Logan Abbott’s Post

Meta Fined $102 Million For Storing 600 Million Passwords In Plain Text: Meta has been fined $101.5 million by the Irish Data Protection Commission (DPC) for storing over half a billion user passwords in plain text for years, with some engineers having access to this data for over a decade. The issue, discovered in 2019, predominantly affected non-US users, especially those using Facebook Lite. AppleInsider reports: Meta Ireland was found guilty of infringing four parts of GDPR, including how it "failed to notify the DPC of a personal data breach concerning storage of user passwords in plain text." Meta Ireland did report the failure, but only some months after it was discovered. "It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data," said Graham Doyle, Deputy Commissioner at the DPC, in a statement about the fine. "It must be borne in mind, that the passwords the subject of consideration in this case, are particularly sensitive, as they would enable access to users' social media accounts." Other than the fine and an official reprimand, the full extent of the DPC's ruling is yet to be released publicly. The details published so far do not reveal whether the passwords included any of US users as well as ones in Ireland or across the rest of the European Union. It's most likely that the issue concerns only non-US users, however. That's because in 2019, Facebook told CNN that the majority of the plain text passwords were for a service called Facebook Lite, which it described as being a cut-down service for areas of the world with slower connectivity. Read more of this story at Slashdot.

247 News : CYBERPOL Siting Alarm: Google’s Secret Data Collection Practices Exposed. The digital landscape is perpetually evolving, with technology giants like Google at its forefront. However, a recent report by 404 Media has revealed that Google’s practices might not be as benign as they seem. Leaked internal documents suggest that Google is engaged in extensive data collection activities, some of which encroach on user privacy in alarming ways. The implications of these revelations are far-reaching, prompting scrutiny from privacy advocates and raising questions about the role of law enforcement in the US and Europe in safeguarding digital rights. Google’s Covert Data Collection Infiltration and Monitoring According to the 404 Media report, Google is not just passively collecting data through user interactions with its services but is actively infiltrating smartphones to gather a wide range of information. This includes recording phone calls, monitoring user behavior, and even capturing the voices of children through devices like smart speakers and voice assistants. The extent of this surveillance suggests a systematic approach to data collection, far beyond the scope of typical user consent agreements. The Nature of Collected Data The data being collected is comprehensive and intrusive. It encompasses: Voice recordings: Google’s smart devices, including those marketed for family use, are capturing and storing voice recordings, including those of children. These recordings are often gathered without explicit consent or awareness. Phone call data: Information about phone calls, including metadata and possibly even content, is being monitored and stored. Behavioral data: User behavior, including browsing habits, location data, and interaction patterns with apps, is being meticulously logged. Internal Database Leak The leaked internal database that 404 Media obtained paints a stark picture of these practices. Thousands of privacy infringements were documented, revealing a pattern of systemic overreach. This database includes instances where data collection activities went beyond legal and ethical boundaries, highlighting a significant breach of trust between Google and its users More on: https://lnkd.in/dHzWe26Q

This recent FTC crackdown on mass data collectors underscores the urgent need for businesses, #advertisers, and #marketers to reassess their data practices. These enforcement actions shed light on the widespread extraction and mishandling of consumers' sensitive personal data, especially browsing and location information. #DataPrivacy #ConsumerProtection 💼🔍 ➡ Key Takeaways for Businesses, Advertisers, and Marketers: 1) Data Sensitivity Awareness: Acknowledge the intimate insights browsing and location data can reveal about individuals, including religious affiliations, health conditions, and financial status. Even seemingly anonymous data can be sensitive and personally identifiable. #SensitiveData #PersonalDataProtection #advertising #marketing #adtech 2) Purposeful Data Handling: Ensure data collection, retention, use, and disclosure align with the intended purposes. Respect users' privacy by refraining from using data beyond agreed-upon or necessary purposes. #EthicalDataHandling #Transparency 3) Transparency and Consent: Prioritize transparency and obtain informed consent from users regarding data collection and use. Avoid deceptive practices and ensure clear disclosure of data usage. #InformedConsent #PrivacyTransparency 4) Meaningful Privacy Safeguards: Implement robust privacy programs and safeguards to protect user data. Enforce safeguards actively to prevent misuse or unauthorized access to sensitive information. #PrivacyProtection #DataSecurity Prioritizing user #privacy, maintaining #transparency, and implementing robust privacy safeguards are essential for building trust with consumers and mitigating risks associated with data misuse and regulatory enforcement actions. #PrivacyFirst #TrustBuilding 🛡️🔒 And if you are interested in knowing what topics are top of mind for FTC, that may inform future actions, listen in to their annual Privacy Con webconference taking place today, March 6th. https://lnkd.in/g4-TGP8b https://lnkd.in/e9pQkEJm

Meta, formerly known as Facebook, has been fined $101.8 million by the Irish Data Protection Commission (DPC) following an investigation into the company’s handling of user data, specifically the storage of 600 million Facebook account passwords in plaintext. This incident, which occurred around 2019, did not involve a data breach where external hackers accessed the passwords, but it did mean that Facebook employees could potentially access these unencrypted passwords. Despite the severity of the security lapse, Facebook at the time downplayed the issue. The DPC’s investigation was prompted by Meta’s own disclosure that it had stored these passwords in plaintext on its internal systems, which is a significant violation of standard security practices that require encryption to protect sensitive user data. After years of scrutiny, the DPC concluded its investigation, issuing a €91 million ($101.8 million) fine as part of its enforcement under the EU’s General Data Protection Regulation (GDPR). The fine also came with a formal reprimand for Meta’s failure to adequately secure its users' passwords. The GDPR, which was implemented in mid-2018, mandates strict data protection and privacy rules across Europe, giving users greater control over how their data is collected, stored, and used by companies. Under these regulations, companies are required to implement strong data protection measures, including encryption of sensitive information like passwords. Meta’s failure to encrypt these passwords was a clear violation of GDPR, leading to the substantial fine and further highlighting the ongoing challenges Meta faces in managing its legacy issues from the Facebook era. This case underscores the importance of robust data protection practices and the potential consequences of failing to comply with regulatory standards. Despite the rebranding to Meta, the company continues to grapple with the fallout from past privacy and security lapses, reflecting the long-term impact that such issues can have on even the largest tech companies. The fine serves as a reminder to all organizations about the critical need for diligent data security measures, particularly in the handling of sensitive information like user passwords.

New Post: #CYBERPOL Siting Alarm: #Google’s Secret Data Collection Practices Exposed - https://lnkd.in/dWJhzqpx Siting Alarm: Google’s Secret Data Collection Practices Exposed Introduction The digital landscape is perpetually evolving, with technology giants like Google at its forefront. However, a recent report by 404 Media has revealed that Google's practices might not be as benign as they seem. Leaked internal documents suggest that Google is engaged in extensive data collection activities, some of which encroach on user privacy in alarming ways. The implications of these revelations are far-reaching, prompting scrutiny from privacy advocates and raising questions about the role of law enforcement in the US and Europe in safeguarding digital rights. Google's Covert Data Collection Infiltration and Monitoring According to the 404 Media report, Google is not just passively collecting data through user interactions with its services but is actively infiltrating smartphones to gather a wide range of information. This includes recording phone calls, monitoring user behavior, and even capturing the voices of children through devices like smart speakers and voice assistants. The extent of this surveillance suggests a systematic approach to data collection, far beyond the scope of typical user consent agreements. The Nature of Collected Data The data being collected is comprehensive and intrusive. It encompasses: Voice recordings: Google's smart devices, including those marketed for family use, are capturing and storing voice recordings, including those of children. These recordings are often gathered without explicit consent or awareness. Phone call data: Information about phone calls, including metadata and possibly even content, is being monitored and stored. Behavioral data: User behavior, including browsing habits, location data, and interaction patterns with apps, is being meticulously logged. Internal Database Leak The leaked internal database that 404 Media obtained paints a stark picture of these practices. Thousands of privacy infringements were documented, revealing a pattern of systemic overreach. This database includes instances where data collection activities went beyond legal and ethical boundaries, highlighting a significant breach of trust between Google and its users. Legal and Ethical Implications Privacy Violations The extent of Google's data collection practices constitutes a severe violation of privacy. Users have a reasonable expectation that their interactions with technology, especially those involving sensitive information and minors, are safeguarded. The covert nature of these activities, as exposed by the internal documents, undermines this expectation and potentially contravenes various privacy laws. Consent and Transparency A fundamental principle of data protection is informed consent. Users must be fully aware o

New Post: #CYBERPOL Siting Alarm: #Google’s Secret Data Collection Practices Exposed - https://lnkd.in/dWJhzqpx Siting Alarm: Google’s Secret Data Collection Practices Exposed Introduction The digital landscape is perpetually evolving, with technology giants like Google at its forefront. However, a recent report by 404 Media has revealed that Google's practices might not be as benign as they seem. Leaked internal documents suggest that Google is engaged in extensive data collection activities, some of which encroach on user privacy in alarming ways. The implications of these revelations are far-reaching, prompting scrutiny from privacy advocates and raising questions about the role of law enforcement in the US and Europe in safeguarding digital rights. Google's Covert Data Collection Infiltration and Monitoring According to the 404 Media report, Google is not just passively collecting data through user interactions with its services but is actively infiltrating smartphones to gather a wide range of information. This includes recording phone calls, monitoring user behavior, and even capturing the voices of children through devices like smart speakers and voice assistants. The extent of this surveillance suggests a systematic approach to data collection, far beyond the scope of typical user consent agreements. The Nature of Collected Data The data being collected is comprehensive and intrusive. It encompasses: Voice recordings: Google's smart devices, including those marketed for family use, are capturing and storing voice recordings, including those of children. These recordings are often gathered without explicit consent or awareness. Phone call data: Information about phone calls, including metadata and possibly even content, is being monitored and stored. Behavioral data: User behavior, including browsing habits, location data, and interaction patterns with apps, is being meticulously logged. Internal Database Leak The leaked internal database that 404 Media obtained paints a stark picture of these practices. Thousands of privacy infringements were documented, revealing a pattern of systemic overreach. This database includes instances where data collection activities went beyond legal and ethical boundaries, highlighting a significant breach of trust between Google and its users. Legal and Ethical Implications Privacy Violations The extent of Google's data collection practices constitutes a severe violation of privacy. Users have a reasonable expectation that their interactions with technology, especially those involving sensitive information and minors, are safeguarded. The covert nature of these activities, as exposed by the internal documents, undermines this expectation and potentially contravenes various privacy laws. Consent and Transparency A fundamental principle of data protection is informed consent. Users must be fully aware o

New Post: #CYBERPOL Siting Alarm: #Google’s Secret Data Collection Practices Exposed - https://lnkd.in/deSXEkES Siting Alarm: Google’s Secret Data Collection Practices Exposed Introduction The digital landscape is perpetually evolving, with technology giants like Google at its forefront. However, a recent report by 404 Media has revealed that Google's practices might not be as benign as they seem. Leaked internal documents suggest that Google is engaged in extensive data collection activities, some of which encroach on user privacy in alarming ways. The implications of these revelations are far-reaching, prompting scrutiny from privacy advocates and raising questions about the role of law enforcement in the US and Europe in safeguarding digital rights. Google's Covert Data Collection Infiltration and Monitoring According to the 404 Media report, Google is not just passively collecting data through user interactions with its services but is actively infiltrating smartphones to gather a wide range of information. This includes recording phone calls, monitoring user behavior, and even capturing the voices of children through devices like smart speakers and voice assistants. The extent of this surveillance suggests a systematic approach to data collection, far beyond the scope of typical user consent agreements. The Nature of Collected Data The data being collected is comprehensive and intrusive. It encompasses: Voice recordings: Google's smart devices, including those marketed for family use, are capturing and storing voice recordings, including those of children. These recordings are often gathered without explicit consent or awareness. Phone call data: Information about phone calls, including metadata and possibly even content, is being monitored and stored. Behavioral data: User behavior, including browsing habits, location data, and interaction patterns with apps, is being meticulously logged. Internal Database Leak The leaked internal database that 404 Media obtained paints a stark picture of these practices. Thousands of privacy infringements were documented, revealing a pattern of systemic overreach. This database includes instances where data collection activities went beyond legal and ethical boundaries, highlighting a significant breach of trust between Google and its users. Legal and Ethical Implications Privacy Violations The extent of Google's data collection practices constitutes a severe violation of privacy. Users have a reasonable expectation that their interactions with technology, especially those involving sensitive information and minors, are safeguarded. The covert nature of these activities, as exposed by the internal documents, undermines this expectation and potentially contravenes various privacy laws. Consent and Transparency A fundamental principle of data protection is informed consent. Users must be fully aware o

🚀 Federal Government's Swift Action on Data Privacy: In a surprising move, the federal government displayed uncommon agility this month. Firstly, the FTC emphasized the sensitivity of browsing and location data, stating unequivocally, "Browsing and location data are sensitive. Full stop." Secondly, the House Committee on Energy and Commerce progressed two bills in response to President Biden’s executive order, aimed at safeguarding Americans’ data from foreign adversaries. 🛡️ FTC's Crackdown on Data Collectors: The FTC's recent actions and a blog post underscore its stance on browsing and location data. Notably, location data has long been a contentious issue due to its ability to reveal sensitive information about individuals. The FTC's enforcement actions, including fines against Avast, X-Mode, and InMarket, highlight the consequences of mishandling such data. 📈 TikTok and Data Privacy Bills Advance: Following President Biden’s directive, the House Committee on Energy and Commerce passed two bills addressing national security concerns and data privacy. One bill targets ByteDance, the parent company of TikTok, while the other seeks to prohibit data brokers from sharing sensitive American data with foreign governments. These initiatives have garnered bipartisan support and now head to the House floor. ⚠️ Implications for Marketers: The ripple effects of these developments extend far and wide. Marketers must proactively address data privacy concerns: - Assess data-sharing practices comprehensively. - Ensure transparency and ease of use in privacy practices. - Refine customer data strategies to minimize privacy and compliance risks. Read more here: https://lnkd.in/dMfy6zZJ Act now to navigate the evolving landscape of data privacy effectively. Unlock the power of data with Piwik PRO: 🎯Comprehensive data security: Safeguard your data with our robust security measures. 🎯User-centric analytics: Gain insights while respecting user privacy with our privacy-focused approach. 🎯Compliance made easy: Stay ahead of regulatory changes with our compliance-friendly analytics platform. #DataPrivacy #FTC #Legislation #TikTok #Marketers #PrivacyPractices #DataStrategy #hipaa #webanalytics

"Individually the incidents, most of which have not been previously publicly reported, may only each impact a relatively small number of people, or were fixed quickly. Taken as a whole, though, the internal database shows how one of the most powerful and important companies in the world manages, and often mismanages, a staggering amount of personal, sensitive data on people's lives." https://lnkd.in/dwahZcJb #Google #adtech #data #privacy

🌟 Flashback to 2018: The Facebook-Cambridge Analytica Scandal Shakes the World! 🌟 In one of the most controversial data privacy breaches of recent times, the Facebook-Cambridge Analytica scandal exposed the personal data of millions of Facebook users, raising global concerns about privacy and the misuse of data in political campaigns. 🌐🔐 🚀 What Happened? In 2018, it was revealed that Cambridge Analytica, a political consulting firm, harvested data from millions of Facebook profiles without user consent to influence voter behavior during the 2016 US elections and the Brexit referendum. The scandal exposed how easily data could be misused for political manipulation and ignited a worldwide debate on data privacy. 💥📊 🔍 The Details: Year: 2018 📅 Target: Facebook User Data 🌍 Attack Type: Data harvesting and misuse Data Compromised: Personal information from over 87 million Facebook users, including profile data, likes, and friend networks 🛡️ Discovery: The scandal came to light through investigative journalism, and Facebook later admitted its failure to protect user data. Cause: A third-party app, disguised as a personality quiz, collected data from users and their friends, which was later sold to Cambridge Analytica. 🔓💻 🔧 Remedies: 🛡️ Stricter Data Policies: Social media platforms must implement more robust privacy settings and ensure third-party apps cannot access sensitive data without explicit user consent. 👁️ Transparent Data Usage: Companies must disclose how user data is being collected and used, ensuring transparency and empowering users to make informed decisions. 📚 Breach Response: Swift responses are crucial. Companies must notify users promptly if their data is compromised, providing guidance on how to protect themselves. 🔑 Regulatory Oversight: Governments need to enforce stronger data protection laws like GDPR to hold companies accountable for privacy breaches. 🚨 User Education: Encourage users to be vigilant about the apps they use and regularly review privacy settings. The Facebook-Cambridge Analytica scandal had widespread consequences, including massive public outcry, legal actions, and a sharp decline in trust in Facebook. The scandal led to greater scrutiny of data practices by tech giants and paved the way for tighter regulations, such as the GDPR and the CCPA. 🖥️⚖️ 💬 How should companies balance data collection with user privacy? What can be done to prevent similar data misuse in the future? Share your thoughts in the comments! ⬇️ #CyberSecurity #CambridgeAnalytica #FacebookDataBreach #DataPrivacy #GDPR #InfoSec #StaySafeOnline #PrivacyMatters #UserProtection #DigitalRights #BigData #TechEthics #DataProtection #CyberAwareness #DigitalManipulation #DataBreachRecovery #RegulatoryCompliance