The first major data breach of the year comes from one of the biggest tech companies in the world: Microsoft. Get the details on the exposed server, as well as some other important tech stories, in this week’s data privacy recap.
Microsoft Security Shocker As 250 Million Customer Records Exposed Online
Less than a month into 2020, another massive data breach hit the news cycle this past week. 250 million Microsoft customer records were left in an online database without password protection. An investigation by the Comparitech security research team uncovered five servers containing the records. These records contain customer service and support logs from conversations between Microsoft support agents and customers all over the world. Although it’s unclear how long the server was left vulnerable, reports indicate that the records contained within span from 2005 to 2019. Those records contained customer email addresses, IP addresses, geographical locations, descriptions of the customer service and support claims and cases, and other bits of information. Fortunately, Bob Diachenko, a prominent member of the Comparitech security research team, spotted this error. “I immediately reported this to Microsoft, and within 24 hours, all servers were secured,” Diachenko said.
UK cracking down on child data privacy
A new set of privacy standards was issued this past week in the UK, specifically focused on children’s data. The main focus of the regulations is limiting online platforms’ ability to pressure minors into revealing personal information about themselves. These sites include social media platforms, onlines games, and various other sites. “There are laws to protect children in the real world — film ratings, car seats, age restrictions on drinking and smoking. We need our laws to protect children in the digital world too,” Information Commissioner Elizabeth Denham said. “In a generation from now, we will look back and find it astonishing that online services weren’t always designed with children in mind.” A common practice amongst these platforms is to show preference to the more lax security setting by making them default or by making the other selections harder to find. This feature, along with prohibiting the sharing of a minor’s location for behavior-based advertising are some of the main features of the new standards. There are 15 rules in all, and you can find more information on them here.
Mastercard and The Rockefeller Foundation Announce data.org
A new partnership between The Rockefeller Foundation and The Mastercard Center for Inclusive Growth was announced this past week. The result is a website called data.org, and it’s being described as a platform committed to building the field of data science to benefit society. This venture is part of a $50 million philanthropic commitment that the two organizations made last year. Allocate resources and helping crowdsource sustainable data science solutions for nonprofit and government orgs is a major focus of the initiative. By giving non-profit organizations training resources, access to data sets and open-sourced tools, these organizations will be able to use the power of data insights and analytics to enhance their efforts. “Our commitment to building the field of data science is rooted in the belief that data-driven insights can deliver transformational change that improves the lives of vulnerable people and helps solve the world’s most pressing challenges,” said Michael Froman, vice chairman of Mastercard. “We must make sure that even as people have unprecedented access to technology, we don’t allow a new digital divide to emerge.”
Tinder’s New Panic Button Is Sharing Your Data With Ad-Tech Companies
Likely in an attempt to improve the reputation it’s gleaned over the years, Tinder added a “panic button” feature to the app this week. The button quickly connects users with an emergency responder. This new feature comes as a result of a partnership with Noonlight, and allows the user to easily communicate details about their date and current location should anything troublesome occur. Unfortunately, the Noonlight app that makes this feature come to life is not nearly as secure as Tinder itself. And after a rudimentary examination by Gizmodo, the app was found to be sending information to Facebook and Youtube, likely for profit. And those are just the recipient companies that were explicitly named. Among the several unnamed companies receiving that data, there could be predatory parties at work. One of these parties is a company called Kochava, an app that openly partners with hundreds of advertising companies. It’s hard to believe that all of those partners are restricted from accessing that data.
What do you think was the most important data story of the week? Reach out to us on social media and let us know.