Forwarded from BlackBox (Security) Archiv
Epic privacy fail: WeTransfer shared its users' files with the wrong people
Sharing files using the cloud is very convenient, but understandably, some people are hesitant to do so with sensitive or private information. These privacy-conscious folks may be looked at as "paranoid" by some, but you know what? As more and more breaches occur, it is becoming harder to trust the cloud with files. And so, the "tinfoil hat" wearers start to look quite sensible.
As an example, popular cloud-based file-sharing service WeTransfer has failed in epic fashion. You see, the company not only shared files with the intended recipients, but with random strangers too! Yes, that private information you didn't want seen by anyone other than your intended audience may have been viewed by the wrong person. Good lord.
The file sharing service sent the following email to impacted users:
"Dear WeTransfer user,
We are writing to let you know about a security incident in which a number of WeTransfer service emails were sent to the wrong people. This happened on June 16th and 17th. Our team has been working tirelessly to correct and contain this situation and find out how it happened.
We have learned that a transfer you sent or received was also delivered to some people it was not meant to go to. Our records show those files have been accessed, but almost certainly by the intended recipient. Nevertheless, as a precaution we blocked the link to prevent further downloads.
As your email address was also included in the transfer email, please keep an eye out for any suspicious or unusual emails you receive.
We understand how important your data is and never take your trust in our service for granted. If you have any questions or concerns, just reply to this email to contact our support team.
The WeTransfer Team"
Well, it doesn't get much worse than that, folks. I mean, look, WeTransfer had one job -- share files with the correct friggin' people! Moving forward, it will be very hard for users to trust the company. Hell, they even exposed the sender's email address, which can lead to spam and phishing attempts too. Sigh.
Are you a WeTransfer user? Will you stop using the service as a result of this blunder?
UPDATE: After BetaNews broke this news, WeTransfer shared more details on their website here. The company says it has forced some users to change passwords, meaning login credentials may have been stolen, but not definitely. They have also contacted authorities, signaling this may not be an accident, but a criminal breach.
https://wetransfer.pr.co/178267-security-notice
https://betanews.com/2019/06/21/wetransfer-fail/
#WeTransfer #sharing #cloud #privacy #breach
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Sharing files using the cloud is very convenient, but understandably, some people are hesitant to do so with sensitive or private information. These privacy-conscious folks may be looked at as "paranoid" by some, but you know what? As more and more breaches occur, it is becoming harder to trust the cloud with files. And so, the "tinfoil hat" wearers start to look quite sensible.
As an example, popular cloud-based file-sharing service WeTransfer has failed in epic fashion. You see, the company not only shared files with the intended recipients, but with random strangers too! Yes, that private information you didn't want seen by anyone other than your intended audience may have been viewed by the wrong person. Good lord.
The file sharing service sent the following email to impacted users:
"Dear WeTransfer user,
We are writing to let you know about a security incident in which a number of WeTransfer service emails were sent to the wrong people. This happened on June 16th and 17th. Our team has been working tirelessly to correct and contain this situation and find out how it happened.
We have learned that a transfer you sent or received was also delivered to some people it was not meant to go to. Our records show those files have been accessed, but almost certainly by the intended recipient. Nevertheless, as a precaution we blocked the link to prevent further downloads.
As your email address was also included in the transfer email, please keep an eye out for any suspicious or unusual emails you receive.
We understand how important your data is and never take your trust in our service for granted. If you have any questions or concerns, just reply to this email to contact our support team.
The WeTransfer Team"
Well, it doesn't get much worse than that, folks. I mean, look, WeTransfer had one job -- share files with the correct friggin' people! Moving forward, it will be very hard for users to trust the company. Hell, they even exposed the sender's email address, which can lead to spam and phishing attempts too. Sigh.
Are you a WeTransfer user? Will you stop using the service as a result of this blunder?
UPDATE: After BetaNews broke this news, WeTransfer shared more details on their website here. The company says it has forced some users to change passwords, meaning login credentials may have been stolen, but not definitely. They have also contacted authorities, signaling this may not be an accident, but a criminal breach.
https://wetransfer.pr.co/178267-security-notice
https://betanews.com/2019/06/21/wetransfer-fail/
#WeTransfer #sharing #cloud #privacy #breach
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Airbnb’s Chinese data policies reportedly cost it an executive
Chief trust officer Sean Joyce left in 2019 — reportedly over data sharing with China
Airbnb’s chief trust officer Sean Joyce left the company after just six months in 2019 because the former FBI deputy director took issue with the company’s data sharing practices in China, according to a report in The Wall Street Journal.
For years, Airbnb has disclosed that it shares information such as phone numbers and email addresses with the Chinese government when a user books a rental in China. That happens whether the user is a Chinese citizen or a foreign visitor — a policy that’s required from all hospitality businesses operating in the country. Joyce, who Airbnb hired in May 2019 to protect the platform’s users, was concerned with Airbnb’s willingness to share data. Joyce also objected to the scope of the data shared, such as messages sent between guests and hosts, The Wall Street Journal reports. He feared it could allow the Chinese government to track foreign visitors and its own citizens.
https://www.theverge.com/2020/11/20/21585500/airbnb-trust-officer-resignation-privacy-concerns-china-data-sharing
#airbnb #china #data #sharing #privacy
Chief trust officer Sean Joyce left in 2019 — reportedly over data sharing with China
Airbnb’s chief trust officer Sean Joyce left the company after just six months in 2019 because the former FBI deputy director took issue with the company’s data sharing practices in China, according to a report in The Wall Street Journal.
For years, Airbnb has disclosed that it shares information such as phone numbers and email addresses with the Chinese government when a user books a rental in China. That happens whether the user is a Chinese citizen or a foreign visitor — a policy that’s required from all hospitality businesses operating in the country. Joyce, who Airbnb hired in May 2019 to protect the platform’s users, was concerned with Airbnb’s willingness to share data. Joyce also objected to the scope of the data shared, such as messages sent between guests and hosts, The Wall Street Journal reports. He feared it could allow the Chinese government to track foreign visitors and its own citizens.
https://www.theverge.com/2020/11/20/21585500/airbnb-trust-officer-resignation-privacy-concerns-china-data-sharing
#airbnb #china #data #sharing #privacy
WSJ
WSJ News Exclusive | Airbnb Executive Resigned Last Year Over Chinese Request for More Data Sharing
Hired last year as the home-sharing giant’s first “chief trust officer,” former FBI official Sean Joyce left six months later over concerns about how Airbnb shared data on millions of its users with Chinese authorities.
Your 'smart home' is watching – and possibly sharing your data with the police
Smart-home devices like thermostats and fridges may be too smart for comfort – especially in a country with few laws preventing the sale of digital data to third parties
You may have a roommate you have never met. And even worse, they are nosy. They track what you watch on TV, they track when you leave the lights on in the living room, and they even track whenever you use a key fob to enter the house. This is the reality of living in a “smart home”: the house is always watching, always tracking, and sometimes it offers that data up to the highest bidder – or even to police.
This problem stems from the US government buying data from private companies, a practice increasingly unearthed in media investigations though still quite shrouded in secrecy. It’s relatively simple in a country like the United States without strong privacy laws: approach a third-party firm that sells databases of information on citizens, pay them for it and then use the data however deemed fit. The Washington Post recently reported – citing documents uncovered by researchers at the Georgetown school of law – that US Immigration and Customs Enforcement has been using this very playbook to buy up “hundreds of millions of phone, water, electricity and other utility records while pursuing immigration violations”.
https://www.theguardian.com/commentisfree/2021/apr/05/tech-police-surveillance-smart-home-devices
#smarthome #data #sharing #privacy #surveillance
Smart-home devices like thermostats and fridges may be too smart for comfort – especially in a country with few laws preventing the sale of digital data to third parties
You may have a roommate you have never met. And even worse, they are nosy. They track what you watch on TV, they track when you leave the lights on in the living room, and they even track whenever you use a key fob to enter the house. This is the reality of living in a “smart home”: the house is always watching, always tracking, and sometimes it offers that data up to the highest bidder – or even to police.
This problem stems from the US government buying data from private companies, a practice increasingly unearthed in media investigations though still quite shrouded in secrecy. It’s relatively simple in a country like the United States without strong privacy laws: approach a third-party firm that sells databases of information on citizens, pay them for it and then use the data however deemed fit. The Washington Post recently reported – citing documents uncovered by researchers at the Georgetown school of law – that US Immigration and Customs Enforcement has been using this very playbook to buy up “hundreds of millions of phone, water, electricity and other utility records while pursuing immigration violations”.
https://www.theguardian.com/commentisfree/2021/apr/05/tech-police-surveillance-smart-home-devices
#smarthome #data #sharing #privacy #surveillance
the Guardian
Your 'smart home' is watching – and possibly sharing your data with the police | Albert Fox Cahn and Justin Sherman
Smart-home devices like thermostats and fridges may be too smart for comfort – especially in a country with few laws preventing the sale of digital data to third parties
Spanish ISPs Blocked 869 Domains & Subdomains in 2021 To Prevent Sharing
(Use i2p, Tor, DNS, VPN... 😎)
Following the signing voluntary code of conduct between rightsholders and internet service providers in Spain, the government is now reporting on the first year's results. Overall, the vast majority of providers took action to render 869 domains and subdomains inaccessible to subscribers, with the aim of preventing illegal access to millions of movies, TV shows, videogames and ebooks.
https://torrentfreak.com/spanish-isps-blocked-869-domains-subdomains-in-2021-to-prevent-piracy-220130/
#sharing #p2p #torrent #spain
(Use i2p, Tor, DNS, VPN... 😎)
Following the signing voluntary code of conduct between rightsholders and internet service providers in Spain, the government is now reporting on the first year's results. Overall, the vast majority of providers took action to render 869 domains and subdomains inaccessible to subscribers, with the aim of preventing illegal access to millions of movies, TV shows, videogames and ebooks.
https://torrentfreak.com/spanish-isps-blocked-869-domains-subdomains-in-2021-to-prevent-piracy-220130/
#sharing #p2p #torrent #spain