This month we discuss Facebook trying to cover up your data being breached, another social media giant trying to make you look elsewhere, a decision by a German authority which could stop us all using American services, and the potential for hackers to read your WhatsApp messages.
Personal data of 533 million Facebook users leaked online!
Personal data of more than 500 million Facebook users has been made public for free on a hackers’ forum. Details include phone numbers, Facebook IDs, full names, locations, birthdates, bios and email addresses.
We strongly recommend to check whether your details have been compromised on Have I Been Pwned. We are monitoring the company email addresses for all Naq customers but it is very important that you also check your personal email addresses and mobile numbers.
What if you find out that your details have been compromised? Make sure to change your password for all compromised sites, use a password manager (like LastPass) to create a unique and strong password, activate two-factor authentication and watch out for spam! This breach included a lot of mobile numbers so we have seen a big increase in the number of spam calls and messages. Make sure that if you receive any unexpected call or SMS that you double check with the organisation they are apparently representing.
You won’t be able to rely on Facebook for any help. They have stated they will not inform any users who have been impacted by the breach which is pretty outrageous. This will not help their case with the Irish Data Privacy Regulator who has launched a formal GDPR breach investigation into Facebook.
Is your LinkedIn information also being sold online?
“Though not technically a data breach” according to LinkedIn, LinkedIn has confirmed that personal information from half a billion users is being sold online. This information contains names, email addresses and phone numbers, so LinkedIn saying that there is no data breach, is just completely WRONG !!!
Even if information is freely available online, the fact that it is being sold online by people who have obtained the information through illegitimate means (like scraping the internet) is enough for it to constitute a data breach. Just because data was not obtained via exploiting a vulnerability (aka hacking) doesn’t mean that organisations can just wash their hands of the entire thing.
If LinkedIn does not notify the data protection authority and users, it is in a serious breach of the GDPR and can expect a fine of up to 20 million euro or 4% of its global turnover.
As with all breaches of this nature, be on the lookout for any suspicious emails and pay extra attention to the information you are putting on social media platforms and ensure that your security settings are turned up to 11.
Full article: https://www.theverge.com/2021/4/8/22374464/linkedin-data-leak-500-million-accounts-scraped-microsoft
Bavarian DPA ordered a company to stop using Mailchimp
The Bavarian Data Protection Authority has ordered a company to stop using Mailchimp as long as it hadn’t taken adequate protective measures to ensure compliance for the Germany – US data transfer. Since Mailchimp does seem to rely on SCC’s, this decision from the Bavarian DPA is surprising.
This decision is a consequence of the Schrems II decision where the European Court of Justice (ECJ) decided that the EU-US privacy shield was insufficient to justify a third-country data transfer under the GDPR.
If you use American or other third-country cloud providers (such as Google, Hubspot, Mailchimp, Amazon etc.) to host or otherwise process personal data from EU citizens or residents, you have to make sure they take adequate measures, which can be in one of three forms: Standard Contractual Clauses (SCC’s), Binding Corporate Rules (BCR’s) or that there is an adequacy decision for the European Commission for the third-country. We talk about SSCs in a lot of detail in our GDPR after Brexit blog.
Hackers could be reading your WhatsApp messages
Facebook (sorry, them again) have released a patch fixing two vulnerabilities with WhatsApp for Android which could have allowed hackers to run malware on your phone and possibly steal your messages.
The exploit was possible by exploiting a vulnerability in out of date versions of Android. This again demonstrates the importance of making sure you update both your phone’s operating system and all the apps on it as soon as they are released. Hackers are constantly trying to figure out ways to exploit your mobile phone so don’t give them the opportunity.