At a glance.
- Privacy experts raise their voices about the dangers of voice-assisted tech.
- MailChimp swiftly responds to data breach.
Privacy experts raise their voices about the dangers of voice-assisted tech.
Voice-assisted technology has become increasingly prevalent in products used every day in homes and companies across the world, and it raises important questions about how information gleaned from our voices can and should be used. A survey conducted by trade publication Modern Materials Handling last year found that 39% of warehouse companies use voice-assisted technology, an increase from 21% the year prior. Voice-assisted tech can increase the efficiency of warehouse workers and give Alexa a better understanding of what her human masters are asking of her, but privacy experts say these innovations come at a cost. In the wrong hands, voice data can be used to fuel a host of nefarious activities.
Marc Rotenberg, founder and executive director for the nonprofit Center for AI and Digital Policy, told ABC News, "This has become a real issue as more and more people are using voice-activated devices like Alexa and Siri. There's a ticking time bomb with the collection of voice recordings."
Privacy advocates say voice-assisted products could be gathering more data than users realize, which companies can then use for targeted marketing or sell to advertisers for profit. Just last week, grocery chain Whole Foods agreed to a $300,000 settlement over allegations that a voice-assisted product used to track worker productivity at a Chicago warehouse had recorded employees' voices without their consent. The US currently has no federal legislation regulating the use of voice data, and so far, only four states (California, Texas, Washington and Illinois) have passed laws pertaining to its collection. Joseph Turow, a professor at University of Pennsylvania's Annenberg School for Communication and author of "The Voice Catchers: How Marketers Listen In to Exploit Your Emotions, Your Privacy and Your Wallet,” commented, "As we move into a world where people use voice over typing in their everyday lives, marketers want to know: What can I get out of the voice of this person?"
MailChimp swiftly responds to data breach.
Email marketing firm MailChimp has confirmed it experienced a data breach after hackers infiltrated an internal customer support and account administration tool. The attackers accessed the data of 133 users by using employee credentials acquired in a social engineering attack aimed at MailChimp staff and contractors. The company first detected an unauthorized individual accessing their system support tools on January 11. Fortunately, MailChimp was able to act quickly, temporarily suspending the accounts where suspicious activity was logged and notifying the primary contacts for all impacted accounts less than twenty-four hours after the breach was discovered. Though the number of affected customers is small, one of them was the popular WooCommerce eCommerce plugin for WordPress, which warned users that the incident exposed their names, store URLs, addresses, and email addresses. MailChimp told Bleeping Computer, “While we do not share customer information as a matter of course, we can share that no credit card or password information was compromised as a result of this incident.” An investigation is ongoing.
MailChimp's response strikes some observers as setting a good example for businesses generally. Dr. Ilia Kolochenko, Founder of ImmuniWeb, and a member of Europol Data Protection Experts Network, wrote to comment on the company's reaction. It's not a large incident, but MailChimp disclosed unusually quickly and completely.
“The unauthorized access to 133 customer accounts is a very insignificant security incident for such a large company as Mailchimp. Transparent disclosure of the incident rather evidences a well-established DFIR process and high standards of ethics at Mailchimp, as most businesses of q similar size will likely try to find a valid excuse to avoid mandatory disclosure prescribed by law or imposed by contractual duties. The reported attack vector of social engineering and password reuse remains extremely efficient today, many large businesses regularly fall victim to it despite multilayered cyber-defense and most advanced security controls. Moreover, the reportedly compromised account of a technical support specialist likely had access to a much larger number of customer accounts, evidencing that the incident was timely detected and contained.”