Pages

Thursday, September 08, 2022

TikTok Denies Breach After Hacker Claims ‘2 Billion Data Records’ Stolen

Earlier this month, I reported how security researchers had uncovered a serious TikTok vulnerability that could have exposed users to a 1-click account takeover exploit. That issue, impacting Android app users, has long since been patched by TikTok. However, just as TikTok users breathe a sigh of relief, reports that TikTok U.S. has been hacked have started circulating, first on an online data breach marketplace forum and then Twitter over the holiday weekend. A TikTok spokesperson has told this reporter that no evidence of a security breach has been found. Security experts recommend that TikTok users change their passwords and ensure two-factor authentication (2FA) is activated anyway, out of an abundance of caution.

Chinese Owned TikTok Denies Breach After Hacker Claims ‘2 Billion Data Records’ Stolen



AP: “Local law enforcement agencies from suburban Southern California to rural North Carolina have been using an obscure cellphone tracking tool, at times without search warrants, that gives them the power to follow people’s movements months back in time, according to public records and internal emails obtained by The Associated Press. Police have used “Fog Reveal” to search hundreds of billions of records from 250 million mobile devices, and harnessed the data to create location analyses known among law enforcement as “patterns of life,” according to thousands of pages of records about the company. 

Sold by Virginia-based Fog Data Science LLC, Fog Reveal has been used since at least 2018 in criminal investigations ranging from the murder of a nurse in Arkansas to tracing the movements of a potential participant in the Jan. 6 insurrection at the Capitol. The tool is rarely, if ever, mentioned in court records, something that defense attorneys say makes it harder for them to properly defend their clients in cases in which the technology was used. The company was developed by two former high-ranking Department of Homeland Security officials under former President George W. Bush. It relies on advertising identification numbers, which Fog officials say are culled from popular cellphone apps such as Waze, Starbucks and hundreds of others that target ads based on a person’s movements and interests, according to police emails. That information is then sold to companies like Fog. “It’s sort of a mass surveillance program on a budget,” said Bennett Cyphers, a special adviser at the Electronic Frontier Foundation, a digital privacy rights advocacy group…”


Riviera Maya ATM-Skimming Gang Invests Fortune, Dodges Justice in Paraguay and Brazil



Top Stories 
Los Angeles: Two more sentenced in RICO action for grandparent fraud; get 2 years and nearly six years prison; acted as mules and sometimes picked up money from victims in person

Five ways you should never send moneyto anyone you have not met face to face.  And especially never to anyone who claims to be with the government.

  • Zelle – Your bank will not refund the money
  • MoneyGram Western Union, or RIA – Once its sent you can’t get it back
  • Bitcoin or other crypto – Especially never from a bitcoin ATM. And tracing it is almost impossible
  • Buying a gift card and providing the scratch off number on the back.Crooks can cash these out in minutes

BBB issues new study on Payday Loan Scams

  • Real payday lenders charge very high fees
  • Scammers impersonate real lenders to offer payday loans
  • Scammers also claim to be collecting debt on old payday loans
  • Complaints about both are going down
  • Infographic here

Need an expert witness for consumer protection or fraud issues?  Let me know.
 
Fraud Studies. Here are links to the studies I’ve written for the Better Business Bureau: puppy fraudromance fraudBEC fraudsweepstakes/lottery fraud,  tech support fraudromance fraud money mulescrooked moversgovernment impostersonline vehicle sale scamsrental fraudgift cards,  job scams,  online shopping fraud, and crypto scams
 
Fraud News Around the world

Humor 

FTC and CFPB  

Virus Benefit Theft

Business Email compromise fraud 

Ransomware  

Bitcoin and cryptocurrency

ATM skimming

Romance Fraud and Sextortion