Security & Privacy Weekly News Roundup, Vol.1, Issue 2

Security & Privacy Weekly News Roundup, Vol.1, Issue 2

Largest breach case ever. This one dwarfs Target and even the Anthem breach. Beginning in 2009, hackers cracked the top email providers stealing one billion addresses. They then sent spam from those same servers collecting millions in affiliate commissions over a period of two and a half years. The Justice Department has nabbed two of the ring leaders, but warns of more operations of this scale in the future as law enforcement isn’t equipped to keep up.

Blue Cross insider nabbed. An identity theft ring revolving around a Blue Cross Blue Shield of Michigan employee allegedly stole the personal information of more than 5,000 subscribers. The Detroit Free Press reports how the ring used the stolen data to open fake credit cards. They then went on shopping sprees across Texas, Ohio and Michigan, hauling in more than $742,000 worth of merchandise from Sam’s Club alone.

Barbie can now eavesdrop. Privacy advocates are sounding alarms about the latest version of Mattel’s iconic doll, Hello Barbie, equipped to hold two-way conversations with kids. This entails recording children’s speech and sending it over the web in order to simulate a response. The Christian Science Monitor reports that a petition drive has been started to stop the doll from being sold.

Drones spy on phones. A Singapore-based marketing firm has begun deploying flying drones around the San Fernando Valley in Los Angeles to triangulate the location of mobile devices being used in the area. They do this by correlating Wi-Fi and cellular transmission signals, with device identifiers, VentureBeat reports. This is what can happen when granting access to your phone’s identifiers and location data becomes an afterthought.

Stuxnet smoking gun. Maneuvers are underway to stop hard evidence from surfacing that presumably would confirm that the U.S. and Israel were behind the Stuxnet worm. Stuxnet, you may recall, slithered deep into Iranian nuclear enrichment plants. The Washington Post reports that a federal investigation into whether a retired Marine general leaked details of the Stuxnet operation to a New York Times reporter is now officially stalled.

Consumer privacy rights opposed. Also from the nation’s capital, Federal Trade Commission officials Jessica Rich and Edith Ramirez somewhat surprisingly criticized the White House’s proposed Consumer Privacy Bill of Rights, released on Feb. 27. The Post reports that the FTC honchos believe the bill is neither clear enough nor strong enough. The White House declined to comment on FTC’s critique.

Apple Pay’s weak link. Apple’s new contactless payment system which connects phones to credit cards encrypts data with proper care. But there is a problem with banks being too quick to approve Apple Pay purchases that involve a stolen credit card, ArsTechnica reports. It seems tech savvy fraudsters view Apple Pay as the hippest new way to capitalize on identity theft.

This article originally appeared on