|
|
 |
Everyone says they’re concerned about privacy. In reality, everyone shares data carelessly.
- Huan Tang, finance professor at Wharton
|
|
|
Welcome to Snippets - Genetics testing company 23andMe revealed the extent of a recent data breach, with the final tally of affected users coming in at 6.9 million. The breach was initially reported in October after a data set containing 1 million data points on Ashkenazi Jews appeared on notorious hacker site BreachForums.
Plus, university researchers traced a drop in app downloads and revenue to Apple's privacy label policy, Google's AI lab, DeepMind, was able to extract training data from ChatGPT using a single word, Meta is facing a $600 million lawsuit in Spain, and more.
|
|
|
|
|
23andMe confirms 6.9 million accounts were hacked
|
 |
|
Getty
|
In a statement to The Verge, 23andMe confirmed that a recent security breach affected 6.9 million users—5.5 million from the DNA Relatives feature, plus 1.4 million more from users whose family trees were accessed.
|
- In an October SEC filing, 23andMe reported a credential stuffing attack, where hackers used logins from other security breaches to log into 23andMe accounts.
- The filing stated that attack affected around 14,000 users, but a statement last Friday noted hackers had also accessed “a significant number of files.”
- With access from the credential stuffing breach, hackers used the DNA Relatives feature to access millions of other profiles—capturing display and family names, self-reported locations, birth location, profile pictures, and more.
- Though 23andMe maintains that the company’s systems aren't to blame for the leak, the incident still raises serious questions about 23andMe’s access controls and security.
|
|
|
|
|
|
|
Buyer's Guide: 5 steps for identifying an effective CMP
|
|
The right CMP will provide an efficient way to collect, sync, and enforce user preferences and consent across all touchpoints and backend systems. But finding the right CMP for your needs can be a challenge. This step-by-step guide includes:
- 6 must-haves for effective CMPs
- 5 steps for choosing the best CMP for you
- An internal evaluation questionnaire
- A platform comparison matrix
- Key questions to ask potential vendors
Download the full guide below!
|
|
|
|
|
|
|
|
The potential costs of privacy negligence
|
 |
|
|
A joint paper by university researchers found that Apple’s privacy policy, which requires data collection disclosures from service providers, led to 14% fewer weekly downloads and a 15% decrease in subscription revenue and in-app purchases.
|
- With limited “large-scale evidence” on privacy, the authors wanted to find out how much privacy consumers actually want, how much privacy companies offer, and how data is used after collection.
- They found that 80% of the 24 data points collected by the average app are non-essential—with data being collected most frequently for first and third-party advertising and personalized experiences.
- The observed effect on downloads, subscription revenue, and stock market performance following Apple’s policy indicates that app developers may have to enforce limits on data collection to avoid negative market consequences.
|
|
|
|
|
|
|
|
DeepMind finds ChatGPT can leak training data
|
 |
|
Google DeepMind
|
A group of researchers at DeepMind, Google’s AI lab, were able to extract sensitive data from ChatGPT using surprisingly simple workarounds—in one case, using endless repetitions of the word “poem.”
|
- Researchers found that, after repeating “poem” many times, ChatGPT began producing illogical text snippets, before eventually revealing full sections of its original training data.
- They also deployed the same method, called “extractable memorization,” to obtain personal information, like phone numbers, on dozens of individuals.
- Out of 15,000 attempted attacks, nearly 17% of responses contained personal information.
- The researchers theorize that using a single-word attack causes the AI model to revert to a simpler operation mode—deploying the mirroring function used during training, rather than generating a unique response.
|
|
|
|
|
|
|
|
- PUNKT launches the privacy-enhanced MC02 phone.
- ChatGPT: One year in review.
- The CPPA submits proposed revisions to the CCPA.
- Meta faces a $600 million lawsuit in Spain.
- You can now use VPNs on Apple TV.
|
|
|
|
|
|
Booking.com customers fall prey to hackers
|
 |
|
PA Media
|
Hackers have intensified their attacks on Booking.com, tricking customers into sending them money by offering $2,000 rewards for hotel log-in details on dark web forums.
|
- Though Booking.com itself hasn’t been breached, hackers accessed the backend portals of several hotels listed on the site—using them to defraud customers across the globe.
- Cybersecurity firm Secureworks noted that the hackers pose as guests and send emails to hotel staff, including links to ID proof. When clicked, the links install malware on staff computers.
- Once the malware extracts the log-in credentials, the hackers message customers about current reservations from the official app, tricking them into paying the attackers instead of the hotel.
|
|
|
|
|
|
|
|
Illinois Supreme Court rules healthcare workers are exempt from BIPA
|
 |
|
|
The Illinois Supreme Court ruled that biometric data collected from healthcare employees while on the job is exempt from certain provisions of the Biometric Information Privacy Act (BIPA).
|
- The case was filed by Lucille Mosby, a registered nurse working for UChicago Medicine Ingalls Memorial Hospital, who was required to scan her fingerprint to access a medication dispensing system.
- In its defense, the hospital cited Section 10 of the BIPA, which exempts biometric data collected for dispensing treatments.
- The court reasoned that the terms “treatment, payment, [and] operations” were defined as exceptions and that healthcare included the provision of drugs, devices, and equipment.
|
|
|
|
|
|
|
Examining privacy risks in AI systems
|
|
AI systems are, by their very design, data-driven—allowing them to learn and evolve in a way that makes the technology compelling to businesses and individuals alike. But this reality comes hand-in-hand with clear privacy risks.
Our latest guide covers the various privacy risks presented by artificial intelligence, plus strategies AI developers can use to address these potential pitfalls.
|
|
|
|
|
|
|
|
|
Snippets is delivered to your inbox every Thursday morning by Transcend. We're the platform that helps companies put privacy on autopilot by making it easy to encode privacy across an entire tech stack. Learn more.
|
|
|
|
You received this email because you subscribed to Snippets. Did someone forward this email to you? Head over to Transcend to get your very own free subscription! Curated in San Francisco by Transcend.
|
|
|
|
|
|
