At a glance.
- Users received others' videos from Google Takeout at the end of November.
- Law firms' data held for ransom by the Maze gang.
- British councils expose citizens to tracking and targeted advertising.
- DoppelPaymer is the latest ransomware gang to steal and threaten to publish data.
Google Takeout inadvertently served up videos to the wrong accounts.
Google has been quietly warning affected users who requested a Google "download your data" export that included Google Photos. Between the 21st and 25th of November, Mountain View said, "some videos in Google Photos were incorrectly exported to unrelated user's archives." That is, you may have received someone else's videos. Google says it's fixed the problem, and it asks that affected users export their content again, and delete their previous export. ZDNet characterizes this, ambivalently and perhaps a little harshly, as making the users responsible for the deletion of Google's mistake. The Telegraph calls the misdirection of video files "an embarrassing blunder."
Extortionists hit five law firms with ransomware, first stealing, then encrypting, data.
In what's now the norm for the operators of Maze ransomware, criminals encrypted the data held by five US law firms, first exfiltrating the data to give them additional leverage over the victims. Nearly a million dollars in ransom is being demanded of each firm, Cointelegraph reports. Should the victims fail to pay, the extortionists intend to release the stolen data in stages.
The National Law Review notes two aspects of legal practice that render law firms particularly attractive targets of cyber criminals: attorneys hold a lot of sensitive personal information about their clients, and they rely heavily on email to manage their work. The article reviews the common security measures that can help manage these risks. For improved email security:
- Watch for involvement of email addresses associated with the firm in publicly disclosed breaches.
- Use password managers.
- Require multi-factor authentication.
- Use phishing awareness training programs.
- Don't use insecure WiFi.
- Report suspicious emails (and, one might add, don't click the links or open the attachments they carry).
For general hygiene:
- Update outdated software and hardware. Apply patches.
- Monitor email for links and executables (especially Office files with macros enabled).
- Use a managed security service provider.
Interactions of British citizens with local authorities' websites leads to tracking and targeted advertising.
TechCrunch has an account of a study conducted by browser privacy firm Brave that found widespread tracking of British citizens from their interactions with their council's websites. As Brave points out, it's difficult to avoid working with one's council. "People visit council websites to seek help and services. When you have a baby, move household, extend your house, get married or lose a loved one, UK law requires that you register these events with your council. Generally, you do so through the council website." Four-hundred-nine councils (that is, most of them) allow some form of user tracking, and one-hundred-ninety-eight of these use real-time bidding, a method of advertising that Brave says amounts to a data breach.
Brave's report is hardly an admission against interest, since the company after all sells a private browsing solution, but the findings suggest ways in which ordinary interactions with local governments can constitute a threat to privacy. They also indicate that official sites are doing a lot of hand-waving about user consent to data collection: a "scam" that's “insufficient to provide for free and informed consent."
DoppelPaymer ransomware gang gets into the doxing business.
DoppelPaymer is the latest ransomware gang to not just encrypt data, but to steal data as well. Data Breach Today points out that DoppelPaymer has now joined Maze and Sodinokibi in the new normal for ransomware. A ransomware attack should be considered a data breach until proved otherwise.