This week Amazon announced that "Approximately 1,500 local Amazon employees will operate and work with innovative robotics technology" at a new fulfillment center that's a first of its kind for Central New York.

Amazon's press release says they've created 39,000 jobs in New York since 2010 — and "invested over $14 billion in the state of New York" — though they're counting what they paid workers as "investing" (as well as what they paid to build Amazon's infrastructure).

Long-time Slashdot reader theodp writes: In 2019, Onondaga County (New York) officials unanimously approved $71 million in tax breaks to support the development of a giant warehouse in the Town of Clay... "I am very excited to see this tremendous investment in Central New York coming to fruition," said U.S. Representative John Katko. "The new Fulfillment Center will be revolutionary for our region, creating over 1,500 jobs and making significant contributions to the local economy."

Driving home Katko's point, the press release added, "In April of 2021, Amazon furthered its commitment to invest in education programs that will drive future innovation in the communities it serves by donating $1.75 million to construct a new STEAM (Science, Technology, Engineering, Arts, and Math) high school in Onondaga County. Amazon's donation will fund robotics and computer science initiatives at the new school [presumably using Amazon-supported curriculum providers]." Unlike Amazon's Fulfillment Center, the new STEAM high school is unlikely to open before Fall 2023 at the earliest, as the $74-million-and-counting project (that Amazon is donating $1.75M towards) to repurpose a school building that has sat empty since 1975 has experienced delays and cost increases.
Amazon's press release notes the company also donated $150,000 to be "the presenting sponsor" for the three-day Syracuse Jazz Fest. And it also touts Amazon's support for these other central New York organizations (without indicating the amount contributed):

• Rescue Mission Alliance: Working to end homelessness and hunger in greater Syracuse.
• Milton J. Rubenstein Museum of Science and Technology (MOST): Supporting the "Be the Scientist" program for Syracuse-area public school students to visit the museum and learn about STEM careers and sponsor planetarium shows for area students.
• The Good Life Foundation, a nonprofit serving youth in downtown Syracuse
• DeWitt Rotary Club

Here's an announcement from lawfirm DiCello Levitt Gutzler. This week a U.S. District court "granted preliminary approval of a $90 million settlement" with Facebook's parent company, Meta Platforms, "to resolve a long-running class action accusing Facebook of tracking its subscribers' activities on non-Facebook websites — even while signed out of their Facebook accounts."

"The monetary component makes this the seventh-largest data privacy class action settlement ever to receive preliminary court approval."

Long-time Slashdot reader destinyland quotes the announcement: Individuals who, between April 22, 2010, and September 25, 2011, inclusive, were Facebook users in the United States and visited non-Facebook websites that displayed the Facebook Like button, may be eligible for a payment from the settlement fund. Email notices from the claims administrator, Angeion, have started to go out, and will continue in batches through July 15, 2022. Recipients of an email notice should note an ID and confirmation code in the top left corner, which should be use in submitting their claim.

However, even those who do not receive an email notice are still permitted to file a claim, and the administrator will determine whether they are eligible.

The correct link to the class action lawsuit website is: fbinternettrackingsettlement.com/

The deadline to submit a claim is September 22, 2022.
Komando.com adds that "While Facebook has denied any wrongdoing, it chose to settle the matter outside of court before it went to trial..."

"It's impossible to tell how much you can get at this stage in the lawsuit, as the final payout will depend on the number of claims submitted and additional fees. All settlement class members will be paid in equal amounts."

America's Securities and Exchange Commission "is considering broad changes to curb the frenetic trading of stocks based on social media activity," reports Reuters: The proposed overhaul would be the biggest change to Wall Street's rules since 2005 and would affect nearly every corner of the market, from commission-free brokerages to market makers and exchanges. The U.S. House Committee on Financial Services on Friday called for the SEC, along with other regulators, to do more to protect the markets from similar events....

The U.S. House Financial Services Committee on Friday urged Congress to adopt legislation mandating the SEC study how its rules need to change to address new technological developments, such as digital engagement practices and social media-driven market activity.

Russia's invasion of Ukraine is "the first full-scale battle in which traditional and cyberweapons have been used side by side," reports the New York Times. But the biggest surprise is that "many of the attacks were thwarted, or there was enough redundancy built into the Ukrainian networks that the efforts did little damage... more than two-thirds of them failed, echoing its poor performance on the physical battlefield."

Microsoft president Brad Smith says the ultimate result is Russia's attempted cyberatacks get underreported, according to the Times: [A study published by Microsoft Wednesday] indicated that Ukraine was well prepared to fend off cyberattacks, after having endured them for many years. That was at least in part because of a well-established system of warnings from private-sector companies, including Microsoft and Google, and preparations that included moving much of Ukraine's most important systems to the cloud, onto servers outside Ukraine....

In many instances, Russia coordinated its use of cyberweapons with conventional attacks, including taking down the computer network of a nuclear power plant before moving in its troops to take it over, Mr. Smith said. Microsoft officials declined to identify which plant Mr. Smith was referring to. While much of Russia's cyberactivity has focused on Ukraine, Microsoft has detected 128 network intrusions in 42 countries. Of the 29 percent of Russian attacks that have successfully penetrated a network, Microsoft concluded, only a quarter of those resulted in data being stolen. Outside Ukraine, Russia has concentrated its attacks on the United States, Poland and two aspiring members of NATO, Sweden and Finland...

But Microsoft, other technology companies and government officials have said that Russia has paired those infiltration attempts with a broad effort to deliver propaganda around the world. Microsoft tracked the growth in consumption of Russian propaganda in the United States in the first weeks of the year. It peaked at 82 percent right before the Feb. 24 invasion of Ukraine, with 60 million to 80 million monthly page views. That figure, Microsoft said, rivaled page views on the biggest traditional media sites in the United States. One example Mr. Smith cited was that of Russian propaganda inside Russia pushing its citizens to get vaccinated, while its English-language messaging spread anti-vaccine content. Microsoft also tracked the rise in Russian propaganda in Canada in the weeks before a trucker convoy protesting vaccine mandates tried to shut down Ottawa, and that in New Zealand before protests there against public health measures meant to fight the pandemic.
Russians successfully "sabotaged a satellite communications network called Viasat in the opening days of the war," notes the Washington Post, "with the damage spilling over into other European countries. But Ukraine, working with private tech companies, Western intelligence and its own expert software engineers, has quickly fixed most of the damage..."

"The close partnerships that have emerged between U.S. technology companies and Western cybersecurity agencies is one of the unheralded stories of the war...." "Cyber responses must rely on greater public and private collaboration," argues Brad Smith, Microsoft's president, in a new study... published Wednesday on Microsoft's "lessons learned" from cyber conflict in Ukraine. A White House cyber official explains the new cooperative approach this way: "Where companies see destructive attacks, that has driven partnerships with the intelligence community and other government agencies to see how best we can share information to protect infrastructure around the world." The tech world's sympathies lie with the underdog, Ukraine. That applies to giant firms such as Microsoft and Google....

Ukraine's cybersecurity defense benefited from an early start. U.S. Cyber Command experts went to Ukraine months before the war started, according to its commander, Gen. Paul Nakasone. Microsoft and Google became involved even earlier. Microsoft began monitoring Russian phishing attacks against Ukrainian military networks in early 2021, and through the rest of last year observed increasingly aggressive hacks by six different attackers linked to Russia's three intelligence services, the GRU, SVR and FSB, according to a Microsoft report released in April. Microsoft has spent a total of $239 million on financial and technical assistance to Ukraine, a company official said....

Google, a part of Alphabet, has also helped Ukraine fend off threats. Back in 2014, prompted by Russia's use of DDOS ("distributed denial-of-service") malware in its seizure of Crimea and eastern Ukraine, Google began what it called "Project Shield." Software protected news sites, human rights groups and election sites against crippling DDOS floods of junk internet messages. Today, Project Shield is used by 200 sites in Ukraine and 2,300 others in 140 countries around the world, according to Jared Cohen, the chief executive of Google's Jigsaw unit.

"China's ambition to collect a staggering amount of personal data from everyday citizens is more expansive than previously known," reports the New York Times, after their Visual Investigations team with reporters in Asia "spent more than a year analyzing more than 100,000 government bidding documents." The Chinese government's goal is clear: designing a system to maximize what the state can find out about a person's identity, activities and social connections.... The Times analysis found that the police strategically chose locations to maximize the amount of data their facial recognition cameras could collect.... The police also wanted to install facial recognition cameras inside private spaces, like residential buildings, karaoke lounges and hotels. In the police's own words, the strategy to upgrade their video surveillance system was to achieve the ultimate goal of "controlling and managing people."

Authorities are using phone trackers to link people's digital lives to their physical movements. Devices known as Wi-Fi sniffers and IMSI catchers can glean information from phones in their vicinity, which allow the police to track a target's movements... In a 2017 bidding document from Beijing, the police wrote that they wanted the trackers to collect phone owners' usernames on popular Chinese social media apps.... As of today, all 31 of mainland China's provinces and regions use phone trackers.

DNA, iris scan samples and voice prints are being collected indiscriminately from people with no connection to crime. The police in China are starting to collect voice prints using sound recorders attached to their facial recognition cameras. In the southeast city of Zhongshan, the police wrote in a bidding document that they wanted devices that could record audio from at least a 300-foot radius around cameras. Software would then analyze the voice prints and add them to a database. Police boasted that when combined with facial analysis, they could help pinpoint suspects faster.
The Times also created a separate video summarizing the results of their investigation.

And their article notes estimates that more than half the world's 1 billion surveillance cameras are already in China — but there's more information to be gathered. One of China's largest surveillance contractors also pitched software that to the government displays a person's "movements, clothing, vehicles, mobile device information and social connections," according to the Times. "The Times investigation found that this product was already being used by Chinese police."

Thanks to Slashdot reader nray for sharing the story.

An anonymous reader quotes a report from PC Gamer: Back in March, a wave of bizarre copyright strikes rocked the Destiny 2 community. Not only did it affect some of the game's biggest content creators, but also videos on Bungie's own YouTube channel. It turned out none of them had actually come from the developer but a "bad actor" impersonating two employees from the CSC, Bungie's IP protection agency of choice. Now, that person has allegedly been identified and Bungie's suing them for a whopping $7.6 million. Ouch.

Nicholas 'Lord Nazo' Minor is accused of fraudulently firing off 96 separate DMCA takedown notices throughout mid-March (thanks, TheGamePost). According to the lawsuit (PDF), Minor was issued legitimate copyright strikes in both December 2021 and March 2022 for uploading the OST for Destiny's The Taken King and The Witch Queen expansions. During that period, Minor is said to have created two separate email addresses impersonating CSC employees. He then used those email addresses to issue the false takedown notices.

The lawsuit goes on to say that during the whole kerfuffle, Minor was "taking part in the community discussion of 'Bungie's' takedowns, spreading disinformation" as well as trying to file a counterclaim with YouTube, saying the legitimate takedowns on his channel were included in the wave of fraudulent ones. Bungie claims that the situation caused "significant reputational and economic damage," with the publisher having to "devote significant internal resources to addressing it and helping its players restore their videos and channels." It claims its "entitled to damages and injunctive relief, including enhanced statutory damages of $150,000 for each of the works implicated in the Fraudulent Takedown Notice that willfully infringed Bungie's registered copyrights, totaling $7,650,000."

Bipartisan legislation to establish broad privacy rights for consumers won approval from a House subcommittee on Thursday, adding to its momentum. From a report: Lawmakers approved the bill, the American Data Privacy and Protection Act, on a voice vote with no dissent. It now moves to the full Energy and Commerce Committee for a vote. The bill still faces a long and potentially difficult path, particularly in the Senate. Rep. Frank Pallone (D., N.J.), the committee chairman and a sponsor of the bill, termed it "a massive step forward."

"Every American knows it is long past time for Congress to protect their data privacy and security," he said. "The modern world demands it." Republicans also praised the legislation, while suggesting more changes might be needed. "This bill protects all Americans, regardless of ZIP Code, and provides certainty for businesses so they clearly understand their obligations," said Rep. Cathy McMorris Rodgers (R., Wash.), the committee's top Republican. She said the legislation also would strengthen national security by requiring companies such as TikTok -- owned by Beijing-based ByteDance -- to specify when they are transferring and storing consumers' data in countries such as China.

schwit1 writes: The Ohio State University has successfully trademarked the word "THE," in a victory for the college and its branding that is sure to produce eye rolls from Michigan fans and other rivals. Stating the full name of the school has become a point of pride for Ohio State's athletes when introducing themselves on television during games. The three-letter article "THE" has also become an important part of the school's merchandise and apparel. The U.S. Patent and Trademark Office approved Ohio State's application Tuesday. The trademark applies to T-shirts, baseball caps and hats.

"'THE' has been a rallying cry in the Ohio State community for many years," said Benjamin Johnson, a spokesman for the university. Ohio State registered the word as a trademark to protect the university's brand, Mr. Johnson said. Ohio State's trademark and licensing program makes about $12.5 million annually for the university, which funds student scholarships and university programs, he said. "Universities historically are very particular about their trademarks, and they go to a lot of lengths to enforce their trademarks," said Josh Gerben, a trademark attorney, who noted Ohio State's trademark application on Twitter. "There is a lot of value in a university's brand."

Long-time Slashdot reader Mr_Blank shares a report from Gerona: China has enacted new regulation for the live-streaming industry, listing 31 prohibited conducts and raising the bar for influencers to speak out on specific topics, in the government's latest effort to regulate the booming digital economy. The 18-point guideline, released Wednesday by the National Radio and Television Administration and the Department of Culture and Tourism, requires influencers to have relevant qualifications to cover some subjects, including law, finance, medicine and education discuss, although the authorities have not specified the necessary qualifications.

The 31 prohibited conducts during live-streaming sessions include posting content that weakens or distorts the leadership of the Chinese Communist Party, the socialist system, or the country's reform and opening-up. Other prohibited behaviors include using deepfake technologies to manipulate the images of party or state leaders and intentionally 'building up' sensitive issues and attracting public attention. Live streamers are also prohibited from showing an extravagant lifestyle, such as showing luxury products and cash, the policy said. This article originally appeared in the South China Morning Post.

An anonymous reader quotes a report from TechCrunch: Another strike against use of Google Analytics in Europe: The Italian data protection authority has found a local web publisher's use of the popular analytics tool to be non-compliant with EU data protection rules owing to user data being transferred to the U.S. -- a country that lacks an equivalent legal framework to protect the info from being accessed by US spooks. The Garante found the web publisher's use of Google Analytics resulted in the collection of many types of user data, including device IP address, browser information, OS, screen resolution, language selection, plus the date and time of the site visit, which were transferred to the U.S. without adequate supplementary measures being applied to raise the level of protection to the necessary EU legal standard.

Protections applied by Google were not sufficient to address the risk, it added, echoing the conclusion of several other EU DPAs who have also found use of Google Analytics violates the bloc's data protection rules over the data export issue. Italy's DPA has given the publisher in question (a company called Caffeina Media Srl) 90 days to fix the compliance violation. But the decision has wider significance as it has also warned other local websites that are using Google Analytics to take note and check their own compliance, writing in a press release [translated from Italian with machine translation]: "[T]he Authority draws the attention of all Italian managers of websites, public and private, to the illegality of transfers made to the United States through GA [Google Analytics], also in consideration of the numerous reports and questions that are being received by the Office, and invites all data controllers to verify the compliance of the methods of use of cookies and other tracking tools used on its websites, with particular attention to Google Analytics and other similar services, with the legislation on the protection of personal data." A Google spokesperson issued the following statement: "People want the websites they visit to be well designed, easy to use, and respectful of their privacy. Google Analytics helps publishers understand how well their sites and apps are working for their visitors -- but not by identifying individuals or tracking them across the web. These organizations, not Google, control what data is collected with these tools, and how it is used. Google helps by providing a range of safeguards, controls and resources for compliance."

Google is reviewing the Italian DPA's decision, according to the spokesperson.

Security researchers at Lookout recently tied a previously unattributed Android mobile spyware, dubbed Hermit, to Italian software house RCS Lab. Now, Google threat researchers have confirmed much of Lookout's findings, and are notifying Android users whose devices were compromised by the spyware. From a report: Hermit is a commercial spyware known to be used by governments, with victims in Kazakhstan and Italy, according to Lookout and Google. Lookout says it's also seen the spyware deployed in northern Syria. The spyware uses various modules, which it downloads from its command and control servers as they are needed, to collect call logs, record ambient audio, redirect phone calls and collect photos, messages, emails, and the device's precise location from a victim's device. Lookout said in its analysis that Hermit, which works on all Android versions, also tries to root an infected Android device, granting the spyware even deeper access to the victim's data. Lookout said that targeted victims are sent a malicious link by text message and tricked into downloading and installing the malicious app -- which masquerades as a legitimate branded telco or messaging app -- from outside of the app store.

A security researcher found vulnerabilities in Jacuzzi's SmartTub interface that allowed access to the personal data of every hot tub owner. From a report: Jacuzzi's SmartTub feature, like most Internet of Things (IoT) systems, lets users connect to their hot tub remotely via a companion Android or iPhone app. Marketed as a "personal hot tub assistant," users can make use of the app to control water temperature, switch on and off jets, and change the lights. But as documented by hacker Eaton Zveare, this functionality could also be abused by threat actors to access the personal information of hot tub owners worldwide, including their names and email addresses. It's unclear how many users are potentially impacted, but the SmartTub app has been downloaded more than 10,000 times on Google Play.

"The main concern is their name and email being leaked," Zveare told TechCrunch, adding that attackers could also potentially heat up someone else's hot tub or change the filtration cycles. "That would make things unpleasant the next time the person checked their tub," he said. "But I don't think there is anything truly dangerous that could have been done -- you have to do all chemicals by hand." Eaton first noticed a problem when he tried to log in using the SmartTub web interface, which uses third-party identity provider Auth0, and found that the login page returned an "unauthorized" error. But for the briefest moment Zveare saw the full admin panel populated with user data flash on his screen.

The U.S. Food and Drug Administration is preparing to order Juul Labs Inc to take its e-cigarettes off the market in the United States, the Wall Street Journal reported on Wednesday, citing people familiar with the matter. Reuters reports: Juul has faced heightened scrutiny from regulators, lawmakers and state attorneys general over the appeal of its nicotine products to teenagers. Under pressure, the company in late 2019 had halted U.S. sales of several flavors. "This clearly comes as a surprise to the market ... we would expect that Juul would appeal the decision, and remain on the market through that process, which would likely take a year or more," Cowen analyst Vivien Azer said.

The looming verdict comes nearly two years after Juul had applied for approval to keep selling e-cigarettes in the country. The FDA's review of the applications was based on whether the e-cigarettes are effective in getting smokers to quit and, if so, whether the benefits to smokers outweigh the health damage to new users, including teenagers. [...] The estimated fair value of Altria's investment in Juul was $1.6 billion as of March end, a fraction of the $12.8 billion it paid in 2018, as a crackdown on vaping has upended the once fast-growing industry.

Crypto's structural flaws make it an unsuitable basis for a monetary system, according to the Bank for International settlements (BIS). Instead, monetary systems could be built around central bank digital currencies (CBDCs), which are digital representations of central bank money. CoinDesk reports: The BIS, an association of the world's major central banks, dedicates a 42-page chapter in its "2022 Annual Economic Report" to laying out a blueprint for the future of the global monetary system. In that vision, there is room for only some of crypto's underlying technical features, like programmability and tokenization, not for cryptocurrencies themselves. "Our broad conclusion is captured in the motto, "Anything that crypto can do, CBDCs can do better,'" said Hyun Song Shin, an economic adviser and head of research at the BIS, during a press briefing on Monday.

The chapter, which will be published Tuesday ahead of the full report, identifies a number of limitations of crypto, including the lack of a stable nominal anchor. In monetary policy that is a variable -- such as a currency peg -- that can be used to control price levels. Stablecoins, cryptocurrencies pegged to the value of assets like sovereign currencies, are the crypto world's search for such an anchor, Shin said. Stablecoins attempt to "piggyback on the stability of real money issued by central banks."

Shin said the recent crash of terraUSD, a dollar stablecoin with a market capitalization of $18 billion in early May that rapidly lost its peg, illustrated how stablecoins, despite their name, are unstable and don't make good units of account. Unlike other leading stablecoins, such as USDC and USDT, which are reportedly backed by dollar-denominated reserves, terraUSD is an algorithmic stablecoin backed by another cryptocurrency (in this case LUNA) with an algorithm in place to regulate supply and demand of the stablecoin and maintain its peg. "The second important finding is that crypto and stablecoins fail to achieve the full network effects that we normally expect of money," Shin said. Money, Shin said, is the perfect example of a virtuous circle of greater use and greater acceptance. Crypto's decentralized nature, on the other hand, achieves exactly the opposite, namely fragmentation.

Mullvad has taken the decision to completely remove the ability to create new subscriptions -- all in the name of storing less data about their users. TechRadar reports: "Subscriptions clearly offer a lot of convenience but as we've seen that convenience comes at a cost and we no longer think this is an acceptable trade-off. We care deeply about usability but when it comes down to it, privacy has to win," wrote the provider in a blog post.

This move is a step forward in Mullvad's commitment to its users' privacy. It's actually one of the few services not to ask for any email address or other personal information to create an account. However, when it came to recurring subscription, the provider was forced to retain record of payments in order to provide refunds, charge the user again after their initial period of cover or recover a missing account. Therefore, one-time payments appear to be the only solution.

"We are constantly looking for ways to reduce the amount of data we store while still providing a usable service. Nowhere is the tension between privacy and usability more apparent than in the area of payments." Mullvad's monthly fee has always been the same on every plan - around $5.50. This is very different than almost every other consumer VPN, but there's no need to stress about a price rise. What's more, those who currently have an active Mullvad subscription do not need to worry either. Their account will keep running as usual for at least six months, or until their subscription comes to the end of a term.

An anonymous reader quotes a report from the Electronic Frontier Foundation: Copyright law cannot be used as a shortcut around the First Amendment's strong protections for anonymous internet users, a federal trial court ruled on Tuesday. The decision by a judge in the United States District Court for the Northern District of California confirms that copyright holders issuing subpoenas under the Digital Millennium Copyright Act must still meet the Constitution's test before identifying anonymous speakers.

The case is an effort to unmask an anonymous Twitter user (@CallMeMoneyBags) who posted photos and content that implied a private equity billionaire named Brian Sheth was romantically involved with the woman who appeared in the photographs. Bayside Advisory LLC holds the copyright on those images, and used the DMCA to demand that Twitter take down the photos, which it did. Bayside also sent Twitter a DMCA subpoena to identify the user. Twitter refused and asked a federal magistrate judge to quash Bayside's subpoena. The magistrate ruled late last year that Twitter must disclose the identity of the user because the user failed to show up in court to argue that they were engaged in fair use when they tweeted Bayside's photos. When Twitter asked a district court judge to overrule the magistrate's decision, EFF and the ACLU Foundation of Northern California filed an amicus brief in the case, arguing that the magistrate's ruling sidestepped the First Amendment when it focused solely on whether the user's tweets constituted fair use of the copyrighted works. [...]

EFF is pleased with the district court's decision, which ensures that DMCA subpoenas cannot be used as a loophole to the First Amendment's protections. The reality is that copyright law is often misused to silence lawful speech or retaliate against speakers. For example, in 2019 EFF successfully represented an anonymous Reddit user that the Watchtower Bible and Tract Society sought to unmask via a DMCA subpoena, claiming that they posted Watchtower's copyrighted material. We are also grateful that Twitter stood up for its user's First Amendment rights in court.

Unidentified operatives have been using the fitness tracking app Strava to spy on members of the Israeli military, tracking their movements across secret bases around the country and potentially observing them as they travel the world on official business. From a report: By placing fake running "segments" inside military bases, the operation -- the affiliation of which has not been uncovered -- was able to keep tabs on individuals who were exercising on the bases, even those who have applied the strongest possible account privacy settings. In one example seen by the Guardian, a user running on a top-secret base thought to have links to the Israeli nuclear programme could be tracked across other military bases and to a foreign country.

The surveillance campaign was discovered by the Israeli open-source intelligence outfit FakeReporter. The group's executive director, Achiya Schatz, said: "We contacted the Israeli security forces as soon as we became aware of this security breach. After receiving approval from the security forces to proceed, FakeReporter contacted Strava, and they formed a senior team to address the issue." Strava's tracking tools are designed to allow anyone to define and compete over "segments," short sections of a run or bike ride that may be regularly raced over, like a long uphill climb on a popular cycling route or a single circuit of a park. Users can define a segment after uploading it from the Strava app, but can also upload GPS recordings from other products or services.

Paige Thompson, a former Amazon employee accused of stealing the personal information of 100 million customers by breaching banking giant CapitalOne in 2019, has been found guilty by a Seattle jury on charges of wire fraud and computer hacking. From a report: Thompson, 36, was accused of using her knowledge as a software engineer working in the retail giant's cloud division, Amazon Web Services, to identify cloud storage servers that were allegedly misconfigured to gain access to the cloud stored data used by CapitalOne. That included names, dates of birth, Social Security numbers, email addresses and phone numbers, and other sensitive financial information, such as credit scores, limits and balances. Some one million Canadians were also affected by the CapitalOne breach. Thompson also accessed the cloud stored data of more than 30 other companies, according to a superseding indictment filed by the Justice Department almost two years after Thompson was first charged, which reportedly included Vodafone, Ford, Michigan State University and the Ohio Department of Transportation.

An anonymous reader quotes a report from The Register: More than half of the 24.6 billion stolen credential pairs available for sale on the dark web were exposed in the past year, the Digital Shadows Research Team has found. Data recorded from last year reflected a 64 percent increase over 2020's total (Digital Shadows publishes the data every two years), which is a significant slowdown compared to the two years preceding 2020. Between 2018 and the year the pandemic broke out, the number of credentials for sale shot up by 300 percent, the report said. Of the 24.6 billion credentials for sale, 6.7 billion of the pairs are unique, an increase of 1.7 billion over two years. This represents a 34 percent increase from 2020.

With all those credentials available for sale online, account takeover attacks have proliferated as well, the report said. Seventy-five percent of the passwords for sale online were not unique, noted Digital Shadows, which said everyone needs to be wary. Proactive account protection, consistent application of good authentication habits, and awareness of one's organizational digital footprint are necessary to protect against account takeover attacks, the study found. Individuals, the report said, should "use multi-factor authentication, password managers, and complex, unique passwords."

Fraudsters who exploit LinkedIn to lure users into cryptocurrency investment schemes pose a "significant threat" to the platform and consumers, according to Sean Ragan, the FBI's special agent in charge of the San Francisco and Sacramento, California, field offices. From a report: "It's a significant threat," Ragan said in an exclusive interview. "This type of fraudulent activity is significant, and there are many potential victims, and there are many past and current victims." The scheme works like this: A fraudster posing as a professional creates a fake profile and reaches out to a LinkedIn user. The scammer starts with small talk over LinkedIn messaging, and eventually offers to help the victim make money through a crypto investment. Victims interviewed by CNBC say since LinkedIn is a trusted platform for business networking, they tend to believe the investments are legitimate. Typically, the fraudster directs the user to a legitimate investment platform for crypto, but after gaining their trust over several months, tells them to move the investment to a site controlled by the fraudster. The funds are then drained from the account.