The biggest story of the week, and one that continues, is the 16 billion username and password breaches. Described as the Mother of all Breaches (MOAB), the story turns out to be as much fiction as fact. Initially promoted as a wholly new data set, the size should have been the red flag; many national news outlets and vendors jumped on it without any fact-checking. Now, the majority are trying to walk it back.
It does, however, make a point. Aggregated data sets have been around forever. Previously, vendors would check before rushing out a statement from their CEO. Now, with AI creating fictional stories and pushing them as news, vendors are told to react faster by their PR teams. Less haste, more quality should be the message here.
In other news, the UK ICO fined genetic testing company 23andMe £2.31 million. It is related to a data breach that impacted the data of 155,592 UK users. The company failed to prevent a credential stuffing attack that allowed user data to be accessed and stolen. While the credentials were not stolen from 23andMe, it had no effective security to prevent such a basic level of attack.
Dave McGrail, head of business consultancy at Xalient, took part in an Enterprise Times Security Podcast around identity. McGrail believes that we need to see identity as a business enabler. Not only will that improve security, but it will deliver value to the business. That is especially true as Agentic AI becomes more established.
noyb
noyb has gone after the German DPAs of North Rhine-Westphalia and Hesse for not dealing with ‘Pay or OK’ systems. It has given them four years to respond to complaints, but so far, the response is “we can’t decide yet.” It will be interesting to see how this plays out, as GDPR decision delays are increasing, so can this noyb action bring a result?
noyb is also warning of Meta’s plans to push ads into WhatsApp using data from Instagram and Facebook. It further integrates WhatsApp into the wider Meta data lake and comes at a time when Meta is working hard to persuade people it can’t see their data. What it hasn’t done is say how the AI in WhatsApp shares data. noyb’s main concern is privacy and the introduction of a Pay or OK approach.
US Department of Justice
The Justice Department announced it is stepping up efforts to protect older Americans from fraud. Much of that fraud is transnational and racks up billions of dollars in theft from vulnerable people. The types of crimes range from romance fraud, lottery fraud, tech support fraud, and grandparent scams.
Attorney General Pamela Bondi, said, “Prosecutors across the country are stepping up the fight against malicious schemes that target older Americans. We are working with domestic law enforcement and foreign counterparts every day to hold criminals accountable and ensure that justice is done for our seniors both here at home and abroad.”
