Facebook Removes Fake Chinese Accounts Aimed at Disrupting Political Activity; Open Bing Mobile App Server Exposes Huge Data Trove; Justice Departments Seeks to Change Internet Platform Immunity; Cincinnati Hospital Data Exposed in Another Blackbaud Hack. Click “Continue reading” below.

Facebook Removes Fake Chinese Accounts Aimed at Disrupting Political Activity

Facebook said it had removed fake accounts and pages originating in China and focused on disrupting political activity in the U.S. and several other countries.

The company said that the U.S. activity was only a “sliver” of the overall activity and that the primary focus was Southeast Asia, including the Philippines, The Associated Press reports.

In the U.S., the fake accounts posted material both in support of and against Democratic presidential primary candidates Pete Buttigieg and Joe Biden and Republican President Donald Trump.

Facebook did not link the network directly to the Chinese government, saying that the individuals involved concealed their identity and location through virtual private networks and other methods.

The FBI and Department of Homeland Security’s cybersecurity agency warned Tuesday that foreign actors and cybercriminals were likely to try to spread disinformation, including creating fake websites and social media content to discredit the election process, AP reports.

Sources (all external links):

• The Associated Press:  Facebook: Fake pages from China tried to disrupt US politics 

Open Bing Mobile App Server Exposes Huge Data Trove

More than 6.5 terabytes of user information on the Bing mobile app, a search engine owned by Microsoft, was exposed when a server was left open last week.

The WizCase online security team uncovered the leak, telling Microsoft on Sept. 13, Apple Insider reports.

Microsoft said it secured the database three days later.

According to WizCase, the Bing server was hit twice in a Meow attack: a bot that wiped clean the unsecured databases, replacing them with new ones featuring the word “meow,” The Register reports.

The information did not include such personal details as names, addresses or email addresses, though some information on what Bing users searched for was exposed.

That included illegal content that could leave individuals vulnerable to blackmail or phishing, according to the Register.

“We’ve fixed a misconfiguration that caused a small amount of search-query data to be exposed,” a Microsoft representative told the Register. “After analysis, we’ve determined that the exposed data was limited and de-identified.”

Sources:

• Apple Insider: Bing mobile app database left open to hackers, millions of user data sets compromised 
• The Register: Microsoft leaks 6.5TB in Bing search data via unsecured Elastic server. *Insert ‘Wow… that much?’ joke here* 

Justice Departments Seeks to Change Internet Platform Immunity

The U.S. Justice Department released a legislative proposal Wednesday that seeks to reform a legal immunity for internet companies.

The proposal aims to curb Section 230 of the Communications Decency Act, which protects big tech companies like Google and Facebook from liability over content posted by users, Reuters reports.

The proposal states that when internet companies “willfully distribute illegal material or moderate content in bad faith, Section 230 should not shield them from the consequences of their actions.”

The agency also proposes reforms to ensure internet companies are transparent about their decisions when removing content and seeks to revise existing definitions of Section 230 with more concrete language that offers more guidance to users and courts, Reuters reports.

Source:

• Reuters:  U.S. Justice Department proposes changes to internet platforms’ immunity  

Cincinnati Hospital Data Exposed in Another Blackbaud Hack

Personal information of donors to The Christ Hospital in Cincinnati has been exposed after the third-party provider, Blackbaud, experienced a cyberattack last month.

Blackbaud informed Christ Hospital officials on July 16 that it had discovered and stopped a ransomware attack that occurred intermittently between Feb. 7 and May 20, Yahoo Finance reports.

According to Local 12 News in the city, the breach exposed names, addresses, birthdays and telephone numbers — though no Social Security numbers or financial information was exposed.

Blackbaud said it paid hackers to ensure that the leaked data was permanently destroyed.

In a Blackbaud breach disclosed Tuesday, information of patients and donors to a pediatric health system in Minnesota was exposed in the second-largest healthcare data breach in state history.

More than 3 million people in the U.S. have been affected by the Blackbaud attack. 

Sources: 

• Local 12: Hackers steal personal information from some The Christ Hospital donors
• Yahoo Finance: The Christ Hospital Health Network Notifies Patients of Blackbaud Security Incident

— By DPN Staff