Tag: Data breach

LinkedIn Hacked, Data Of 700M Users Being Sold On Dark Web

LinkedIn data of over 700 million users has reportedly been exposed in a new breach. LinkedIn has a total of 756 million users, which means that the data of more than 92 percent of its users has been compromised in this new breach. The new dataset obtained by an unknown hacker is said to consist of personal details of LinkedIn users, including phone numbers, physical addresses, geolocation data, and inferred salaries. In April, LinkedIn confirmed a data breach affecting 500 million subscribers wherein personal details like email address, phone number, workplace information, full name, account IDs, links to their social media accounts, and gender details were listed online.

According to LinkedIn, it did not face a data breach, but rather the information was gained from scraping the network. In an emailed statement, LinkedIn told Gadgets 360: “While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach and our investigation has determined that no private LinkedIn member data was exposed. Scraping data from LinkedIn is a violation of our Terms of Service and we are constantly working to ensure our members’ privacy is protected.”

The new dataset of 700 million users is also on sale on the Dark Web, wherein the hacker has posted a sample set of 1 million users for buyers. RestorePrivacy was the first to spot this listing on the Dark Web and the sample data was cross-verified by 9to5Google. The sample dataset that has been published on the Dark Web includes user information like email addresses, full names, phone numbers, physical addresses, geolocation records, LinkedIn username and profile URL, inferred salaries, personal and professional experience/ background, gender, and social media accounts and usernames.

9to5Google reached out directly to the hacker who says that the data was obtained by exploiting the LinkedIn API to harvest information that people upload to the site. The dataset does not include passwords, but the information is still very valuable and could amount to identity theft or phishing attempts.

To protect your data, it is important to look at the safety, security, and privacy settings of the apps you use and make sure that these are set up properly. Ensure that you have set up a strong password and indulge in the habit of changing them frequently. Also, enable two-factor authentication (2FA) wherever available, and do not accept connections, especially on LinkedIn and Facebook, from unknown people. Subscribe to sites like Have I Been Pwned for notifications if your email address is part of a data breach.

July 6, 2021
How Mobile Money Credit Apps Are Used For Mass Surveillance On Kenyans

Keren Weitzberg, a researcher and educator based at University College London, and who’s currently working on a project on ID cards and biometrics in Kenya has opined that the growing mobile credit apps in Kenya are used for surveillance. According to her report “Mobile credit expands mass surveillance of ordinary Kenyans”, governments and corporations are using the digital credit services to expand their reach into people’s everyday lives. Financial technology, or fintech, is selling Kenyans data, their routine and habits and transforming their behavior into data that can be monitored and assessed.

The report names Safaricom – a partly government-owned multinational telecom that controls the lion’s share of the Kenyan market – in partnership with Uhuru’s partially owned CBA bank as huge contributors to this huge breach of Kenyan citizens data. Safaricom has a lending service itself (M-Shwari) and as both tax collector and shareholder, the Kenyan government has a direct financial stake in Safaricoms digital lending. Through mandatory SIM registration laws in the country, Safaricom is also collecting a great deal of data on their customers and consumer habits in what the watchdog group Privacy International called “a more pervasive system of mass surveillance” throughout Africa.

These digital lending companies ask for access into the lives of ordinary Kenyans before giving out loans which Kenyans readily agree to. They use everything from GPS data to how often people call their parents to social media feeds to assess customers’ creditworthiness. The companies collect M-Pesa transaction SMS, call behavior and handset information and due to lack of sufficient protection laws in the country the mobile apps make profit by disclosing users’ information to third parties.

Most Kenyans are already struggling to make ends meet and digital lending apps are not the solution, Infact they are more likely to worsen poverty by contributing to cycles of indebtedness, but in a country led by a man who has glorified borrowing with absolutely no regard for it’s citizens data, The Mpigs would rather use their time to come up with useless bills to tax bloggers and group admins rather than regulate this Digital-Fueled lending craze.

September 26, 2019
Safaricom Breached The Privacy Of 11.5M Customers By Exposing Their Sports Betting History, Biodata And Now Sued For Sh115 Trillion

Kenya’s giant telecommunication company Safaricom has been sued for violation of private data of over 11.5M customers.

The Sh115 trillion lawsuit is now the biggest consumer suit after that of Coca-Cola.

Coca-Cola was sued by Busia, Funyula area residents after one of their distributor sold them contaminated drinks that left 5 people dead.

With that out and aside, High Court received a petition last week from Benedict Kabugi, one of the Safaricom subscribers who has accused the telco of breaching the privacy of 11.5 million of its customers.

Kabugi says in a petition that Safaricom has exposed him and other of the company’s customers data details to sports betting history and biodata.

Benedict Kabugi says an individual who had in his possession the personal data of more than 11.5 million Safaricom subscribers, including his approached him last week.

“The data, which the petitioner herein viewed personally, was specific to gamblers who had used their Safaricom mobile numbers to gamble on various betting platforms registered in Kenya,” reads part of Benedict’s petition.

This high magnitude Lawsuit is the first of its kind to be leveled against a mobile service provider in Kenya.

Kenya’s data protection law Bill has been shelved by Jubilee administration in the August house for almost a decade.

Sources speaking to this site says there are two duplicate bills currently set for debate by the National Assembly Before being forwarded to the Senate.

This lawsuit represents a violation of Article 31 of the Constitution which protects the privacy of communication.

Benedict says the data he saw contained specific identifying details of subscribers, including full names, their mobile phone numbers, gender, age, identity numbers, passport numbers as well as the total amounts gambled.

Kabugi also reveals that the data had the make and type of devices used by the subscribers as well as their location.

Benedict told this site that he was arrested and detained by the Police when he went to report the breach at Safaricom offices.

This is not the first time for Safaricom to be directly involved in data breach dealings.

Last week, two senior Safaricom employees were arrested and charged in court for trying to obtain Sh300 million from Safaricom’s database.

Sources speaking to this site say they were arrested after successfully transferring priviledged information on a subscriber from Safaricom’s database.

This lawsuit will expose more breaches in Safaricom and other telcos like Airtel, Telkom, Faiba, Equitel…

State’s involvement in Safaricom makes them the most targeted telco by backdoor dealers and hackers.

If the lawsuit goes through and the Court finds Safaricom liable, this will definitely make them the most unsafe place anyone could ever trust their data and privacy.

June 26, 2019