- Prince William allegedly received ‘very large sum’ over phone hacking scandal | 9 News Australia 9 News Australia
- Prince Harry Dropped a Bombshell About Prince William That Should Have Everyone Questioning the Royal Family’s Close Ties to the Media Yahoo Life
- Prince William SETTLED Prince Harry phone-hacking case for ‘very large sum’ in 2020 | Royal latest GBNews
- As Prince Harry battles the press, why have the other royals given up the fight? The Guardian
- Prince Harry claims Murdoch newspapers paid ‘large sum’ to settle William hacking claim CNN
- View Full Coverage on Google News
Tag Archives: hacking
Prince Harry claims Murdoch newspapers paid ‘large sum’ to settle William hacking claim – CNN
- Prince Harry claims Murdoch newspapers paid ‘large sum’ to settle William hacking claim CNN
- Prince William SETTLED Prince Harry phone-hacking case for ‘very large sum’ in 2020 | Royal latest GBNews
- As Prince Harry battles the press, why have the other royals given up the fight? The Guardian
- Prince Harry Dropped a Bombshell About Prince William That Should Have Everyone Questioning the Royal Family’s Close Ties to the Media Yahoo Life
- Prince William paid settlement by Rupert Murdoch in phone hacking case The Washington Post
- View Full Coverage on Google News
Prince Harry Accuses Royal Institution of “Withholding Information” from Him in Phone Hacking Case – Harper’s BAZAAR
- Prince Harry Accuses Royal Institution of “Withholding Information” from Him in Phone Hacking Case Harper’s BAZAAR
- Prince Harry’s surprise court appearance for privacy suit against UK tabloid | Today Show Australia TODAY
- Prince Harry Blasts Palace, Says They ‘Without Doubt’ Withheld Information from Him on Phone Hacking PEOPLE
- ‘Tricky’ for Charles and William to alter plans to meet with Harry during surprise UK trip Express
- Prince Harry in London: Prince William, King Charles have zero plans to give royal ‘warm reception’: experts Fox News
- View Full Coverage on Google News
Prince Harry Accuses Royal Institution of “Withholding Information” from Him in Phone Hacking Case – Yahoo Life
- Prince Harry Accuses Royal Institution of “Withholding Information” from Him in Phone Hacking Case Yahoo Life
- Prince Harry accuses royal family of withholding information amid lawsuit | Today Show Australia TODAY
- Prince Harry Blasts Palace, Says They ‘Without Doubt’ Withheld Information from Him on Phone Hacking PEOPLE
- ‘I love my country’ claims Prince Harry as he seeks ‘justice’ from publisher in court Express
- Prince Harry Tears Into Royals for ‘Withholding Information’ on Hacking Yahoo! Voices
- View Full Coverage on Google News
Prince Harry Blasts Royal Family, Says They ‘Without Doubt’ Withheld Information from Him on Phone Hacking – msnNOW
- Prince Harry Blasts Royal Family, Says They ‘Without Doubt’ Withheld Information from Him on Phone Hacking msnNOW
- How Prince Harry Shut Down Seeing His Family During His Surprise Trip to England Yahoo Life
- Entitled multi-millionaire Prince Harry’s privacy crusade makes him the biggest hypocrite in the world – he… The US Sun
- ‘May lose money!’ High stakes for Prince Harry in legal case against Daily Mail publisher Express
- Associated Newspapers says Prince Harry and other accusers are ‘out of time’ BBC
- View Full Coverage on Google News
T-Mobile Says Hackers Stole Data on About 37 Million Customers
T-Mobile
TMUS -0.52%
US Inc. said hackers accessed data, including birth dates and billing addresses, for about 37 million of its customers, the second major security lapse at the wireless company in two years.
The company said in a regulatory filing Thursday that it discovered the problem on Jan. 5 and was working with law-enforcement officials and cybersecurity consultants. T-Mobile said it believes the hackers had access to its data since Nov. 25 but that it has since been able to stop the malicious activity.
The cellphone carrier said it is currently notifying affected customers and that it believes the most sensitive types of records—such as credit card numbers, Social Security numbers and account passwords—weren’t compromised. T-Mobile has more than 110 million customers.
The company said its preliminary investigation indicates that data on about 37 million current postpaid and prepaid customer accounts was exposed. The company said hackers may have obtained names, billing addresses, emails, phone numbers, birth dates and account numbers. Information such as the number of lines on the account and plan features could have also been accessed, the company said.
“Some basic customer information (nearly all of which is the type widely available in marketing databases or directories) was obtained,” T-Mobile said in a statement. “No passwords, payment card information, social security numbers, government ID numbers or other financial account information were compromised.”
The company said its systems weren’t breached but someone was improperly obtaining data through an API, or application programming interface, that can provide some customer information. The company said it shut down the activity within 24 hours of discovering it.
The company’s investigation into the incident is ongoing. T-Mobile warned that it could incur significant costs tied to the incident, though it said it doesn’t currently expect a material effect on the company’s operations. The company is set to report fourth-quarter results on Feb. 1.
T-Mobile acknowledged a security lapse in 2021 after personal information regarding more than 50 million of its current, former and prospective customers was found for sale online. T-Mobile later raised its estimate and said about 76.6 million U.S. residents had some sort of records exposed.
A 21-year-old American living in Turkey claimed credit for the 2021 intrusion and said the company’s security practices cleared an easy path for the theft of the data, which included Social Security numbers, birth dates and phone-specific identifiers. T-Mobile’s chief executive later apologized for the failure and said the company would improve its data safeguards.
T-Mobile proposed paying $350 million to settle a class-action lawsuit tied to the 2021 hack. As part of the settlement, the company also pledged to spend $150 million for security technology in 2022 and this year.
Write to Will Feuer at Will.Feuer@wsj.com
Corrections & Amplifications
T-Mobile US Inc. acknowledged a security lapse in 2021. An earlier version of this article incorrectly said it was last year. (Corrected on Jan. 19)
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
Apple Plans New Encryption System to Ward Off Hackers and Protect iCloud Data
Apple Inc.
AAPL -1.38%
is planning to significantly expand its data-encryption practices, a step that is likely to create tensions with law enforcement and governments around the world as the company continues to build new privacy protections for millions of iPhone users.
The expanded end-to-end encryption system, an optional feature called Advanced Data Protection, would keep most data secure that is stored in iCloud, an Apple service used by many of its users to store photos, back up their iPhones or save specific device data such as Notes and Messages. The data would be protected in the event that Apple is hacked, and it also wouldn’t be accessible to law enforcement, even with a warrant.
While Apple has drawn attention in the past for being unable to help agencies such as the Federal Bureau of Investigation access data on its encrypted iPhones, it has been able to provide much of the data stored in iCloud backups upon a valid legal request. Last year, it responded to thousands of such requests in the U.S., according to the company.
With these new security enhancements, Apple would no longer have the technical ability to comply with certain law-enforcement requests such as for iCloud backups—which could include iMessage chat logs and attachments and have been used in many investigations.
Apple has added additional methods to help users recover their end-to-end encrypted data.
Photo:
Apple
The company said the security enhancements, which were announced Wednesday, are designed to protect Apple customers from the most sophisticated attackers.
“As customers have put more and more of their personal information of their lives into their devices, these have become more and more the subject of attacks by advanced actors,” said
Craig Federighi,
Apple’s senior vice president of software engineering, in an interview. Some of these actors are going to great lengths to get their hands on the private information of people they have targeted, he said.
The FBI said it was “deeply concerned with the threat end-to-end and user-only-access encryption pose,” according to a statement provided by an agency spokeswoman. “This hinders our ability to protect the American people from criminal acts ranging from cyberattacks and violence against children to drug trafficking, organized crime and terrorism,” the statement said. The FBI and law enforcement agencies need “lawful access by design,” it said.
A spokesman for the Justice Department declined to comment.
Former Western law-enforcement and intelligence officials said they were surprised by Apple’s decision in part because the company had refrained in the past from rolling out such encryption settings for iCloud. The officials said Apple would sometimes point authorities to the iCloud as a possible means of collecting information that could be useful for criminal investigations.
Ciaran Martin,
former chief of the U.K.’s National Cyber Security Centre, said the announcement by Apple could pose legal complications for the company in multiple democracies that in recent years have adopted or weighed restrictions on technology that can’t be responsive to law-enforcement demands.
“Things will only be clearer when further technical details are given,” Mr. Martin said. “But on the face of it, existing legislation in Australia and looming legislation in the U.K. would seem to give those governments the power to tell Apple in those countries effectively not to do this.”
Last year, Apple proposed software for the iPhone that would identify child sexual-abuse material on the iPhone. Apple now says it has stopped development of the system, following criticism from privacy and security researchers who worried that the software could be misused by governments or hackers to gain access to sensitive information on the phone.
SHARE YOUR THOUGHTS
What do you think about Apple’s new security feature? Join the conversation below.
Mr. Federighi said Apple’s focus related to protecting children has been on areas such as communication and giving parents tools to protect children in iMessage. “Child sexual abuse can be headed off before it occurs,” he said. “That’s where we’re putting our energy going forward.”
Apple released a feature in December 2021 called “Communication Safety” in Messages, which offers tools for parents that warn their children when they have received or attempt to send photos that contain nudity. The option is part of Apple’s “Screen Time” parental-controls software.
The new encryption system, to be tested by early users starting Wednesday, will roll out as an option in the U.S. by year’s end, and then worldwide including China in 2023, Mr. Federighi said.
“This development will prompt questions at home and abroad, including whether the government of China will really accept a loss of data access,” said Sumon Dantiki, a former senior FBI and Justice Department official who worked on cyber investigations and is now a partner at the King & Spalding law firm. U.S. officials have long pointed to China’s increasingly strict demands for access to data on companies that operate within its borders as a national-security concern.
In addition to Advanced Data Protection, Apple is also modifying its Messages app to make it harder for messages to be snooped on, and it will now allow users to log in to their Apple accounts with hardware-based security keys made by other companies such as Yubico.
Privacy groups have long called on Apple to strengthen encryption on its cloud servers. But because the Advanced Protection encryption keys will be controlled by users, the system will restrict Apple’s ability to restore lost data.
Apple has added additional methods to help users recover their end-to-end encrypted data.
Photo:
Uncredited
To set up Advanced Data Protection, users will have to enable at least one data-recovery method. This could be a recovery key—a long list of numbers and characters that users could print out and store in a secure location—or the user could assign a friend or family member as a recovery contact.
Over the past two decades, businesses and consumers have moved much of their data off computer systems that they control and onto the cloud—data centers filled with servers that are operated by large technology companies. That trend has made these cloud systems an attractive target for cyber intruders.
Mr. Federighi said that Apple isn’t aware of any customer data being taken from iCloud by hackers but that the Advanced Protection system will make things harder for them. “All of us in the industry who manage customer data are under constant attack by entities that are attempting to breach our systems,” he said. “We have to stay ahead of future attacks with new protections.”
As Apple has locked down its systems, governments worldwide have become increasingly interested in the data stored on phones and cloud computers. That interest has led to friction between Apple and law-enforcement agencies, along with a growing market for iPhone hacking tools. In 2020, Attorney General
William Barr
pressured Apple for a way to crack the iPhone’s encryption to help with a terror investigation into a shooting that killed three people at a Florida Navy base.
Advanced Protection will reduce the amount of iCloud information that Apple can provide to law-enforcement agencies, who frequently request iPhone data from Apple as part of their investigations. Apple received requests for information on 7,122 Apple accounts from U.S. authorities in the first six months of 2021, the last period for which the company has provided information.
Apple had already offered end-to-end encryption for some of its services, but the protection will now extend to 23 services, including iPhone backups and Photos. However, three services—Mail, Contacts and Calendar—won’t qualify for Advanced Protection because they use older technology protocols, Mr. Federighi said.
Mr. Federighi said Apple believes it shares the same mission as law enforcement and governments: keeping people safe. If sensitive information were to get in the hands of an attacker, a foreign adversary or some other bad actor, it could be disastrous, he said.
“We’re giving users the option to keep that key only on their devices, which means that even if an attacker were to successfully breach the cloud and access all that data, it would be nonsense to them,” Mr. Federighi said. “They’d lack the key to decrypt it.”
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
Popular tax prep software sent financial information to Meta: report
Meta (formerly Facebook) corporate headquarters is seen in Menlo Park, California on November 9, 2022.
Josh Edelson | AFP | Getty Images
Popular tax prep software including TaxAct, TaxSlayer and H&R Block sent sensitive financial information to Facebook parent company Meta through its widespread code, known as a pixel, that helps developers track user activity on their sites, an investigation by The Markup found.
In a report published with The Verge on Tuesday, the outlet found the software sent information like names, email addresses, income information and refund amounts to Meta. The Markup discovered the data trail through a project earlier this year with Mozilla Rally called “Pixel Hunt,” where participants installed a browser extension that sent the group a copy of data shared with Meta through its pixel.
“Advertisers should not send sensitive information about people through our Business Tools,” a Meta spokesperson told CNBC in a statement. “Doing so is against our policies and we educate advertisers on properly setting up Business tools to prevent this from occurring. Our system is designed to filter out potentially sensitive data it is able to detect.”
Meta considers potentially sensitive information to include information about income, loan amounts and debt status.
The Markup also found that TaxAct had transmitted similar financial information to Google via its analytics tool, though that data did not include names.
“Any data in Google Analytics is obfuscated, meaning it is not tied back to an individual and our policies prohibit customers from sending us data that could be used to identify a user,” a Google spokesperson told CNBC. “Additionally, Google has strict policies against advertising to people based on sensitive information.”
Representatives for the tax prep services did not immediately respond to CNBC’s request for comment.
Read the full report on The Verge.
Subscribe to CNBC on YouTube.
WATCH: Facebook battles Apple over user privacy features in iOS update
Ukraine war: Huge pro-Kyiv rally in Prague, more Russian missile attacks, UK hacking claims
Sunday’s main news in the Ukraine war concerned the blockage of grain exports in the Black Sea following Russia’s withdrawal from a UN-brokered deal. Read more on that story here.
In other developments:
1. Tens of thousands of Czechs show their support for Ukraine
Tens of thousands of Czechs gathered in the capital on Sunday to demonstrate their solidarity with Ukraine and their support for democratic values.
The rally took place in reaction to three recent anti-government demonstrations where other protesters demanded the resignation of the pro-Western coalition government of conservative Prime Minister Petr Fiala for its support for Ukraine.
Those earlier rallies also protested soaring energy prices and opposed the country’s membership in the European Union and NATO. Their organisers are known for spreading Russian propaganda and opposing COVID-19 vaccinations.
The people who turned out Sunday in Prague waved the Czech, Ukrainian and EU flags while displaying slogans that read “Czech Republic against fear” and “We will manage it.”
Sunday’s rally at central Wenceslas Square was organized by a group called Million Moments for Democracy, which was behind several rallies in support of Ukraine following the Feb 24 Russian invasion. The group also previously held massive rallies against the former prime minister, populist billionaire Andrej Babis, calling him a threat for democracy.
The group said the anti-government protests, which united the far right with the far left. exploited the people’s fear of inflation and the war in Ukraine and were trying to undermine democracy.
Ukraine’s first lady, Olena Zelenska, thanked those at the rallyin a video message. She said her country has been facing “the darkest moment in its history” but added hope that Russia’s aggression won’t succeed.
2. More Ukrainian civilians killed as Russian missile attacks continue
On the battlefront, Russian missile attacks kept pounding key front-line hot spots in Ukraine. The Russians shelled seven Ukrainian regions over the past 24 hours, killing at least five civilians and wounding nine more, Ukraine’s presidential office said.
In the eastern Donetsk region, where the fighting is ongoing near the cities of Bakhmut and Avdiivka, eight cities and villages were shelled.
Earlier this month, Moscow intensified its missile and drone strikes on Ukraine’s power stations, waterworks and other key infrastructure, damaging 40% of Ukraine’s electric system and forcing the government to implement rolling blackouts. Kyiv’s mayor said the Ukrainian capital’s power system was operating in “emergency mode.”
In addition, in areas that Ukraine has recaptured, residents are still recovering bodies of killed civilians, Donetsk Gov. Pavlo Kyrylenko said.
“Over the past 24 hours alone, in three de-occupied towns and villages, we found abandoned bodies of Ukrainian civilians,” Kyrylenko said.
Ukraine’s Interior Minister Denys Monastyrskiy said Sunday that Russian forces were mining territories they leave behind twice as densely as during the first months of the war.
Power outages were reported Sunday in the occupied Ukrainian city of Enerhodar, home to the closed Zaporizhzhia Nuclear Power Plant, Europe’s largest. Ukrainian and Russian officials traded blame for the shelling that caused the blackout.
3. Russian soldiers released in prisoner swap
Russian state TV shared footage on Sunday of what it said were Russian soldiers who had been released as part of a prisoner swap the day before.
The video showed young men disembarking from a plane and boarding buses, including one man being met by his father.
Some were filmed apparently talking to loved ones on their phones, telling them they were home.
The AP could not independently verify the date, location or conditions under which the footage was shot.
The Russian defence ministry said in a statement on Saturday that Kyiv released 50 Russian army personnel as part of a prisoner swap that same day.
Fifty Ukrainian soldiers and two civilians were released as part of the swap with Russia, both sides reported.
4. Russia’s Lavrov needles Biden over Cuban Missile Crisis and Ukraine
President Vladimir Putin’s foreign minister on Sunday needled Joe Biden over Ukraine, saying that he hoped the US President had the wisdom to deal with a global confrontation similar to the 1962 Cuban Missile Crisis.
In an interview for a Russian state television documentary on the missile crisis, Foreign Minister Sergei Lavrov said there were “similarities” to 1962, largely because Russia was now threatened by Western weapons in Ukraine.
“I hope that in today’s situation, President Joe Biden will have more opportunities to understand who gives orders and how,” Lavrov said with a faint smile. “This situation is very disturbing.”
Russia’s invasion of Ukraine has triggered the biggest confrontation between Moscow and the West since the Cuban crisis when the Soviet Union and United States are to considered to have come closest to nuclear war.
5. UK politicians demand probe into Liz Truss phone hack claim
The British government insisted Sunday it has robust cybersecurity for government officials, after a newspaper reported that former Prime Minister Liz Truss’ phone was hacked while she was U.K. foreign minister.
The Mail on Sunday said that the hack was discovered when Truss was running to become Conservative Party leader and prime minister in the summer. It said the security breach was kept secret by then-Prime Minister Boris Johnson and the head of the civil service.
The newspaper, citing unnamed sources, said Russian spies were suspected of the hack. It said the hackers gained access to sensitive information, including discussions about the Ukraine war with foreign officials, as well as private conversations between Truss and a political ally, former Treasury chief Kwasi Kwarteng.
The U.K. government spokesperson declined to comment on security arrangements, but said it had “robust systems in place to protect against cyber threats,” including regular security briefings for ministers.
Opposition parties demanded an independent investigation into the hack, and into the leak of the information to a newspaper.
Hacking gadgets: our favorite hardware to decrypt, bypass, and break things
Not all gadgets are meant to make life easier.
Some gadgets break things, exploiting cracks in our digital systems, prying them open, and crawling inside. Most often used by penetration testers — a kind of white-hat hacker hired to test a company’s security by breaking in themselves — these gadgets serve as a kind of road map to the most common vulnerabilities in our digital world.
For the most part, they’re commercialized versions of tech that already existed in a scrappier form, leaning on open-source software projects and decades of work developing attacks. But most importantly, they’re available, so if you decide you want to try out one of these attacks, the equipment is only a click away.
Please use them only for good.