Indicators of Account Compromise

Sometimes it’s obvious when your accounts are hacked. Maybe your money is gone. Maybe you can no longer log in using the password you know is correct. Maybe everyone you know has gotten a scam email from you that you didn’t send. But sometimes bad guys aren’t so obvious. They may lurk around in your accounts to gather information for identity theft or in hopes of gaining access to other more lucrative accounts. I’ll tell you how to find out.

In other news: CA governor vetoes opt-out signal bill but signs car privacy bill; 23andMe is in trouble and your data may be, too; PayPal opted you into data sharing without asking; Kaspersky deletes itself and installs UltraAV without asking; 100 million Americans had background data leaked; researchers add facial recognition tech to Meta’s smart glasses; NIST updates password rules to with common sense changes; US & Microsoft seize 100+ web domains used by Russian hackers.

Article Links

1. [Ars Technica] Calif. Governor vetoes bill requiring opt-out signals for sale of user data https://arstechnica.com/tech-policy/2024/09/calif-gov-vetoes-attempt-to-require-new-privacy-option-in-browsers-and-oses/ 
2. [Teach Privacy] Bankruptcy Sale of DNA Data: From Toysmart to 23andMe https://teachprivacy.com/bankruptcy-sale-of-dna-data-from-toysmart-to-23andme/ 
3. [404 Media] Paypal Opted You Into Sharing Data Without Your Knowledge https://www.404media.co/paypal-personalized-shopping-opt-out/ 
4. [Bleeping Computer] Kaspersky deletes itself, installs UltraAV antivirus without warning https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/ 
5. [Tom’s Guide] 100 million Americans just had their background check data exposed https://www.tomsguide.com/computing/online-security/100-million-americans-just-had-their-background-check-data-exposed-online-how-to-stay-safe 
6. [404 Media] Someone Put Facial Recognition Tech onto Meta’s Smart Glasses to Instantly Dox Strangers https://www.404media.co/someone-put-facial-recognition-tech-onto-metas-smart-glasses-to-instantly-dox-strangers/ 
7. [Ars Technica] NIST proposes barring some of the most nonsensical password rules https://arstechnica.com/security/2024/09/nist-proposes-barring-some-of-the-most-nonsensical-password-rules/ 
8. [The Record] California passes car data privacy law to protect domestic abuse survivors https://therecord.media/california-car-data-privacy-law-domestic-abuse-tracking 
9. [Semafor] US, Microsoft seize more than 100 websites used by Russian hackers https://www.semafor.com/article/10/03/2024/us-microsoft-seize-more-than-100-websites-used-by-russian-hackers 
10. Tip of the Week: Indicators of Account Compromise: https://f