12 1 - 14 May 2019 Email us your security questions [email protected]
Q
How worried
should we be
about Amazon
staff listeningto Alexa
recordings (bit.ly/
alexa474)?
Jason Goulding, Facebook
A
It’s uncomfortable
enough to know
that Alexa has all
this information and that
humans have been
Outlook.com hack isworse
than Microsoft claimed
A hack that Microsoft
said affected“some”
of its users’ email
accounts has been
revealedto be much
worse than initially
thought, with hackers ableto access
messages from a large number of
Outlook.com, MSN and Hotmail
addresses.
According to Microsoft, the hackers
could have viewed ac count email
addresses,folder names and the
subject lines of emails – but not the
content of the messages or any
attachments. It’s not clear how many
webmail users have been affectedby
the breach, whichtook place during
the first three months of thisyear, or
who the hackers are, but theyweren’t
ableto steal login details or other
personal information. As a cautionary
measure, Microsoft isrecommending
listening in, but what’s
especially alarmingis the
suggestion that Amazon
allowed customers an
opt-out for Alexa sharing
their voice commands, yet
the company still went ahead
and analysed their
recordings. An opt-out
should cover all data ; and
even if people opt in, that
datashould be anonymised.
If there’s a connection
established between the
Alexa recordings and
Amazon account details,
this news is even more
concerningbecause it gives
Amazon the ability to pin
specific recordings to
identifiable individuals.
It’s important that companies
who capture data obtain
informed consent – and if
Amazon is doing this without
people realising, it is
potentially breachingGDPR.
Computers contain huge
amounts of privat e dataand
the companies providin g us
with services have massive
amounts of power at their
disp osal. We know that our
datais valuable, and we’ve
now reached a point where
the minutiae of our
everyday lives is being
captured in one form or
another. We, as consumers,
have a right to know when
this is happening – and be
given the ability to opt out.
Anyone worrie d about
this development should
check the default settings
of their Alexa device, opt
out of humanverification
where applicable and
disable any other
functionality that concerns
them. If you’re in doubt
about something, seek
advice from the relevant
company’s support team.
News about the latest threats and advice from security experts
Stay Safe Online
SECURITY ALERT! |What’s been bothering us this fortnight
Security Helpdesk|Your questions answered by security specialists
that affected usersreset their passwords.
“Microsoftregrets any inconvenience
causedby this issue,” said thecompany.
“Please be assured that Microsoft takes
data protectionvery seriously and has
engaged its internal security and privacy
teams in the investigation andresolution
of the issue, aswell as additional
hardening ofsystems and processesto
prevent suchrecurrence.”
bit.ly/outlook4 74
Hotelwebsites arefailing to
secure customer data
Two-thirds of hotelwebsites
inadvertently leak personal datato
third-partycompanies and leave their
customers vulnerableto hackers,
according to researchby Symantec.
The cybersecurity firmfound that the
majority of bookingsystems usedby
hotelscould allow scammersto access
personal information such as mobile-
phone and passport numbers.
The leakscome from theconfirmation
emails sentto
customers, which
oftencontain an
unsecured direct
link to their online
booking.The
report suggests
that anyone on the same network
could intercept the email and modify
or cancel theirreservation.
The researcherstested thewebsites
of 1,500 hotels from 54countries and
found that two in three of them –67%,
- had the problem.These security
lapses are in breach of the EU’s GDPR
laws, whichstate that firms must
protect the personal data of customers.
“Thefact that this issueexists,
despite the GDPRcoming into effect in
Europe almost oneyear ago, suggests
that the GDPR’s implementation has
not completely addressed how
organisationsrespondto data
leakage,” said Symantec.
bit.ly/hotel4 74
THIS ISSUE’S EXPERT:
David Emm, Principal
SecurityResearcherat
Kaspersky Lab
(www.kaspersky.co.uk)