At a glance.
- Facebook faces Australian privacy suit.
- New South Wales breach seems less extensive than initially feared.
- US Senators call for transparency in the impact of the SolarWinds compromise on the Treasury Department.
- Malicious browser extensions steal user data.
Australia suing Facebook over user privacy concerns.
Facebook is being fined by the Australian Competition and Consumer Commission (ACCC) for advertising a virtual private network (VPN) as a privacy measure and then using the customer data for marketing purposes, reports iTNews. This comes on the heels of the US Federal Trade Commission (FTC) suing the social media giant for anti-competitive practices and endangerment of user privacy, as the CyberWire reported last week. The ACCC’s focus, however, is solely on changing Facebook’s handling of user data, as evidenced by an additional suit it’s currently filing concerning Facebook’s use of consumer info submitted for a Cambridge Analytica-run personality test. Facebook, who pulled the VPN product in 2019, claims they were always transparent about how the product would be used.
Australian government may have overestimated impact of breach.
The Sydney Morning Herald reports that Service NSW, an Australian government agency that helps individuals and businesses access New South Wales government services, has admitted that a breach they originally thought impacted over 180,000 individuals actually only affected about 100,000. Approximately 25,000 people were incorrectly told their information was compromised when forty-seven employee emails were hijacked in April. The agency has issued an apology, and the updated numbers will be included in the official breach report expected to be released by the Auditor-General on Friday.
US Senators demand transparency on recent Treasury breach.
Cyberscoop reports that US senators are pressuring the US Treasury Department to supply further details on the recent data breach that compromised the agency’s data, possibly linked to the SolarWinds supply chain attack that is rippling through the public and private sector. Sherrod Brown of Ohio and Ron Wyden of Oregon submitted a letter to Treasury Secretary Steven Mnuchin asking whether the US plans to sanction the threat actors responsible, and inquiring about exactly how the breach will affect the US economy. The Treasury Department has been very tightlipped so far, deferring all questions to the White House’s National Security Council, who has simply acknowledged that they are investigating the breach and exploring countermeasures.
Malicious browser extensions stealing user data.
Researchers at Avast Threat Intelligence have found that malware-infected Chrome and Edge browser extensions are available on the Chrome Web Store and the Microsoft Edge Add-ons portal, reports Bleeping Computer. At first glance the extensions, which have over three million installs so far, appear to be ordinary add-ons for popular online platforms like Instagram and Facebook. Instead any “the extensions send information about the [each user] click to the attacker’s control server, which can optionally send a command to redirect the victim from the real link target to a new hijacked URL before later redirecting them to the actual website they wanted to visit," Avast’s report explains. Microsoft and Google are investigating the issue, but in the meanwhile, Avast has released a full list of the extensions in question.