The popular social media app announced the launch of a new online data privacy center to help educate users about the company’s policies. Users will also be able to adjust settings and take advantage of other helpful features. Read on for this week’s data privacy recap.
Twitter Centralizes Data Protection Communication
In a grand gesture, Twitter announced this week that they will launch a new central online resource for all things data privacy and protection. The site has been dubbed the Twitter Privacy Center, and it’ll contain all of the documentation of Twitter’s privacy policies and initiatives. Any new announcements and products related to privacy will also show up here, as well as notifications about security incidents should they occur.
Although this gesture doesn’t constitute a major development for the company in terms of the website’s operating procedure, it does show a move towards increased transparency that ought to be commended. The new site also highlights a key distinction: Twitter and Twitter International. Since the passage of the General Data Protection in the E.U., privacy standards are no longer consistent around the globe. For that reason, Twitter now must offer a different set of controls outside of the United States.
Mozilla Pulls Four Firefox Add-ons
One of the beautiful aspects of the democratic nature of the internet is that savvy software engineers can create add-ons and extensions for existing software. This aspect is unfortunately also an opportunity for malicious developers to discreetly take advantage of the general public via data collection. Mozilla announced a crackdown this week on four of these malicious extensions for Firefox in particular: Avast’s Online Security and SafePrice, and their AVG-branded equivalents.
The attachments were found to be holding specific site addresses and search history. The logs even showed what users clicked on, the number of open tabs in the browser, and even more granular search information. Once the issue was formally reported to Mozilla on December 2nd, the developer pulled all four extensions within 24 hours. The extensions also violate Google’s policies, but have yet to be removed from Chrome.
Massive Trove of Personal Data Leaked
This week another bombshell dropped in the world of data breaches: more than 1.2 billion people were exposed on the Dark Web. The breach was discovered by Bob Diachenko and Vinny Troia, two prominent security researchers. In addition to being massive in terms of sheer volume, the scope of the exposed data is frightening as well. The data includes email addresses, LinkedIn and Facebook information, and phone numbers. When pieced together, these data points create a web of information about all of the people involved, putting them at risk. As of now, researchers aren’t exactly sure how this data leaked or who was responsible.
A comment from Anurag Kahol, CTO of Bitglass, summarizes the incident in a concise way. “This unsecured database is one for the record books. Impacting 1.2 billion records, it is one of the largest leaks we have ever seen. Names, email addresses, and phone numbers, along with other social media profile information, were left public facing. It is currently unknown who owns this database; however, they will surely face significant repercussions from regulatory bodies as well as the general public. There is no excuse for negligent security practices such as leaving databases exposed.”
Sprint, AT&T, Verizon, and T-Mobile Customers Hit with Breach
In other data breach news, an unsecured Amazon Web Services server left the data of hundreds of thousands of users out in the open. The data included names, addresses, phone numbers, and call histories. In addition, some unlucky users had their login information exposed, including passwords and usernames. It’s not yet clear whether hackers accessed the information while it was out in the open, but hopefully some light will be shed on that situation soon enough.
It turns out that the server was owned by a third-party contractor working with Sprint called Deardorff Communications, which was facilitating a Sprint promotion that allowed people with other providers to compare their phone bill to Sprint’s prices. According to Sprint, every customer impacted by this incident will be notified immediately. It’s not yet clear, however, whether that communication will come through Sprint or Deardorff Communications. If you participated in the promotion, or just want to be sure, contacting Sprint directly is the move.
What do you think was the most important data story of the week? Leave us a comment below.
Stay in-the-know with the top data news brought to you by BIGtoken at the start of every week.