A popular massage-booking app left thousands of customer records exposed, including complaints about those who had asked for sexual favours.
Urban, previously known as Urban Massage, left its online database containing 309,000 customer profiles unsecured, a security researcher found.
Among the records were allegations of sexual assault, linked to identifiable individuals.
Urban said it was investigating the problem and took the database offline.
The problem was discovered by researcher Oliver Hough, who shared the discovery with news site TechCrunch.
"This data could literally have led to some serious blackmail," he wrote on Twitter.
The data included thousands of complaints from therapists, detailing clients who had asked for sexual services or genital massages.
Some clients were labelled as "dangerous" and some were blocked because of ongoing police investigations.
The complaints included each client's name, address and telephone number.
TechCrunch informed Urban of the problem and the company took the database offline.
Chief executive Jack Tang said he had informed the UK's Information Commissioner of the breach and would also inform its customers.
In a statement, the company said: "We immediately closed the potential vulnerability and have taken all appropriate action, including by notifying users and the ICO.
"The researcher has now confirmed to us that he did not copy or retain any data and that he did not pass anything to anyone else other than the journalist. That was the only access we are aware of.
"We would like to apologise to anyone potentially affected and continue to investigate this matter as a priority."
Massage app exposes 'sex pest' clients
By Hyan Furtado
New Zealand has become the latest country to block a proposal to use telecoms equipment made by China's Huawei because of national security concerns.
Spark New Zealand wanted to use Huawei equipment in its 5G mobile network.
However, a NZ government security agency said the deal would bring significant risks to national security.
The move is part of a growing push against the involvement of Chinese technology firms on security grounds.
5G networks are being built in several countries and will form the next significant wave of mobile infrastructure.
Huawei, the world's biggest producer of telecoms equipment, has faced resistance from foreign governments over the risk that its technology could be used for espionage.
Telecoms firm Spark New Zealand planned to use equipment from the Chinese firm in its 5G network.
The head of NZ's Government Communications Security Bureau (GCSB) told Spark the proposal "would , if implemented, raise significant national security risks", the company said.
Intelligence services minister Andrew Little said Spark could work with the agency to reduce that risk.
"As the GCSB has noted, this is an ongoing process. We will actively address any concerns and work together to find a way forward," Huawei said.
What other countries have concerns?
The move follows a decision by Australia to block Huaewi and Chinese firm ZTEfrom providing 5G technology for the country's wireless networks on national security grounds.
The US and UK have raised concerns with Huawei, and the firm has been scrutinised in Germany, Japan and Korea.
Last week the Wall Street Journal reported that the US government has been trying to persuade wireless providers to avoid using equipment from Huawei.
In the UK, a security committee report in July warned that it had "only limited assurance" that Huawei's telecoms gear posed no threat to national security.
One country is standing by Huawei: Papua New Guinea said this week it would go ahead with an agreement for Huawei to build its internet infrastructure.
The Pacific nation has seen a surge in investment from China over the past decade.
- What China wants from the Pacific
- China's ZTE 'poses risk to UK security'
- Staying ahead of the cyber spies
What are the fears?
Experts say foreign governments are increasingly worried about the risk of espionage by China, given the close ties between companies and the state.
Tom Uren, visiting fellow in the International Cyber Policy Centre at Australia's Strategic Policy Institute, said the Chinese government had "clearly demonstrated intent over many years to steal information".
"The Chinese state has engaged in a lot of cyber and other espionage and intellectual property theft," he said.
- 'China spy attack hits Apple and Amazon'
Links between firms and the government have fuelled concerns that China may attempt to "leverage state-linked companies to be able to enable their espionage operations", Mr Uren said.
Those concerns were exacerbated by new laws introduced last year that required Chinese organisations assist in national intelligence efforts.
The laws enable the Chinese state to compel people and possibly companies to assist if they needed it, Mr Uren said.
The combination of new rules and a history of espionage have increased the perceived danger of using companies like Huawei and ZTE in critical national infrastructure.
"It's hard to argue that they don't represent an elevated risk," Mr Uren added.
Huawei: NZ bars Chinese firm on national security fears
By Hyan Furtado
An app that claims to vet babysitters is being investigated by Facebook, and has been blocked altogether by Twitter.
Predictim, based in California, offers a service that scours a prospective babysitter’s social media activity in order to provide a score out of five to suggest how safe they may or may not be.
It looks for posts about drugs, violence of other undesirable content. Critics say algorithms should not be trusted to give advice on someone’s employability.
Earlier this month, after discovering the activity, Facebook revoked most of Predictim’s access to users, deeming the firm to be in violation of its policies on use of personal data.
Facebook is now investigating whether to block the firm entirely from its platform after Predictim said it was still scraping public Facebook data in order to power its algorithms.
"Everyone looks people up on social media, they look people up on Google,” said Predictim's chief executive and co-founder, Sal Parsa,
"We’re just automating this process.”
Facebook did not see it that way.
“Scraping people's information on Facebook is against our terms of service,” a spokeswoman said.
"We will be investigating Predictim for violations of our terms, including to see if they are engaging in scraping.”
Meanwhile, Twitter told the BBC it had “recently” decided to block Predictim’s access to its users.
“We strictly prohibit the use of Twitter data and APIs for surveillance purposes, including performing background checks,” a spokeswoman said via email. "When we became aware of Predictim’s services, we conducted an investigation and revoked their access to Twitter's public APIs."
An API - application programming interface - is used to allow different software to interact. In this case, Predictim would make use of Twitter’s API in order to quickly analyse a user's tweets.
Legal question
Predictim, which has been funded by a scheme set up the the University of California, gained considerable attention over the weekend thanks to a front-page story in the Washington Post. In it, experts warned of the fallibility of algorithms that might misinterpret the intent behind messages.
Jamie Williams, from the Electronic Frontier Foundation, told the newspaper: "Kids have inside jokes. They’re notoriously sarcastic. Something that could sound like a ‘bad attitude’ to the algorithm could sound to someone else like a political statement or valid criticism."
Predictim said it had a human review element to its system that meant posts flagged as being troublesome were looked at manually to prevent false negatives. As well as references to criminal behaviour, Predictim claims to be able to spot instances "when an individual demonstrates a lack of respect, esteem, or courteous behaviour".
The company showed the BBC a demonstration dashboard that showed how users could see specific social media posts flagged as inappropriate to make their own judgements.
The service charges $25 to run a scan of an applicant’s social media profiles, with discounts for multiple scans. The company said it was in discussions with major “shared economy” companies to provide vetting for ride share drivers or accommodation service hosts.
"It’s not blackbox magic,” Mr Parsa said. "If the AI flags an individual as abusive, there is proof of why that person is abusive."
The firm insists it is not a tool designed to be used to make hiring decisions, and that the score is just a guide. However, on the site’s dashboard, the company uses phrasing such as "this person is very likely to display the undesired behaviour (high likelihood of being a bad hire)”. Elsewhere on the dummy dashboard, the person in question is flagged as being “very high risk”.
Mr Parsa pointed out a disclaimer at the bottom of the page that reads: “We cannot provide any guarantee as to the accuracy of the analysis in the report or whether the subject of this report would be suitable for your needs.”
The legality of firms scraping public social networking data without the consent of the sites in question is being tested in the courts.
Professional networking site LinkedIn is currently locked in the US appeal courts with HiQ, a service that made use of publicly available LinkedIn data to create its own database. A lower court in California earlier ruled in favour of HiQ being allowed to make use of the data.
Predictim babysitter app: Facebook and Twitter take action
By Hyan Furtado
Snapchat is being used to sell explicit images and videos online, the BBC's Victoria Derbyshire programme has found. Jodie Carnall says she makes £4,000 a month on the app, but it's not without a cost to her personal life, and she has been subject to online abuse.
"It's like a proper business," the 26-year-old says.
"It's like people that sing, or go and gig, or artists that sell their own paintings. I'm just selling pictures and videos of me."
Jodie refers to herself as a "Snapchat Premium girl".
For a monthly fee - of between £20 and £200 - she sends her subscribers sexually explicit photos and videos via the regular Snapchat app.
Such material is banned and removed when found, Snapchat says, but Jodie has been doing it since 2016.
She advertises her service on other social media sites such as Twitter, Facebook and Instagram, and says she is also careful to check the accounts belong to real people before accepting.
But it has also led to her receiving many hurtful comments - sent online from those who object to what she does for a living.
They contain offensive language.
"People call me 'slut' and things like that. And it does upset me," she explains.
Within 20 minutes of filming with the Victoria Derbyshire programme, she receives a message from a man she has never spoken to before that reads: "You are a hoe though. You're gorgeous, don't get me wrong, but shame you sell your body or pictures. No morals unfortunately in this world."
Jodie explains: "I get a message like that every hour, or every half an hour, all day long.
"Tonight my friend will say, 'How did filming go?'... and then I'll break down.
"But," she reflects, "I was miserable in my office job, and I love the money."
- Children 'blackmailed' for sexual images in online video chats
- French police investigate gang rape videos aired on Snapchat
- Instagram's IGTV recommended 'abusive' videos
Maintaining her Snapchat has now become her full-time job, she explains, often because her 40 or so subscribers demand extra material.
Content can range from a striptease to videos of her masturbating.
Lawyers say no laws are being broken by those selling such content, unless they do so to under-18s or upload especially depraved material.
But as a result of the Victoria Derbyshire programme showing Instagram its findings, that social media site has now blocked all hashtags associated with Premium Snapchat that were being used by people to advertise their services.
Snapchat said in a statement it does not allow "pornographic content to be promoted or distributed".
"Accounts that privately distribute pornographic content are an intentional abuse of the terms of service of our platform," it added in a statement.
"We remove them when reported."
Hurtful comments
Jodie sees Snapchat as a safe environment to make money, as she says she never needs to meet her clients.
"I'm not an escort. I've been offered thousands of pounds to meet men and I say 'no'," she explains.
But she admits it has also taken a toll on her personal life.
She has not had a boyfriend for months and says many men judge her.
"They don't really want to date me after [I tell them my job]. Or they do, but for the wrong reasons," she says.
And she admits her family is concerned about the long-term implications.
Jodie allows her subscribers who pay her £200 a month to save the material she sends them to their phones.
It means she loses control of the content, and does not know how it will be used.
'Future careers ruined'
Laura Higgins, who founded the Revenge Porn Helpline, argues more protections are needed.
She says the charity receives regular calls from people like Jodie, who have been blackmailed or had their future careers ruined by the resurfacing of sexual content they originally sold online.
And she says the videos they produce can even go on to be used by others for sextortion - luring men to send explicit pictures of themselves to what they think is a good-looking woman, and then blackmailing them.
A spokesperson for the Department for Digital, Culture, Media and Sport said it expected "online platforms to... ensure the services they offer are age appropriate".
It added: "Working with tech companies, children's charities and other stakeholders, we are developing new laws to help make the UK the safest place in the world to be online."
Jodie explains she will continue selling material on Snapchat "until it's not convenient for me any more".
She says the money - four times what she earned before - makes it worth it, having struggled to afford to feed herself two years ago.
And it allows her to live a flexible lifestyle.
But she does not hide the downsides.
"When [sexualised comments are] the only attention you're getting as a woman, it can make you feel quite worthless," she says.
"All I get is like, 'show me your boobs' or 'I want to see you in underwear now', or 'you're dirty, you're filthy'.
"I sometimes cry. It's very upsetting, because I don't actually get any nice attention."
'I use Snapchat to sell sexual videos'
By Hyan Furtado
Google says it will stop ads for expensive unofficial Esta services appearing at the top of search results, eight years after the first complaints.
In 2010, the US started charging UK travellers to use the Electronic System for Travel Authorisation (Esta).
Unofficial sites charging five times as much as the US government soon flooded the top of Google's search results, despite breaking Google's ad rules.
Now, after a BBC News investigation, Google says it is tackling the issue.
While unofficial Esta sites will still appear in the search results, they should no longer appear above the official website as advertisements when using the most common search terms.
Since it has used machine learning to address the issue, the ads do still show up for some search terms. Google says this will improve in time.
Why has this taken so long?
The official Esta website is run by the US Department for Homeland Security. It charges $14 (£10.70) for each Esta application.
But countless unofficial sites appeared at the top of Google search results by buying advertisements.
These unofficial sites charged more than $80 for an Esta application.
Google's advertising policies explicitly forbid "charging for products or services where the primary offering is available from a government or public source for free or at a lower price".
The company did take down ads that were manually reported by its users, but the same websites would soon reappear with a new web address.
It was a fruitless game of "whack a mole".
What has changed?
The BBC sent several unofficial Esta ads to Google and asked why they had been allowed to remain on the platform. One of the websites advertised on Google was charging $99 (£76) per Esta.
Google took the ads down, but others immediately filled the space.
After the BBC supplied more of the unofficial Esta ads, Google said it would look into the problem. It later said it had been able to develop its machine learning process to wipe out the unofficial Esta ads.
Following the change, commonly used Esta search terms no longer carry ads for the unofficial services.
Some less common searches may still return ads while the algorithm continues to learn, but the most obvious ones such as "esta" should no longer show ads, it said.
Beyond Estas
Other countries including Australia and Canada also have travel permits similar to the Esta.
Just like the Esta, there are countless unofficial websites offering Australia ETA and Canadian ETA permits at inflated prices.
Ads for these services have also been prominent on Google. But the search giant said it would use the same machine learning systems to eliminate these too.
In a statement, Google said: "We know that people look to Google ads for information about where to get goods and services, so we are committed to ensuring that the ads they see are useful and relevant.
"We use a combination of algorithmic and human review to catch and remove bad ads; and we continue to update our policies and methods of enforcement."
It said it encouraged people to report ads that slipped through the system, so they could be manually reviewed.
Google finally cleans up its Esta ads after eight years
By Hyan Furtado
A cache of Facebook documents has been seized by MPs investigating the Cambridge Analytica data scandal.
Rarely-used Parliamentary powers were used to demand that the boss of a US software firm hand over the details.
The Observer, which first reported the story, said the documents included data about Facebook's privacy controls.
Damian Collins, MP, later told the BBC that he believed the documents were "highly relevant" to his inquiry. Facebook has demanded their return.
Escorted to Parliament
The documents were intercepted when an executive of US tech firm Six4Three was on a trip to London.
In a highly unusual move a House of Commons serjeant at arms was sent to the businessman's hotel and he was given a final warning and a two-hour deadline to comply with the order.
When the executive failed to do so he was escorted to Parliament and warned he risked fines and imprisonment if the documents were not surrendered, the paper said.
The firm is involved in court action against Facebook in the US, where the documents were obtained through legal procedures.
- Facebook v Soros: 'Congress must probe'
- Facebook appeals Cambridge Analytica fine
- Facebook treated voters with 'disrespect'
Damian Collins, chairman of the Commons Digital, Culture, Media and Sport (DCMS) Committee, said he believed the documents - which include emails - contain information about how Facebook and other parties handle user data.
He told the BBC: "We felt this [information] was highly relevant to the inquiry... and therefore we sent an order to Mr [Ted] Kramer through the serjeant at arms asking that these documents be supplied to us. Ultimately, that order was complied with."
Mr Collins said he had reviewed the documents, and his committee would discuss this week how it intends to proceed.
'Return the documents'
In the Observer, Mr Collins said the methods used to obtain the documents were unprecedented, adding: "But it's an unprecedented situation."
He criticised Facebook's lack of cooperation with his committee, and said the "documents contained answers to some of the questions we have been seeking about the use of data, especially by external developers".
Facebook had yet to respond to a BBC request for comment, but told the Observer: "The materials obtained by the DCMS committee are subject to a protective order of the San Mateo Superior Court restricting their disclosure.
"We have asked the DCMS committee to refrain from reviewing them and to return them to counsel or to Facebook. We have no further comment."
Facebook and its founder Mark Zuckerberg have faced intense of pressure over the social media giant's use of personal data, the spread of fake news, and, this month, that it hired a PR firm to make claims about the financier George Soros.
Last month the UK data watchdog fined Facebook £500,000 following its investigation into the Cambridge Analytica affair.
Facebook has appealed against the fine, claiming that the watchdog found no evidence that UK users' personal data had been shared inappropriately and the penalty was therefore unjustified.
The Cambridge Analytica scandal stems from the discovery that an academic at the University of Cambridge - Dr Aleksandr Kogan - used a personality quiz to harvest up to 87 million Facebook users' details.
Some of this was subsequently shared with the political consultancy Cambridge Analytica, which used it to target political advertising in the US.
It was initially reported that about 1.1 million UK-based users had had their details exposed.
Facebook documents seized by MPs investigating privacy breach
By Hyan Furtado
Attempts to increase the number of people shopping on UK High Streets has been given a boost by search giant Google.
It has teamed up with start-up NearSt to help consumers see what is available in their local shops via the web.
The search results will also tell people the distance to the shop and the price of goods for sale.
The live inventory system should help make it "as easy to shop locally as it is online" said Google.
NearSt was founded three years ago by digital brand experts Nick Brackenbury and Max Kreijn.
Mr Kreijn literally had a "lightbulb moment" when one of the bulbs in his flat went, and he searched online to buy a replacement.
"That's how he pitched the business to me," Mr Brackenbury told the BBC. "It seemed crazy that it was easier to get a lightbulb shipped from a warehouse than from a shop 100 metres from his house.
"We all live our lives through our smartphones but they are blind to what is on the shelves of shops we are walking past. If that is made clear to people, then I am very optimistic about the future of the High Street," he told the BBC.
The pair developed technology which connects to a retailer's point of sale system, extracting the data and showing - in real time - what they stock and at what price.
Initially they focused on shops in London, but since the partnership with Google was announced, they intend to run the technology out to high streets around the UK over the next 12 months, particularly for retailers of small, independent stores.
"We are champions of the High Street as a whole but the small shops are the businesses that are able to make the fastest decisions," said Mr Brackenbury.
There have been fears in recent years that the High Street is dying, with both local and national shops struggling to make profits, while online shopping has seen huge growth.
But, according to the Office of National Statistics, online sales only account for 18% of total retail sales in the UK.
Nearly a third of all Google searches relate to location and it has focused recently on making more of that about local search.
Nathalie Walton, global head of local shopping at Google, said of the partnership: "It gives small retailers the ability to compete effectively in the online world, without needing any of the technical and financial firepower of their online competitors."
Nick Carroll, a senior retail analyst at research firm Mintel said: "We can't pretend that there are not problems on the High Street and we have seen a number of large chain closures in the last 18 months, but eight out of every 10 pounds is still spent offline.
"It has been easier for major retailers to integrate technology, so partnerships like this are important to support local independent stores, which make the High Street unique and provide its backbone. Using this type of tech, they can fight back."
Google helps boost High Street spending with search
By Hyan Furtado
Facebook has appealed against a fine imposed on it by the UK's data watchdog after the Cambridge Analytica scandal.
The social network says that because the regulator found no evidence that UK users' personal data had been shared inappropriately, the £500,000 penalty was unjustified.
Last month, the watchdog said Facebook's failure to make suitable checks on apps and developers amounted to a "serious breach of the law".
It has acknowledged the appeal.
This was the last day on which the US firm could challenge the Information Commissioner's ruling.
The affair stems from the discovery that an academic at the University of Cambridge - Dr Aleksandr Kogan - used a personality quiz to harvest up to 87 million Facebook users' details.
Some of this was subsequently shared with the political consultancy Cambridge Analytica, which used it to target political advertising in the US.
It was initially reported that about 1.1 million UK-based users had had their details exposed.
But Cambridge Analytica said it had only ever licensed data belonging to about 30 million people, and a probe by the Information Commissioner's Office found no evidence that UK citizens were among them.
- Facebook-Cambridge Analytica data breach
- Facebook ads urge its staff to leak secrets
- Facebook accused of dark PR tactics
Even so, the ICO imposed the maximum penalty possible on Facebook on the basis that UK members had been put at risk and the tech firm had not done enough to address this after learning of the problem.
"The ICO's investigation stemmed from concerns that UK citizens' data may have been impacted by Cambridge Analytica, yet they now have confirmed that they have found no evidence to suggest that information of Facebook users in the UK was ever shared by Dr Kogan with Cambridge Analytica, or used by its affiliates in the Brexit referendum," said a statement from Facebook's lawyer Anna Benckert.
"Therefore, the core of the ICO's argument no longer relates to the events involving Cambridge Analytica. Instead, their reasoning challenges some of the basic principles of how people should be allowed to share information online, with implications which go far beyond just Facebook, which is why we have chosen to appeal.
"For example, under the ICO's theory people should not be allowed to forward an email or message without having agreement from each person on the original thread.
"These are things done by millions of people every day on services across the internet, which is why we believe the ICO's decision raises important questions of principle for everyone online which should be considered by an impartial court based on all the relevant evidence."
An independent body, known as a General Regulatory Chamber tribunal, will consider the challenge.
If it is unhappy with the decision, Facebook can subsequently take the case to the Court of Appeal.
"Any organisation issued with a monetary penalty notice by the Information Commissioner has the right to appeal the decision to the First-tier Tribunal," said a spokesman for the ICO.
"The progression of any appeal is a matter for the tribunal. We have not yet been notified by the tribunal that an appeal has been received."
The appeal risks dragging out an affair that has undermined the public and politicians' trust in Facebook.
However, the BBC understands that the US firm was concerned that the ICO's ruling would form the basis for decisions taken by other regulators, which could prove more damaging still.
The ICO has itself noted that the £500,000 fine would be "significantly higher" had the EU's General Data Protection Regulation been in force earlier.
The move has not, however, changed chief executive Mark Zuckerberg's mind about rejecting an invitation to be cross-examined by MPs
Facebook's decision to appeal against this fine is a move that Sir Humphrey, the civil servant in Yes Minister, would describe as "brave".
At a time when the social media firm is under fire and accused of using dodgy tactics to combat its critics, picking a fight with the UK regulator over an issue which was beginning to fade into the background seems reckless.
After all, the social media giant admits that it got a whole lot of things wrong in the Cambridge Analytica affair, in particular allowing the data of friends of people who took part in a personality quiz to be scraped.
But Facebook feels that the Information Commissioner's Office moved the goalposts halfway through its investigation, deciding that one million UK users had suffered harm and then finding that the researcher Dr Aleksandr Kogan did not pass their data on to Cambridge Analytica.
Some data protection experts think the company has a point.
Mark Zuckerberg and his company appear determined to fight back against what they see as a flawed process but the appeal is a gamble.
The stakes are also high for the Information Commissioner Elizabeth Denham. She made the unusual decision to go public with her intention to impose a fine before receiving representations from the company.
If Facebook's appeal succeeds, her authority as a regulator will be seriously undermined..
Facebook appeals against Cambridge Analytica fine
By Hyan Furtado
Assinar:
Postagens (Atom)