Posts Tagged ‘Personal privacy’

Vtech confirm 4.8million customers hacked

November 30th, 2015 No Comments By Mof Gimmers

hackers Vtech confirm 4.8million customers hackedVtech, the provider of tech and toys to kids, have confirmed that they’ve suspended trading after a hack that saw 4.8 million customer details stolen. A spokesperson said that an “unauthorised party” accessed the data that was in VTech’s Learning Lodge app store last month.

The information that was included was profile info, which includes names, addresses, IP addresses, email addresses, history of downloads and secret answers to security questions. No password information was taken, and no credit card info was affected either.

Security analyst Troy Hunt, has looked into all this, and said that the passwords were not encrypted, like Vtech claimed: “Once the passwords hit the database, they’re protected with nothing more than a straight MD5 hash, which is so close to useless for anything but very strong passwords (which people rarely create), they may as well have not even bothered. The kids’ passwords are just plain text.”

“The vast majority of these passwords would be cracked in next to no time; it’s about the next worst thing you do next to no cryptographic protection at all.”

This follows what seems to be an endless series of hacks, with the most notable happening with TalkTalk.

Hunt continued: “Despite the frequency of these incidents, companies are just not getting the message; taking security seriously is something you need to do before a data breach, not something you say afterwards to placate people.”

Obviously, you should change your passwords and the like if you think this affects you. If you have any queries, Vtech’s UK number is 01235 546810.

Fax: (01235) 546804

Hungryhouse has reset the passwords of thousands of their customers, after what was thought to be a data breach.

On Twitter this morning, the fastfood service said: “Hungryhouse have ourselves re-set a number of customer’s passwords as a preventative security measure against a 3rd party.”

If that doesn’t clear it up for you, then the email they sent around today should.

d525c933ca0342e3a942a1d5aa23a4d1 500x321 What you need to know about your HungryHouse password

See? Nothing to worry about at all. Now you don’t have to worry about bored teenagers or terrorists knowing about how much pizza you can put away on a weekend.

Anyway, go and reset your password.

Google Nest camera is ‘always on’

November 26th, 2015 3 Comments By Mof Gimmers

nest Google Nest camera is always onWe’ve shrieked hysterically about Google’s smart thermostat – Nest – before, likening it to sci-fi horror where remote companies watch your every move, before ultimately singing ‘Daisy Daisy’ while trying to oversee your untimely death.

We might be overdoing it a bit. However, what doesn’t help, is that Nest has a camera that watches you in your home, and a team at ABI Research found that, even when the camera is “off,” it still draws around the same amount of info it does, as when it is fully powered.

Basically, you might think you’ve turned it off, but you haven’t. Kill it with fire. Or throw some undercrackers over it.

A spokesperson for Nest Labs told the BBC: “When Nest Cam is turned off from the user interface (UI), it does not fully power down, as we expect the camera to be turned on again at any point in time.” So, standby mode then. Either way though, this is an ‘always on’ camera in your house, and this is Google (or Alphabet if you prefer) we’re talking about here. A company that not only wants to watch you at home, but also wants to store your DNA through the chilling 23ANDMe wing.

The Nest spokesperson continued: “When Nest Cam is turned off, it completely stops transmitting video to the cloud, meaning it no longer observes its surroundings.” While that may do for some, there’s going to be concerns over Google storing hours of footage of you at home in their cloud. Imagine the outpouring of hate that’ll happen if their servers get hacked.

spy spying 300x300 How to stay anonymous online, after government announce snooping charterHome Secretary Theresa May is showing off the new Draft Investigatory Powers Bill, which in short, means the government can spy on you.

For a slightly longer answer, May thinks that some websites are ‘safe havens’ for criminals, and now she wants to see new laws which give authorities the chance to access everyone’s information. It looks like she’ll want to get rid of encryption, and that all your internet history would be recorded, so authorities can look at it whenever they want, without having to get permission from anyone. They want to keep everything you do online, on record, for a year.

They also want to be able to see who you’ve texted and emailed too. If your messages are encrypted, the company keeping your messages private, must hand over data to authorities if asked.

With the hacks and leaks that have been doing the rounds lately, there’s just concern about anyone holding all this private information on everyone with an internet connection.

The draft bill underlines a want for powers for the bulk collection of large volumes of communications and other personal data by MI5, GCHQ, MI6, and for the introduction of “equipment interference powers”. This all means that computers and phones can be hacked whenever they want, in the name of  national security.

Of course, the stupid thing here, is that actual criminals won’t be arranging serious crimes on Facebook Messenger or anything like that, so it looks like they just want to snoop on everyone else, which is going to worry many. It won’t worry the kind of people who say “well I’ve done nothing wrong, so they can look through all my stuff if they want”, but you can’t do anything about those people.

The Home Office has published the Investigatory Powers Bill in the House of Commons, which means it’ll be examined both Houses of Parliament. There’ll be a final vote on the whole thing at some point in 2016. We suspect there’s be some legal action thrown at the government before then.

How To Stay Anonymous Online

If you want to browse the internet anonymously, the first place to start is with the free Tor Browser. We won’t bore you with the ins-and-outs of the whole thing, but basically, it puts your web traffic through Tor’s network, and makes it anonymous and encrypts the shit out of it. It isn’t wholly anonymous, but it isn’t far off.

You can send emails through web services in Tor Browser too, but you’d need an email account that doesn’t reveal any personal information about you. One to look at is Guerrilla Mail.

As for instant messaging, there’s Pidgin, Wickr, and Tor who have just released their own. You know how to work a phone or search engine, so get on those. As for your phone itself, there’s an app called Orbot that runs Tor on Android.

If you want to set up a VPN (Virtual Private Network), then click here for a VPN how to guide. There’s loads of tutorials online, if you want to vanish from the eyes of the government.

Facebook to allow nicknames again?

November 3rd, 2015 1 Comment By Mof Gimmers

Bitterwallet Facebook censorship Facebook to allow nicknames again?Facebook, for some reason, decided to say that people who used nicknames, or names they performed or wrote under, weren’t allowed. If you wanted to go by your stage name, set up a fan page. If you’ve been using a nickname and someone has hit the button where they say you’re using a nickname, then they make you send a copy of your birth certificate or passport in to prove your government name.

Failure to comply, and they suspend your account. This has been a problem for those who are trying to avoid abusive exes, people who are transitioning and, most alarmingly, Facebook seem to have been going after anyone who doesn’t have an English sounding name.

This has seen a lot of protests, and indeed, courts have gone after Facebook saying that they’re infringing people’s rights.

Well, after a load of faff, it looks like Facebook are going to lose their ‘real names’ policy. At least, that’s what they’re saying, not that anyone really trusts them these days.

Facebook are going to allow users to ‘provide more information about their circumstances’ and ‘give additional details or context on their unique situation’. Facebook’s Alex Schultz says: “It will help us better understand the reasons why people can’t currently confirm their name, informing potential changes we make in the future.”

We’ll see what they actually ask for, when they get around to doing this. We suspect there’s going to be more protests about all this yet.

Vodafone – the latest to be hacked

November 2nd, 2015 No Comments By Mof Gimmers

vodafone logo 300x300 Vodafone   the latest to be hackedVodafone are the latest to fall victim to a hack, with nearly internet scallies getting access to around 2,000 customers’ details. We hope that the hackers aren’t doing this for attention, because we’re kinda bored by all these hacks now – they’ve lost their edge somewhat.

Anyway, Vodafone said that 1,827 accounts have been accessed, and they fear that criminals have customers’ names, mobile numbers, bank sort codes and the last four digits of their bank accounts, which is no good.

A Vodafone spokesman said: “This incident was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone. Vodafone’s systems were not compromised or breached in any way.”

Vodafone started an investigation over the weekend, and have informed the National Crime Agency, Ofcom and the Information Commissioner’s Office. They’re not mucking about, like TalkTalk have been (and if you’re unimpressed with TalkTalk and want to leave them, check out our letter template so you can get out of your contract).

“Whilst our security protocols were fundamentally effective, we know that 1,827 customers have had their accounts accessed, potentially giving the criminals involved the customer’s name, their mobile telephone number, their bank sort code, the last four digits of their bank account,” continued Voda.

“Our investigation and mitigating actions have meant that only a handful of customers have been subject to any attempts to use this data for fraudulent activity on their Vodafone accounts. However, this information does leave these 1,827 customers open to fraud and might also leave them open to phishing attempts. These customers’ accounts have been blocked and affected customers are being contacted directly to assist them with changing their account details.”

As well as telling all the relevant authorities, Vodafone have also contacted all the banks of affected customers. Even if you think Vodafone are run by a bunch of gits, this is a fine way to deal with a crisis compared to some of their peers.

Visa, Sky TV, Amazon and Ticketmaster, are also being targeted – busy time for the hackers, eh?

snapchat 300x300 What you need to know about Snapchats privacy updateAny mention of Snapchat makes elderly people roll their eyes and sigh, mainly because they don’t understand what it is, or they don’t like they idea of people using something that they don’t want to use. For the rest of humanity, there’s been a lot of chatter about the company’s privacy policy.

There were angry rants, as people were under the impression that Snapchat had decided to keep your photos and videos FOREVER and use them as they pleased. Of course, seeing as a load of people have sent photos of their junk through the service, people started getting a bit jumpy.

What is the truth of the matter though?

After a number of respected publications ran these stories, Snapchat felt the need to put a statement out. It was to the point: “The Snaps and Chats you send your friends remain as private today as they were before the update.”

Of course, like they’ve been saying for ages, the company have zero control over those who screengrab your photos and the like, but they’re very clear about that when you sign-up. Basically, if you know someone who is rather screengrabby, don’t send them anything private or, indeed, make sure you’re able to blackmail them back if they’re acting like dicks.

Snapchat’s terms of service say: “When you do that, you retain whatever ownership rights in that content you had to begin with.” In fact, unlike a bunch of other social platforms, Snapchat has a policy of not sharing messages with advertisers or other business partners. However, there is a few things to look out for.

In the terms of service, they do give up some rights. It says: “We need that license when it comes to, for example, Snaps submitted to Live Stories, where we have to be able to show those Stories around the world—and even replay them or syndicate them.” Again, that’s rather clear when you join in with that particular element of the app.

Basically, the recent update was done to change the language of the terms, so they were easier to understand. Seems they were easier to misconstrue too.

Either way, if you want to read Snapchat’s statement, and see what they’re up to, click here.

British Gas latest in data leak

October 29th, 2015 1 Comment By Mof Gimmers

british gas British Gas latest in data leakIt is the week of data leaks, with TalkTalk getting hacked by a child, Morrisons getting sued over the loss of data, and M&S being a bit fast and loose with customers’ private data.

Now, British Gas are the latest to get in on the act, and have had to get in touch with around 2,200 people after account passwords and email addresses appeared online. The company say that their systems are secure and no payment info is at risk, but still, this doesn’t look very good does it?

The details of this leak will now be sent over to the Information Commissioner’s Office, so they can investigate what’s going on.

British Gas posted on Twitter: “A small number of customer details briefly appeared online but our systems are secure.” The follow-up email states that the information had not come from the company themselves.

Next week, we assume we’ll be writing an article about a massive bank keeping customers’ personal details in a brown paper bag which they’ve hidden behind a plant-pot, and a massive supermarket that keeps customer data safe behind a chocolate fire-guard.

Morrisons staff to sue for data loss

October 28th, 2015 2 Comments By Mof Gimmers

new morrisons logo 300x212 Morrisons staff to sue for data lossMorrisons is being sued by thousands of its own staff after personal information was posted on the internet by an internal auditor.

The auditor in question is Andrew Skelton, who just so happens to have been sent to prison for eight years after he was convicted for a number of charges, including fraud by abuse of position.

He sent data to newspapers and uploaded information on 100,000 people to file-sharing sites. Why? He wanted revenge after he was told off at work. A fully grown adult there, getting revenge for being told off. Honestly.

According to JMW Solicitors, there’s over 2,000 personnel participating in the joint case. Their data-specialist, Nick McAleenan, said: “My clients’ position is that Morrisons failed to prevent a data leak which exposed tens of thousands of its employees to the very real risk of identity theft and potential loss.”

“In particular, they are worried about the possibility of money being taken from their bank accounts and – in the case of younger clients – negative consequences for their credit rating. Whenever employers are given personal details of their staff, they have a duty to look after them.”

Morrisons aren’t commenting on the case as yet, but this is more trouble for a supermarket that isn’t having the best of times at the moment. The chain dropped their nonsensical price match deal, but they did make a pizza that looked like a vagina, which is nice.

Marks & Spencer down after data breach

October 28th, 2015 No Comments By Mof Gimmers

marks and spencer Marks & Spencer down after data breachMarks & Spencer took their website down for two hours, as it turned out that customers could see other people’s details when they logged in to their accounts. Yep. It’s another data breach!

Now, M&S said that no-one’s details were compromised by the ‘internal technical problem’, but they said sorry, given that everyone is particularly jumpy about such things at the moment. Some people said they logged in and could see other people’s orders and payment details.

A spokesperson for M&S said that the whole thing was a “technical issue” and that customers may have been able to see the last four digits of another person’s payment card “for a brief moment”, but the actual card details are encrypted, so there’s no need to worry.

“There were no financial details compromised at all,” the spokesperson said; “We weren’t hacked by a third party. It was an internal technical problem.”

Another spokesperson added: “Due to a technical issue we temporarily suspended our website last night. This allowed us to thoroughly investigate and resolve the issue and quickly restore service for our customers. We apologise to customers for any inconvenience caused.”

This is all a bit embarrassing, seeing as there’s likely to be a number of new customers signing up to the site, thanks to the Sparks scheme.

Facebook 300x300 Facebook   soon mithering you about absolutely everythingFacebook have been tinkering with their format again (seriously – leave it alone for five minutes, wouldya?), this time, looking at personalised notifications.

That’s right, the social network is now going to cater to your every need by telling you about your friend’s birthday, that event you forgot to say you weren’t going to, and a whole load more. Mobile notifications on the Facebook app will now prod you about all the events in your life – even the ones you’re not arsed about.

“We’ve heard feedback that people wanted to add important information that they can easily see, all in one place,” wrote product manager Keith Peiris on the official Facebook blog. “Along with your notifications, you can see and customize timely info.”

Instead of a nice, normal list, you’ll now get your mobile notifications organised as “cards”, which will be tailored the more you tell Facebook about your activities and location. Interesting that eh? Not like Facebook to want to know where you are and what you’re doing all the time, is it?

If you mess with your settings enough, you’ll also get notifications about when your favourite TV show is on, or you’ll get alerts from your favourite venues and pubs, every time they do anything, ever.

You might be fine with the privacy/usefulness trade-off, so this will be good news. If not, just delete the app and stop using it – save yourself and everyone around you the headache.

TalkTalk hacked by a 15 year old?

October 27th, 2015 1 Comment By Mof Gimmers

TalkTalk 300x180 TalkTalk hacked by a 15 year old?The police have taken a 15-year-old boy in for questioning over the hack of the TalkTalk website, and he was held on suspicion of offences under the Computer Misuse Act. The police are also searching the kid’s home in County Antrim.

Imagine that. Being a massive company with loads of sensitive information, and having spent loads of money on various forms of security, some teenager in his bedroom manages to pull the rug from under it all.

TalkTalk said that they’d been the target of a ransom demand by the hackers, and what with it being someone so young, we can imagine that the demands were brilliant: “We want some new Jordans, a year’s supply of Wotsits, a can of Lynx, and an Olympic sized swimming pool full of Jagerbomb.”

Anyway, the customers of TalkTalk aren’t finding this very funny, as the company not only show a disregard for the private details of their customers, but also, a remarkable lack of ability when it comes to managing a crisis. Still, at least TalkTalk told their customers to change their passwords, eh? That’ll comfort people who give money and personal details to a company that has had three cyber attacks in a year.

If you think you’ve been affected by the TalkTalk hack, you need to visit

Following the arrest, TalkTalk said: “We know this has been a worrying time for customers and we are grateful for the swift response and hard work of the police. We will continue to assist in the ongoing investigation.”

facebook mobile 300x200 Facebook   now sharing your public posts on search enginesFacebook is going to let people search for your status updates on search engines. Twitter has been searchable like that for a while, so some people won’t mind at all. However, this will stick in the craw with some, who see Facebook as a safe place to say what you want without being snooped on.

Of course, people, pages, and brands have been easy to track down, but not individual items shared on newsfeeds and timelines. That’s all about to change, as Facebook is rolling out an update to open everything up.

Facebook’s vice president of search Tom Stocky said: “When something happens in the world, people often turn to Facebook to see how their friends and family are reacting. Today, we’re updating Facebook Search so that in addition to friends and family, you can find out what the world is saying about topics that matter to you.”

You’ll know that the social network is in trouble with how much it shares with the world, losing a court case about people’s personal information. Some people might see this as further evidence of FB taking the piss. In that case, you might want to dive into your Settings and start shoring everything up, if you’re worried about that sort of thing.

You can assume that Facebook will only make public posts searchable, so if your account is locked-down, you should be okay… provided of course, if you trust the social network on such matters.

The update is going to roll out in the US first, on iPhone, Android and desktop, and then, it’ll creep across the rest of the territories in due time.

TalkTalk 300x225 TalkTalk to consider case by case on customers wanting to leave after hackAfter the TalkTalk hack, customers are rightly looking at taking their business elsewhere. Too frequently, people are looking at TalkTalk like they’re not taking security seriously enough, after a spate of breaches over the year.

So what happens if you want to leave? Well, as you know, most mobile companies will charge you a fee for leaving your contract early, but this is exceptional circumstances. A spokesperson for the firm told ThisIsMoney that those who wish to exit their contract early because of the hack will be ‘considered on an individual basis.’

With around 4 million potentially falling victim to the cyber attack, there’s a good chance that there’ll be something of an exodus on the cards.

The TalkTalk spokesperson said: “We are not going to be able to make a decision on a compensation today. The police are still carrying out their investigation to establish what has happened and the extent of information accessed.”

Dido Harding, chief executive of TalkTalk, said: “TalkTalk constantly updates its systems to make sure they are as secure as possible against the rapidly evolving threat of cyber-crime, impacting an increasing number of individuals and organisations. We take any threat to the security of our customers’ data extremely seriously and we are taking all the necessary steps to understand what has happened here.”

“As a precaution, we are contacting all our customers with information, support and advice around Wednesday’s attack.”

TalkTalk is pointing customers in the direction of a special site if there are any questions: If you’d prefer to ring someone, then the number is 0800 083 2710, or 0141 230 0707, but remember, they’re likely to be extremely busy today.

Let us know how you get on.

TalkTalk customer info hacked

October 23rd, 2015 4 Comments By Mof Gimmers

TalkTalk 300x180 TalkTalk customer info hackedTalkTalk customers have had their personal information hacked in what the police are calling a “significant and sustained” cyber-attack on the company’s website. This is the third data breach in a year for TalkTalk.

“We are continuing to work with leading cybercrime specialists and the Metropolitan police to establish exactly what happened and the extent of any information accessed,” said TalkTalk.

The company’s chief executive, Dido Harding, said: “We take any threat to the security of our customers’ data extremely seriously, and we are taking all the necessary steps to understand what has happened here.”

The way TalkTalk has been handling this has angered some customers. Looking through Twitter, it seems that TalkTalk’s customer service lines have been downed by the volume of people trying to get answers about what exactly has gone missing.

One of the things that will worry TalkTalk customers, is that the last time they were scammed out of money after a hack, TalkTalk refused to accept any liability, and blamed one victim for being tricked. They said, after one of their customers was scammed out of nearly £3,000, that because the customer gave details to the fraudster, he was “validating and authorising the transfer of funds”.

So what about this hack? Well, TalkTalk said that it is possible that credit card and bank account details could’ve been swiped, as well as personal info like names, addresses, dates of birth, email addresses and telephone numbers. Here’s the kicker – TalkTalk have said that “not all of the data was encrypted” but that they think “our systems were as secure as they could be”.

Basically, customers need to keep an eye on their accounts and keep checking for any odd behaviour or payments being made from it. If you do see something odd going on, you need to report it to ActionFraud. Obviously, like always, if anyone rings you up asking for your passwords and the like, tell them to piss off. No legit business ever asks for your passwords and bank details.

Until then, wait for TalkTalk to get in touch and they should tell you more in due course.

UPDATE: TalkTalk is pointing customers in the direction of a special site if there are any questions: If you’d prefer to ring someone, then the number is 0800 083 2710, or 0141 230 0707, but remember, they’re likely to be extremely busy today.

UPDATE 2: have published some figures to show how many people were supposedly affected. They’ve said:

  • less than 1.2 million customer email addresses, name and phone numbers
  • less than 28,000 obscured credit and debit card details
  • less than 21,000 bank account numbers and sort codes
  • less than 15,000 customer dates of birth