At a glance.
- BlackByte hits San Francisco 49ers.
- Hacktivists dox donors to Canadian vaccine protest movement.
- Texas sues Meta over Facebook facial recognition.
BlackByte steals the ball from US football team.
American football team the San Francisco 49ers disclosed this weekend it experienced “a network security incident that resulted in a temporary disruption to certain systems” impacting their corporate computer network. ZeroFox reports that BlackByte ransomware group has taken credit and has already begun releasing files allegedly stolen in the attack on their leak site on the dark web. So far, no ransom demand has been confirmed, but the BlackByte operation has been known to resort to double-extortion tactics in the past. Though the means of intrusion has not been disclosed, BlackByte has historically infiltrated Windows-based networks by exploiting vulnerabilities in the ProxyShell Microsoft Exchange Server. Adding insult to injury, the attack took place on the eve of the Super Bowl, which the 49ers lost the opportunity to complete in just a few weeks before. Perhaps the attackers were disappointed fans.
Hacktivists dox GiveSendGo donors.
Vice reports that Christian crowdfunding site GiveSendGo was hacked on Sunday, and the perpetrators have released the personal info of over 92,000 of the site’s donors. GiveSendGo has become a leader in crowdfunding for extremist groups like the Proud Boys, QAnon conspiracy theorists, and supporters of the January 6 insurrection after mainstream sites like GoFundMe refused to support their efforts, and the site gained recent notoriety for raising $8.7 million for a controversial “freedom convoy” protesting vaccination efforts in Canada. The doxxed data includes donors’ full names, email addresses, and location, and an extremism researcher found that although most of the donors are American or Canadian, thousands hail from other countries including the UK, Australia, and Ireland. Notable donors include American software billionaire Thomas Siebel, an individual with a verified US Department of Justice email address, and others claiming to work for NASA, the Federal Bureau of Prisons, and the Transportation Security Administration. The hackers behind the doxxing have not yet revealed themselves, but they clearly have a sense of humor, as visitors to the site on Sunday were redirected to the URL GiveSendGone[.]wtf. There, they were treated to a clip from the animated movie Frozen and a message reading “On behalf of sane people worldwide who wish to continue living in a democracy, I am now telling you that GiveSendGo itself is now frozen,” a reference to the fact that on Friday the Superior Court of Justice in Ontario granted a restraining order (that GiveSendGo ignored) declaring that the protesters’ funds be frozen. As of Monday morning, GiveSendGo’s website was offline, bearing the message, “Application is under maintenance, we will be back very soon.”
Meta faces lawsuit for alleged misuse of facial-recognition tech.
On Monday, the Texas attorney general filed a suit against Facebook parent company Meta claiming that the company’s (now discontinued) use of facial-recognition technology resulted in “tens of millions of violations” of the state’s privacy laws, which requires individuals’ consent for the use of their biometric data. Texas Attorney General Ken Paxton stated, “Facebook has been secretly harvesting Texans’ most personal information—photos and videos—for its own corporate profit…Texas law has prohibited such harvesting without informed consent for over 20 years.” The Wall Street Journal notes that the lawsuit is seeking hundreds of billions of dollars in civil penalties. Meta released a statement saying the claims “are without merit,” explaining that users were always notified of the use of the facial recognition system and given the opportunity to consent to its use. John Davisson, senior counsel at research and advocacy group the Electronic Privacy Information Center, said the case demonstrates the need for states and individuals to fight for privacy protections. “We can’t count on Congress and even the FTC [Federal Trade Commission] to be on top of every data abuse,” Mr. Davisson said. “It’s important that there be other avenues.” In 2015, Facebook faced a similar lawsuit in Illinois and settled for approximately $650 million.