Daily Digest (7/24)

Over 1,000 Twitter Employees, Contractors Could Have Helped in Hacking Accounts; States Probing Apple for Potential Consumer-Protection Law Violation; Website Security Breach Exposes 1M DNA Profiles; NY Lawmakers Vote to Pause Facial Recognition in Schools for 2 Years. Click “Continue reading” below.

Over 1,000 Twitter Employees, Contractors Could Have Helped in Hacking Accounts

More than 1,000 workers and contractors at Twitter as of earlier this year had access to internal tools that could change user account settings and hand control to others, according to two former employees.

The disclosures, reported by Reuters, made it hard for the company to counter the hacking of many high-profile verified accounts last week. 

Twitter and the FBI are investigating the breach that allowed hackers to repeatedly tweet from accounts belonging to such users as Democratic presidential candidate Joe Biden, philanthropist Bill Gates, Tesla CEO Elon Musk and former New York City Mayor Mike Bloomberg.

Twitter said Saturday that the perpetrators “manipulated a small number of employees and used their credentials” to log into tools and turn over access to 45 accounts.

But the company said Wednesday that the hackers could have read direct messages to and from 36 accounts, though Twitter did not identify the affected users.

The former employees told Reuters that too many people could have done the same thing, more than 1,000 as of earlier in 2020, including some at contractors like Cognizant Technology Solutions Corp., based in Teaneck, N.J.

Twitter declined to comment on the figure and would not say whether the number declined before or since the hack, Reuters reports.

Cognizant did not respond to a request for comment.

Source (all sources external links):

States Probing Apple for Potential Consumer-Protection Law Violation

Texas is among several states whose attorneys general are investigating Apple over potential violations of a consumer-protection law, CNBC reports.

The report was based on a document obtained by the Tech Transparency Project through an open records request and shared with the cable network.

The document, sent in March and first reported by Axios, says that the attorney general’s office in the Texas Consumer Protection Division “is involved in a multistate investigation into Apple for potential violations of the Texas Deceptive Trade Practices Act.”

The investigation was started “for enforcement purposes,” the document said, adding that the office “anticipates litigation in this matter.”

No details on the scope of the probe were included, while the Texas Deceptive Practices Act covers a wide range of potential harms, CNBC reports.

Apple is facing antitrust scrutiny in the U.S. and abroad — and CEO Tim Cook will face Congress on Monday alongside his Big Tech peers.

A spokesperson for the Texas Attorney General’s office told CNBC that “we cannot comment on, confirm or deny any potential or ongoing investigations.”

An Apple spokesperson did not immediately respond to a request for comment.


Website Security Breach Exposes 1M DNA Profiles

A genealogy website used to catch one of California’s most-wanted serial killers remained closed Thursday after a security breach exposed the DNA profiles of more than a million people to law-enforcement agencies.

In a message emailed to members and posted Wednesday on its Facebook page, GEDmatch said on Sunday a “sophisticated attack” on its servers through an existing user account was made — and the DNA profiles of its members was made available for police to search for about three hours, The Associated Press reports.

“We became aware of the situation a short time later and immediately took the site down,” GEDmatch said.

The company briefly resumed but shut down again after it was the target of a second breach Monday, when all user permissions were set to opt-in to law-enforcement matching, the company said.

“We can assure you that your DNA information was not compromised, as GEDmatch does not store raw DNA files on the site,” the company said.

“When you upload your data, the information is encoded and the raw file deleted,” according to the report. “This is one of the ways we protect our users’ most sensitive information.”

The company said it was informed Tuesday that customers of MyHeritage, an Israel-based genealogy website that also used GEDmatch, were targets of a phishing scam.

On its site Thursday, a message read: “The GEDmatch site is down for maintenance. Currently no ETA for availability.”

In 2018, GEDmatch helped investigators in California identify Joseph James DeAngelo, also known as the Golden State Killer.

DeAngelo is suspected of killing 13 people and raping nearly 50 women in California during the ’70s and ’80s.

Last month, DeAngelo pleaded guilty to dozens of crimes in return for being spared the death penalty.


NY Lawmakers Vote to Pause Facial Recognition in Schools for 2 Years

The New York Legislature has passed a two-year moratorium on the use of facial recognition in schools.

The ban approved by the House and Senate on Wednesday follows the upstate district’s adoption of the technology as part of its security plans and a lawsuit from civil-rights advocates challenging that move, The Associated Press reports.

The legislation would bar the use of biometric-identifying technology in schools until at least July 1, 2022, and it directs the state’s education commissioner to issue a report examining its potential impact on student and staff privacy and recommending guidelines.

In January, the Lockport Central School District began using face technology after meeting conditions set by state education officials, including that no students be entered into the database of potential threats.

Schools have been closed since mid-March because of the coronavirus pandemic.


— By DPN Staff