As reported by TechCrunch,
U.S. phone giant AT&T confirmed Friday it will begin notifying millions of consumers about a fresh data breach that allowed cybercriminals to steal the phone records of “nearly all” of its customers, a company spokesperson told TechCrunch.
In a statement, AT&T said that the stolen data contains phone numbers of both cellular and landline customers, as well as AT&T records of calls and text messages — such as who contacted who by phone or text — during a six-month period between May 1, 2022 and October 31, 2022.
AT&T said some of the stolen data includes more recent records from January 2, 2023 for a smaller but unspecified number of customers.
The stolen data also includes call records of customers with phone service from other cell carriers that rely on AT&T’s network, the company said.
AT&T said the stolen data “does not contain the content of calls or texts,” but does include calling and texting records that an AT&T phone number interacted with during the six-month period, as well as the total count of a customer’s calls and texts, and call durations — information that is often referred to as metadata. The stolen data does not include the time or date of calls or texts, AT&T said.
Some of the stolen records include cell site identification numbers associated with phone calls and text messages, information that can be used to determine the approximate location of where a call was made or text message sent.
In all, the phone giant said it will notify around 110 million AT&T customers of the data breach, company spokesperson Andrea Huguely told TechCrunch. AT&T published a website with information for customers about the data incident. AT&T also disclosed the data breach in a filing with regulators before the market opened on Friday.
As reported by Tom’s Hardware,
The investigative journalists at Gamers Nexus uncovered a serious and troubling data leak at Zotac, a company already in FTC crosshairs for its warranty practices. Tipped off by a viewer, the team learned that documents related to Return Material Authorization (RMA) requests were publicly available on the web and had even been indexed by Google. These documents contained full names, telephone numbers, email and mailing addresses, and more.
The viewer discovered this leak when doing his own due diligence to see what information came up when he Googled his name. Surprisingly, he discovered a document he had uploaded to Zotac as part of an RMA return. He promptly notified both Zotac and Gamers Nexus.
While Zotac immediately removed access to that individual’s attachment, Gamers Nexus quickly discovered how widespread and serious the leak was. It discovered RMA attachments from consumers, including emails and spreadsheets containing those people’s personal information.
Other documents included corporate invoices to businesses like Micro Center, iBuyPower, and others. In at least one case, a document contained what was either an Employer Identification Number or Social Security Number. Gamers Nexus swiftly emailed Zotac of their findings as well as several of the business-to-business customers involved.
While Gamers Nexus did not immediately identify Zotac to the public, they did post a message to Twitter on July 5 to timestamp how long it took the company to begin addressing the issue. The good news is that it didn’t take long.
As of this writing, searching for “RMA Zotac” does still list hundreds of PDF and Excel documents submitted to Zotac’s RMA and warranty web page. However, the links now lead to dead links, likely because Zotac corrected the misconfigured file permissions for that directory.
Zotac also temporarily removed the “upload attachment” button from its RMA form. Until the company’s web developers can properly fix the issue, Zotac will be asking customers to email their documentation instead of using the online portal.
Some information can still be gleaned from Google’s cache, though, which is problematic. Since Zotac has not taken measures yet to deindex that directory with Google, the search engine results pages still list bits and pieces of information. We were able to find several customers’ mailing addresses this way.
If you have ever filed an RMA with Zotac, you should Google search your own name along with Zotac’s and perhaps RMA. If you find anything containing your information, click the three dots in the top right of the result to request Google remove the page from its search results.
As reported by Bleeping Computer,
Hackers have leaked what they claim is Ticketmaster barcode data for 166,000 Taylor Swift Eras Tour tickets, warning that more events would be leaked if a $2 million extortion demand is not paid.
In May, a well-known threat actor named ShinyHunters began selling data on 560 million Ticketmaster customers for $500,000.
Ticketmaster later confirmed the data breach, which they ultimately stated was from their account on Snowflake, a cloud-based data warehousing company used by the enterprise to store databases, process data, and perform analytics.
In April, threat actors began downloading Snowflake databases of at least 165 organizations using credentials stolen by information-stealing malware.
The threat actors then blackmailed the companies, demanding payment to prevent the data from being leaked or sold to other threat actors. Companies confirmed to have had data stolen from their Snowflake accounts include Neiman Marcus, Los Angeles Unified School District, Advance Auto Parts, Pure Storage, and Satander.
Today, a threat actor known as Sp1d3rHunters has leaked what they claim is the ticket data for 166,000 Taylor Swift Eras Tour barcodes used to gain entry on various concert dates.
Sp1d3rHunters, previously named Sp1d3r, is the threat actor behind the sale of data stolen from Snowflake accounts, publicly extorting the various companies for payments.
“Pay us $2 million USD or we leak all 680M of your users information and 30 million more event barcodes including: more Taylor Swift events, P!nk, Sting, Sporting events F1 Formula Racing, MLB, NFL and thousands more events,” reads the extortion demand first shared by threat intel service HackManac.
The post claims the barcode data is for upcoming Taylor Swift concerts in Miami, New Orleans, and Indianapolis.
The post includes a small sample of the alleged barcode data, which contains the value used to create a scannable barcode, seat information, the face value of tickets, and other information. The threat actor further shared details on how to turn this data into a scannable barcode.
While the barcode data was not part of the initial leak of stolen Ticketmaster data samples released by the threat actors in May, some of the newly leaked data can be found in the older leaks, including the hashed credit card and sales order information for the tickets.
The group behind these attacks is ShinyHunters, which has been responsible for many data breaches over the years. These include leaking the data for 386 million user records from 18 companies in 2020, an AT&T breach impacting 70 million customers, and, most recently, the leaking of 33 million phone numbers used with the Authy multi-factor authentication app.
Federal Trade Commission staff sent warning letters to eight companies about their warranty practices that may be standing in the way of consumers’ right to repair products they have purchased.
The warning letters inform the companies of FTC staff’s concerns that their practices violate the Magnuson-Moss Warranty Act (MMWA), a law that governs consumer product warranties and is enforced by the FTC.
“These warning letters put companies on notice that restricting consumers’ right to repair violates the law,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “The Commission will continue our efforts to protect consumers’ right to repair and independent dealers’ right to compete.”
The letters to five of the companies warn that FTC staff has concerns about the companies’ statements that consumers must use specified parts or service providers to keep their warranties intact. Unless warrantors provide the parts or services for free or receive a waiver from the FTC, such statements are generally prohibited by the MMWA. Similarly, such statements may be deceptive under the FTC Act.
These letters were issued to air purifier sellers aeris Health, Blueair, Medify Air, and Oransi, along with treadmill company InMovement.
Letters to three other companies warn against their use of stickers containing “warranty void if removed” or similar language that are placed in locations on products that hinder consumers’ ability to perform routine maintenance and repairs on their products.
These letters were issued to ASRock, Zotac, and Gigabyte, companies that market and sell gaming PCs, graphics chips, motherboards, and other accessories.
FTC staff has urged each company to review its promotional and warranty materials to ensure that such materials do not state or imply that warranty coverage is conditioned on the use of specific parts or services. The letters state that FTC staff will review the companies’ websites after 30 days and that failure to correct any potential violations may result in law enforcement action.
As reported by Reuters,
Nvidia is set to be charged by the French antitrust regulator for allegedly anti-competitive practices, people with direct knowledge of the matter said, making it the first enforcer to act against the computer chip maker.
The French so-called statement of objections or charge sheet would follow dawn raids in the graphics cards sector in September last year, which sources said targeted Nvidia. The raids were the result of a broader inquiry into cloud computing.
The world’s largest maker of chips used both for artificial intelligence and for computer graphics has seen demand for its chips jump following the release of the generative AI application ChatGPT, triggering regulatory scrutiny on both sides of the Atlantic.
The French authority, which publishes some but not all its statements of objections to companies, and Nvidia declined comment. The company in a regulatory filing last year said regulators in the European Union, China and France had asked for information on its graphic cards.
The European Commission is unlikely to expand its preliminary review for now, since the French authority is looking into Nvidia, other people with direct knowledge of the matter said.
The French watchdog in a report issued last Friday on competition in generative AI cited the risk of abuse by chip providers.
It voiced concerns regarding the sector’s dependence on Nvidia’s CUDA chip programming software, the only system that is 100% compatible with the GPUs that have become essential for accelerated computing.
It also cited unease about Nvidia’s recent investments in AI-focused cloud service providers such as CoreWeave.
Companies risk fines of as much as 10% of their global annual turnover for breaching French antitrust rules, although they can also provide concessions to stave off penalties.
The U.S. Department of Justice is taking the lead in investigating Nvidia as it divvies up Big Tech scrutiny with the Federal Trade Commission, a source familiar with the matter has told Reuters.
As reported by Engadget,
The US Department of Justice and Boeing have reached an agreement that the latter will plead guilty to a conspiracy to defraud the US government charge stemming from two fatal crashes that killed 346 people in 2018 and 2019, the New York Times reports.
In May, the DOJ announced that Boeing violated its 2021 deal to pay penalties and compensation, as well as implement major safety changes — just four months prior, a cabin panel blew off an Alaska Airlines flight while it was at 16,000 feet in the air. The DOJ offered the company a plea deal on June 30, giving it one week to accept or face a trial.
Boeing had struck a deal in 2021 over these crashes with the agency, promising to implement major safety changes and engage in no wrongdoing for three years. In May, the DOJ announced the company had violated the agreement, and on June 30 it offered Boeing a choice: accept a plea deal within one week or go to trial.
If the new agreement is approved by the court, Boeing will have to pay a fine of $487.2 million — however, part of it could be covered by payments made in the original agreement. Boeing will also be required to invest at least $455 million in safety and compliance over the next three years and have a DOJ-appointed third-party monitor its progress.
The deal was criticized as insufficient for the crash victims. “This sweetheart deal fails to recognize that because of Boeing’s conspiracy, 346 people died,” Paul Cassell, a lawyer representing some of the families, said. “Through crafty lawyering between Boeing and DoJ, the deadly consequences of Boeing’s crime are being hidden.”
In 2021, Boeing agreed to pay its customers $1.77 billion in compensation after authorities grounded the 737 Max plane for a year and a half. The deal also included the company paying $243.6 million in fines and $500 million into a crash-victim fund for the heirs, relatives and legal beneficiaries of the passengers killed in the flights near Indonesia and Ethiopia.
The Federal Aviation Administration’s Aircraft Evaluation Group (FAA AEG) determined that the Maneuvering Characteristics Augmentation System (MCAS) activated while both planes were in flight and was the likely point of failure. Two Boeing 737 Max flight technical pilots deceived the FAA AEG two years before the first crash, concealing information about an important change to the MCAS. If approved, the new deal will be Boeing’s first new felony in decades.
As reported by Reuters,
said on Friday it has approved Epic Games’ games marketplace app on iPhones and iPads in Europe, after the “Fortnite” maker escalated its feud with the technology giant, accusing it of hindering its efforts to set up a games store on the devices.
Apple said the latest spat concerned the Epic Sweden AB Marketplace and has nothing to do with the video games maker’s Fortnite app which has already been given the green light.
Apps developers and antitrust regulators have criticized Apple’s tight control of the iOS app ecosystem.
Before Apple’s announcement, Epic said the iPhone maker had twice rejected documents the video-game publisher submitted to launch the Epic Games Store because the design of certain buttons and labels was similar to those used by its App Store.
“We are using the same “Install” and “In-app purchases” naming conventions that are used across popular app stores on multiple platforms, and are following standard conventions for buttons in iOS apps,” Epic said in a series of posts on X.
“Apple’s rejection is arbitrary, obstructive, and in violation of the DMA (Digital Markets Act), and we’ve shared our concerns with the European Commission,” it said.
The European Commission, which opened an investigation into the checks and reviews put in place by Apple to validate apps and alternative app stores to be sideloaded last month, declined to comment.
Epic and Apple have been waging a legal battle since 2020, when the gaming firm alleged Apple’s practice of charging up to 30% commissions on in-app payments on its iOS devices violated U.S. antitrust rules.
Early this year, Apple proposed changes to its App Store policies to comply with certain directives of the DMA that went into force in March.
It allowed alternative app stores on iPhones and an opt-out from using the in-app payments system, but set a “core technology fee”, which several developers found exploitative.
