed that one of their user accounts had been compromised by the Lapsus$ (also known as DEV-0537) threat actor, though they claimed that the information accessed was limited and that “no customer code or data was involved”.

Cybersecurity

Cybersecurity Social Engineering Passwords Malware

Knock, Knock; Who’s There? – IoT Device Identification & Data Integrity Is No Joke

Thales Cloud Protection & Licensing

JULY 12, 2018

But making the IoT work requires trust in the devices and the data they collect. In this blog, and in one by my colleague Julie Lassabliere from Safelayer Secure Communications , we explore the need for trusted device identification and data integrity in the IoT. The post Knock, Knock; Who’s There? –

IoT

IoT Data collection Encryption eCommerce

McAfee Enterprise Continues to be a Leader in CASB and Cloud Security

McAfee

NOVEMBER 22, 2021

Based on the data collected by our research team from millions of connected McAfee Enterprise users across the globe, the overall usage of enterprise cloud services spiked by 50% across all industries, while the collaboration services witnessed an increase of up to 600% in usage.

Digital transformation

Digital transformation Data collection Technology Mobile

6 ways to get the most from Data Privacy Week

Webroot

JANUARY 27, 2025

Here are some common examples: Health data : Information stored in a patient portal, online pharmacy, or health insurance website. Financial data : Details of your bank account, 401K fund, or IRA. Apps : Data collected by various applications you use.

Data privacy

Data privacy Backups Antivirus Encryption

Navigating GDPR Compliance with CIAM: A Quick Guide

Thales Cloud Protection & Licensing

MAY 22, 2024

The GDPR's new requirements necessitated a fundamental overhaul of CIAM approaches, a relevance that persists today: Key GDPR principles reshaping CIAM Explicit Consent : Before collecting data, businesses should obtain clear and affirmative consent from users.

Data collection

Data collection Data privacy Encryption Authentication

Top 10 Cloud Privacy Recommendations for Consumers

McAfee

JANUARY 28, 2020

If you reuse passwords, you only need one of your cloud services to be breached—once criminals have stolen your credentials through one service, they potentially have access to every account that shares those same credentials, including banking platforms, email and other services where sensitive data is stored.

Passwords

Passwords Mobile VPN Identity Theft

Everything You Need To Know About The New York Privacy Act

Centraleyes

DECEMBER 4, 2024

Privacy laws hold accountable those who steal or misuse data, and are necessary to protect privacy rights. NYPA is a comprehensive consumer privacy law that aims to protect the privacy of the citizens of New York by empowering them to exercise greater control over their personal information and by holding businesses accountable.

Data collection

Data collection Accountability Government Media

Five ways to protect against software supply-chain attacks

SC Magazine

APRIL 9, 2021

Security pros may recall the 2017 NotPetya attack on tax accounting software by M.E. The major public cloud providers have facilities that let teams do event and data collection without agents. But these types of attacks on commercial products aren’t new. In the past few years alone, at least four others come to mind.

Software

Software Data collection Malware Risk

Agentic AI for SecOps: More Than Just Another Chatbot

Digital Shadows

NOVEMBER 5, 2024

In this blog, we’ll detail how an AI agent can take generative AI a step further. Generative AI is Just One Tool of Agentic AI While AI chatbots simplify initial data collection by giving quick access to information through direct prompts and queries, they still leave the analyzing and decision- making to analysts.

Passwords

Passwords Malware Data collection Phishing

Agentic AI for SecOps: More Than Just Another Chatbot

Digital Shadows

NOVEMBER 5, 2024

In this blog, we’ll detail how an AI agent can take generative AI a step further. Generative AI is a Tool of Agentic AI While generative AI chatbots simplify initial data collection by giving quick access to information through direct prompts and queries, they still leave the analyzing and decision- making to analysts.

Malware

Malware Data collection Phishing Passwords

Who tracked internet users in 2021–2022

SecureList

NOVEMBER 25, 2022

Certain tech giants recently started adding tools to their ecosystems that are meant to improve the data collection transparency. A further tracking service operated by Google, Google Analytics, collects data on website visitors and provides detailed statistics to clients.

Internet

Internet Internet Advertising Marketing

Does a SIEM make sense for my MSP?

Webroot

MARCH 10, 2021

Hybrid – As its name implies, some options blend cloud-based solutions with a local collection server to gather information and push a single source, securely, to the cloud for analysis and processing. Feeding your SIEM a healthy diet of data. appeared first on Webroot Blog. The post Does a SIEM make sense for my MSP?

Wireless

Wireless Data collection IoT Firewall

Introducing BloodHound 4.3?—?Get Global Admin More Often

Security Boulevard

APRIL 18, 2023

Thank you to Cristian M for his AzureHound PR and BloodHound PR to bring support for attack paths traversing Automation Accounts, Logic Apps, Web Apps, and Function Apps. Cristian’s PRs also add support for Storage Accounts, which we will be including in a future update. The SMSA work didn’t quite make it in time for the BloodHound 4.3

Accountability

Accountability Data collection Authentication Cybersecurity

Alleged FruitFly malware creator ruled incompetent to stand trial

Malwarebytes

JANUARY 16, 2024

Together, CWRU and the FBI were able to identify that an IP address with which the malware was communicating had also been used to access the alumni email account of a man called Phillip Durachinsky. The IP address was linked to the malware using data collected by CWRU, Malwarebytes, and AT&T.)

Malware

Malware Passwords Identity Theft Data collection

How to Automate GDPR Compliance

Centraleyes

OCTOBER 10, 2024

This blog will explore the key steps to automate GDPR compliance, best practices, and the tools available to facilitate this automation. Understanding GDPR and Its Challenges The GDPR sets stringent standards for automating data privacy compliance. It applies to any organization that processes the personal data of EU citizens.

Data collection

Data collection Data breaches Data privacy Risk

Podcast Episode 130: Troy Hunt on Collection 1 and Tailit’s Tale of IoT Security Redemption

The Security Ledger

JANUARY 22, 2019

In this week’s episode (#130): we speak with security researcher Troy Hunt, founder of HaveIBeenPwned.com about his latest disclosure: a trove of more than 700 million online account credentials he’s calling “Collection #1.” Even more worrying: Collection #1 isn’t the only repository of stolen credential out there.

IoT

IoT Passwords Accountability Data collection

Collection #1 Mega Breach Leaks 773 Million Email Accounts

Inside the DemandScience by Pure Incubation Data Breach

Trending Sources

Senators Urge FTC to Probe ID.me Over Selfie Data

GUEST ESSAY: What everyone should know about the pros and cons of online fingerprinting

114 Million US Citizens and Companies Found Unprotected Online

OpenAI Is Not Training on Your Dropbox Documents—Today

Twitter inadvertently collected and shared iOS location data

Fixing Data Breaches Part 1: Education

Purpose Limitation Compliance with OpenAI | Cyera Blog

Phishers migrate to Telegram

Making authentication faster than ever: passkeys vs. passwords

Malicious ads for restricted messaging applications target Chinese users

How to Secure Your Business Social Media Accounts

New Android malicious library Goldoson found in 60 apps +100M downloads

Threat Report Portugal: Q3 & Q4 2022

IoT Unravelled Part 3: Security

Fixing Data Breaches Part 3: The Ease of Disclosure

Security experts disclosed Wyze data leak

How boards can manage digital governance in the age of AI

PIP-INTEL Open Source Intelligence Tool Designed Using Open-Source Tools and PIP Packages

Regional privacy but global clouds. How to manage this complexity?

Fixing Data Breaches Part 2: Data Ownership & Minimisation

ICFR Best Practices: How to Design and Maintain Strong Financial Controls

A Pandora's Box: Unpacking 5 Risks in Generative AI

What To Know About Privacy Data

A Pandora’s Box: Unpacking 5 Risks in Generative AI

The state of generative AI in 2024

Tom Cruise,?TikTok?and Fraud: How to combat?DeepFakes

Drawing the RedLine – Insider Threats in Cybersecurity

Knock, Knock; Who’s There? – IoT Device Identification & Data Integrity Is No Joke

McAfee Enterprise Continues to be a Leader in CASB and Cloud Security

6 ways to get the most from Data Privacy Week

Navigating GDPR Compliance with CIAM: A Quick Guide

Top 10 Cloud Privacy Recommendations for Consumers

Everything You Need To Know About The New York Privacy Act

Five ways to protect against software supply-chain attacks

Agentic AI for SecOps: More Than Just Another Chatbot

Agentic AI for SecOps: More Than Just Another Chatbot

Who tracked internet users in 2021–2022

Does a SIEM make sense for my MSP?

Introducing BloodHound 4.3?—?Get Global Admin More Often

Alleged FruitFly malware creator ruled incompetent to stand trial

How to Automate GDPR Compliance

Podcast Episode 130: Troy Hunt on Collection 1 and Tailit’s Tale of IoT Security Redemption

Stay Connected