Welcome back to ‘This Week in Getting Hacked’—the world’s greatest cybersecurity-related link dump! Each week, we bring you the best news stories from the cybersecurity field, letting you know who’s getting hacked, who’s hacking, what data is leaking, and about what you should take with caution. So strap in, change your password, and let’s find out who’s getting hacked this week!
On to the links….
If you live in the United States and you have a cell phone, your real-time location information is being sold to third parties. How surprising. Every single U.S. cell-phone carrier is selling your real-time location data.
Why are they allowed to do this? Because of a loophole in the Electronic Communications Privacy Act, of course. A service called “Securus” which is mainly used to track calls made to inmates can also be used for any cell phone anywhere.
The FCC has been asked to investigate, but we’re not holding our breath that anything will be done.
We’re sorry if you’ve eaten at Chili’s recently, and not just because you could have eaten a better meal practically anywhere else, but because there’s been a card breach!
Kudos to Chili’s, though, because the breach happened on May 11 and the company announced the offense on the very same day instead of waiting around and trying to do some odd type of PR.
The details of the hack are that if you made a payment with your card at a Chili’s between March – April 2018, there’s a chance your information has been compromised. We love you, Chili’s, but please start making better food.
The police can track your location through your cell phone, and people want to know why. Running off of our first story, Senator Ron Wyden sent letters to the four major mobile carriers and the FCC demanding answers into why law enforcement needs real-time location information for everyone.
We understand that it would make law enforcement’s jobs more comfortable, but it’s also questionable in regards to privacy for sure.
Wyden argues that “the fact that Securus provides this service at all suggests that AT&T does not sufficiently control access to your customers’ private information.” He goes on to say:
“Americans should be able to obtain this information from wireless carriers, just as they can obtain from the consumer credit agencies a list of the private parties who have accessed their credit reports,” the letter reads.”
Much more to come on this story.
This next hack tells the tale of a real hero. A 16-year-old tried a phishing scheme against his teacher to change his grades. We sure wish we could say to you he was successful, but, alas, he was arrested. 14 felony counts detained, to be exact.
David Rotaro, send manipulative emails to his teachers which tricked them into clicking a link which took them to a page Rotaro created which mimicked their teacher portal.
Rotaro hoped to use this fake page to gather their log-in information and change his grades himself.
Hilarious, but please don’t ever try this.