Categories
Security

T-Mobile investigating report of customer data breach that reportedly involves 100 million people

T-Mobile confirmed Sunday that it’s looking into an online forum post that claims to be selling a large trove of its customers’ sensitive data. Motherboard reported that it was in contact with the seller of the data, who said they had taken data from T-Mobile’s servers that included Social Security numbers, names, addresses, and driver license information related to more than 100 million people. After reviewing samples of the data, Motherboard reported it appeared authentic.

“We are aware of claims made in an underground forum and have been actively investigating their validity,” a T-Mobile spokesperson said in an email to The Verge. “We do not have any additional information to share at this time.”

It’s not clear when the data may have been accessed, but T-Mobile has been the target of several data breaches in the last few years, most recently in December 2020. During that incident, call-related information and phone numbers for some of its customers may have been exposed, but the company said at the time that it did not include more sensitive info such as names or Social Security numbers.

In 2018, hackers accessed personal information for roughly 2 million T-Mobile customers that included names, addresses, and account numbers, and in 2019, some of T-Mobile’s prepaid customers were affected by a breach that also accessed names, addresses, and account numbers.

A March 2020 breach exposed some T-Mobile customers’ financial information, Social Security numbers, and other account information.

Repost: Original Source and Author Link

Categories
AI

Google is investigating another top AI ethicist

Google is investigating artificial intelligence researcher Margaret Mitchell, who co-leads the company’s Ethical AI team, and has locked her corporate account, Axios reports. The news comes a little over a month after another prominent AI ethicist, Timnit Gebru, said she was fired by the company. Mitchell’s account has now reportedly been locked for “at least a few days” but she hasn’t been fired, according to a tweet from Gebru. Mitchell did not immediately respond to a request for comment.

In a statement given to Axios, Google said it was investigating Mitchell after its systems detected an account had “exfiltrated thousands of files and shared them with multiple external accounts.” According to an Axios source, Mitchell had been using a script to go through her messages, finding examples of discriminatory treatment of Gebru. Last week, Mitchell tweeted to say she was documenting “current critical issues from [Gebru’s] firing, point by point, inside and outside work.

Google said its security systems automatically lock corporate employee accounts “when they detect that the account is at risk of compromise due to credential problems or when an automated rule involving the handling of sensitive data has been triggered.”

“We explained this to the employee earlier today,” Google said, “We are actively investigating this matter as part of standard procedures to gather additional details.”

Mitchell has previously tweeted in support of Gebru, and has been critical of Google and other big tech companies for their approaches to diversity and systematic bias. Yesterday she tweeted to criticize Google CEO Sundar Pichai’s approach towards workplace diversity.

Google faced widespread criticism after Gebru left the company. Bloomberg reports that thousands of internal employees and external academics and campaigners signing a petition in support of the AI researcher. The company has faced ongoing criticism for its work on Project Maven, an AI project designed to improve military drone strikes. Opposition to the project was named as a key reason when Google employees announced plans to unionize earlier this year.



Repost: Original Source and Author Link

Categories
Tech News

The US recalls agency is investigating Peloton’s treadmill after a child death

Peloton has warned treadmill owners to keep children and pets away from their Tread+ connected fitness machine, after a child died following an accident involving the $4,295 device. Launched in January 2018, Tread+ is Peloton’s most expensive model, though like all treadmills the moving parts can be as much a potential danger as a boon to home fitness enthusiasts.

That has unfortunately been the case recently, Peloton CEO John Foley confirmed. In a note to owners, also published on the company’s support site, he confirmed that there have been “a small handful of incidents” involving Tread+ which have resulted in injuries to children. “I recently learned about a tragic accident involving a child and the Tread+, resulting in, unthinkably, a death,” Foley wrote.

Tread+ distinguishes itself from most home treadmills by virtue of its running surface. Rather than a continuous rubber belt, as is the norm, Peloton’s model uses a series of connected slats. These more closely replicate the feeling of running on actual pavement.

As with other Peloton equipment, such as the spinning bikes most commonly associated with the company, along with the upfront cost there’s also a monthly subscription for the guided classes streamed to the 32-inch Tread+ touchscreen. Peloton recently launched a new, more affordable version of the treadmill, Peloton Tread, which has a more traditional belt running surface.

Regardless of which people own, though, the safety advice remains the same. “Keep children and pets away from Peloton exercise equipment at all times,” Foley writes, echoing the official instructions supplied with the treadmills. “Before you begin a workout, double check to make sure that the space around your Peloton exercise equipment is clear.”

“When you finish a workout on your Tread+, remove the safety key and store it out of reach of children and anyone else who should not be able to start the Tread+,” the CEO adds. The safety key is designed to clip to the runner as they use the treadmill, and pull out should they slip off the belt. If that happens, it cuts power to the Tread or Tread+ motors.

Peloton is exploring additional ways to make the safety recommendations clearer, Foley confirmed. “We are always looking for new ways to ensure that you have the best experience with our products,” he wrote, “and we are currently assessing ways to reinforce our warnings about these critical safety precautions to hopefully prevent future accidents.”

Exact details of the incidents have not been shared.

According to Consumer Reports, meanwhile, the US Consumer Product Safety Commission is already looking into the fatal accident. The agency is “aware of the death and investigating it,” a spokesperson confirmed.

The agency announced a recall of early Peloton pedals back in October 2020, after finding some could “break unexpectedly during use.” Peloton offered free replacements, after 120 reports of breakages led to 16 reports of leg injuries. Five of those required medical attention, such as stitches.

Since Peloton’s bikes are connected, it could use the touchscreen display to notify those potentially still using the pedals to stop until they were replaced. The company also recommends replacing the pedals annually as a matter of course.

As for Tread+ and Tread, the reality is that treadmills have always been a potential hazard, particularly if people squeeze them into smaller rooms for home use. The general advice is to ensure at least 2 feet either side of the machine, and a full 6 feet behind it, as well as always using the safety key during running sessions. Once you’re off the treadmill, it’s advisable to remove that key and keep it somewhere separate, since that should prevent the equipment from powering up again until it’s intended to.

Repost: Original Source and Author Link

Categories
Security

Italian authorities are investigating deepfake bots on Telegram

The Italian Data Protection Authority has started an investigation into the widespread use of bots that generate fake nude images on messaging app Telegram. The news follows an investigation by security firm Sensity, which found that as of July 2020 more than 100,000 faked images had been generated and shared in public Telegram channels.

The bots can generate fake nudes that have watermarks or that show only partial nudity, and users pay to “reveal” the whole image. Users could submit a photo of a woman to the bot and receive a version of the photo back with clothing “removed” and no indication that the image had been altered. And according to Sensity, a limited number of the bot-generated images, most of which are pulled from social media accounts and then manipulated, are of victims who “appeared to be underage.”

Sensity found that the fake nudes were generated by the DeepNude software, which surfaced online last year. Its creator took down the website saying “the probability that people will misuse it is too high.” According to Sensity, however, the software has been reverse-engineered and is widely available on open source repositories and torrenting websites.

“The ease of use of this program makes anyone with a photo on the web potentially victims of deep fakes,” the Italian agency said in a statement Friday (in Italian) announcing its investigation into the matter. It plans to ask Telegram to provide information to verify whether it’s complying with data protection regulations, according to its statement.



Repost: Original Source and Author Link