Welcome to another edition of CurePrivacy.
Facebook caused a lot of upheaval over the past two weeks with their planned WhatsApp policy changes. The policy changes were almost introduced with a "dictator-ish" attitude of "accept our terms or else". There were (and still are) a lot of objections to the new policies, and rightly so. The pressure was so bad that Facebook decided to postpone the cut-off date for the acceptance of the policy changes to May this year.
And as a result of these policy changes other messaging apps like Signal and Telegram grew by millions of users within a couple of days. Signal grew so hard that it experienced outages for a short period.
More and more people are realizing that big tech companies like Facebook have too much power and influence over society. The toxic effect of social media platforms like Facebook and Twitter is becoming clearer by the day (maybe the US Capitol storming was an eye-opener for people still on the fence). A lot of people are realizing that giving Facebook "even" more freedom with their data is not a good idea.
Although the days of WhatsApp are far from counted, it's a positive sign that Facebook realized it can't just make any policy changes and expect everyone to happily comply. A small, yet significant, victory for privacy.
In the news
I looked at all the ways Microsoft Teams tracks users and my head is spinning
If you are working from home these days and are required to use Microsoft Teams this article is a real eye-opener about the data that Microsoft is able to gather through Teams. In the name of business efficiency and monitoring employee output rigorously, Microsoft plays jump rope with the borders of privacy when it comes to data collection of its users. And worst of all, there is no real opt-out option for all this tracking. Read the full article here.
Windows Finger command abused by phishing to download malware
Attackers are using the normally harmless "Windows Finger" command to download and install a malicious backdoor on victims' devices. It is usually done by sending a phishing email containing an MS Word document containing a macro. When a victim clicks on the 'Enable Editing' or 'Enable Content' buttons, a password protected macro will be executed to download the MineBridge malware and run it. Be aware of all phishing emails - read the full article here.
Millions of Social Profiles Leaked by Chinese Data-Scrapers
The public and private profile data of about 214 million social media users have been leaked by a Chinese social media management company, SocialArks. The leak happened due a misconfigured ElasticSearch cluster. The data itself, scraped from Facebook, Instagram and LinkedIn, was also obtained in an unethical manner violating the T's & C's of the abovementioned social media companies. Read the full article here.
Ubiquiti tells customers to change passwords after security breach
Networking equipment and IoT device vendor, Ubiquiti Networks, has sent out notification emails to its customers informing them of a recent security breach. Data that was leaked includes names, email addresses, password hashes, home addresses and phone numbers. It is still unclear how many users are affected by this breach. If you have an account on UI.com it is time for a password change. Read the full article here.
Capcom confirms at least 16,000 people affected by Nov. data breach
The number of people that have been affected by the Capcom data breach rose significantly over the past months. People whose personal data was definitely taken is primarily made up of Capcom business partners and current and former employees, who had their name, email address, and other contact information revealed. Fortunately, credit card details are handled by a third-party provider and have not been leaked. Read the full article here.
Cryptography in Layman's Terms
This is an interesting post by Alex from Portabella explaining various cryptography concepts in plain language. With simple, real-world examples you might get a better understanding of what some "buzz words" in the cryptography world means. Check it out here.
It is impossible to protect yourself against all data breaches. Unfortunately, it's part of life and no company is perfect. But, one simple way to prevent a single data breach from compromising all your other online activities is to use a password manager and generate a unique strong password for each site individually. Then, when one password gets exposed your other accounts will still be secured with different passwords.
Thanks for reading! If you enjoy reading this newsletter please share it with anyone that might find it valuable.
Have some feedback? Let me know here.
If you want to support this newsletter you can buy me a coffee :)