ComputerWeekly reports, citing Mimecast research, that extortionists are exploiting consumer jitters about home security systems to email people with claims that their Nest cameras have captured video of them in intimate compromising situations, and that they, the extortionists, have it. The emails are scams, sent to addresses scraped from various sources and used in spray-and-pray spamming.
Facebook says it's rolling out a new feature that will notify users when their data are being shared with third parties. The feature, "Logins Notification," will remind users of what they're doing when they use Facebook to log into a third-party service, according to Gizmodo.
Families of deployed US paratroopers are receiving harassment in social media. The source is unclear, the Military Times reports, but it represents itself as being carried out on behalf of Iran. The 82nd Airborne Division deployed its 1st Brigade Combat Team to Kuwait early this month in response to increased tension in the region. The Division is briefing family members back in Fort Bragg and Fayetteville, North Carolina, on how to stay safe online, and on how to respond to threats made in social media. There are signs, Military Times says, that the Division’s Morale, Welfare, and Recreation network--a communications network that supports soldiers and their families in ways its name suggests--had been compromised, and that hostile actors had used personal information gained from that compromise to threaten or otherwise frighten families. Again, it's unclear who's responsible, and it's at least as likely to be freelancing hacktivists as it is to be the Iranian government. But one lesson is that a great deal of damage can be done when low-level networks are compromised.
The California Consumer Privacy Act, a Golden State version of GDPR that took effect this month, seems to be having some unintended consequences as companies work toward complying with the law, the New York Times observes. The basic problem is this: to get control of your data you have to prove that the data are yours, and that you are who you say you are. The need for companies to verify whom they're dealing with has led them to collect more sensitive personal information, and to do so in fundamentally insecure ways. One representative method: take a selfie and submit it along with a picture of a government issued photo ID.
An app designed to record as many aspects as possible of your baby's pre-natal life, "Peekaboo Moments," developed by Bithouse, Inc., is lashed up to an unsecured and thus insecure database, Naked Security warns. Security firm Twelve Security found the database, which is hosted by Singapore-based Alibaba Cloud. To baby's first steps, and baby's first words, you can now add, Naked Security says, "Baby’s First PII Breach."