© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Weekly recap: are you eligible for compensation from Facebook?

Facebook was fined over $200 million for GDPR violations. LastPass was breached yet again. A Russian firm pays millions for zero-day bugs worth at least three times less on the market.

Here's this week's recap – a brief summary of leaks, hacks, and threats Cybernews observed between November 21 – December 2, 2022.

LastPass breach

Password manager with over 25 million users confirmed yet another breach in just a couple of months. Apparently, an attacker used data obtained from the previous breach and, this time, gained access to "certain elements of their customers' information." Cybernews has reached out to LastPass for more information and user advice. However, the company has yet to share more details than we already know.

We can give them credit for at least coming forward with the breach rather than trying to brush it under the rug, as many companies do. For example, there's still no official comment on the alleged WhatsApp leak from Meta despite some media outlets circulating the statement by WhatsApp's unnamed representative in Asia.

Facebook fine

On Monday, Ireland's privacy watchdog fined Facebook €265 million ($277m) by Ireland's data privacy regulator over a leak that exposed over 533 million Facebook user records.

This is the second fine for Meta in merely a couple of months.

In September, Ireland had already fined Meta-owned Instagram €405 million after examining the public disclosure of children's emails and phone numbers.

Now, if you are a resident of the EU and a particular company failed to protect your sensitive data, you are entitled to compensation according to the General Data Protection Regulations (GDPR).

First, you can try and fill a complaint directly with Meta, although the company doesn't make it easy to figure out who to contact. You can also reach out to your local privacy watchdog and, eventually, even file a lawsuit.

You can be eligible for compensation for material and non-material damage, such as stress. The compensation amount can vary, but German media reports cases where the court ordered €1,000 ($1,054.2) compensation to Facebook users.

"You do not have to make a court claim to obtain compensation – the organization may simply agree to pay it to you. However, if it does not agree to pay, your next step would be to claim in court. The court would decide your case. If it agreed with you, it would decide whether or not the organization would have to pay you compensation," the UK's Information Commissioner Office said.

Escort spam to masquerade what’s important

Beijing is going above and beyond in its attempts to clamp down protests against COVID-19 restrictions. Pro-chinese actors are also actively spreading conspiracy theories that the West “invested” over $500 million to sponsor the protests.

Local regulators are trying to bury the Twitter feed on protests flooding it with spam escort ads. Despite Twitter being banned in China, data from the app analytics firm SensorTower shows that its downloads have been surging.

The surge in downloads of the app then must mean users are able to jump over the “Great Firewall” – either by applying a censorship circumvention tool, or logging into virtual private networks.

Explicit content seems to be dominating on TikTok as well. Apparently, hackers have been exploiting the trending “Invisible Challenge,” in which a person filming a selfie poses naked while using a blurring digital video effect, to deliver malware.

Ikea hack

IKEA Morocco and Kuwait are investigating a cyberattack that caused disruptions in some of its operating systems.

IKEA was hit by a ransomware cartel Vice Society that added data stolen from IKEA Morocco and IKEA Kuwait to the gang’s website.

Last year, IKEA was hit by a wave of email reply-chain cyberattacks that targeted the company’s internal mailboxes, as well as those of IKEA’s suppliers and business partners.

Russian zero-day retailer

OpZero, a Russian company, is a fairly new player in the market of zero-day exploits, but it raised some eyebrows with unusually high prices for certain vulnerabilities. It made headlines after an announcement said it was willing to pay $1.5 million for a Signal RCE exploit – three times more than Zerodium, its closest competitor.

Sergey Zelenyuk, the founder of the firm, told Cybernews that “the price for Signal exploits weren't raised recently, it had been set for such an amount back when we started the company, which was even before the special military operation [what Zelenyuk calls Russia’s war in Ukraine].”

The price is high because vulnerabilities are usually purchased by governments that have an interest in stockpiling zero-day exploits and using them, for instance, for spying on their adversaries.

Editor’s choice:

From NASA to TJX Companies hackers: five notorious cybercriminals who saw jail time

Hyundai app bug allows anyone to unlock the car remotely

How to avoid hacking hangover at the airport this holiday season

“She’s 83” is trending in UK as people disagree whether old age excuses racism

Big tech wars: Musk and Zuckerberg take shots at Apple and its App Store policies

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked