𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕3d ago

«Storm Infostealer umgeht 2FA — Malware übernimmt Accounts ohne Passwort:
Der neue Storm Infostealer umgeht 2FA, kapert Accounts per Session-Hijacking und entschlüsselt Daten serverseitig.»

Ich gehe mal davon aus, dass die JSON Web Token (JWT) umgehen. JWT ist zwar populär aber nicht sicher. Die Zwei-Faktoren Autentifikation (2FA) ergibt am Ende auch JWT zur online Erkennung.

😕 https://tarnkappe.info/artikel/szene/dark-commerce/storm-infostealer-umgeht-2fa-malware-uebernimmt-accounts-ohne-passwort-328010.html

#2fa #jwt #login #hacking #userdata #hack #online #malware #passwort #itsec #web #internet

Storm Infostealer umgeht 2FA: Malware übernimmt Accounts ohne Passwort

Der neue Storm Infostealer umgeht 2FA, kapert Accounts per Session-Hijacking und entschlüsselt Daten serverseitig.

TARNKAPPE.INFO
PPC Land4d ago
OkCupid gave nearly 3 million user photos to a facial recognition startup: FTC charges OkCupid with sharing nearly 3M user photos with a facial recognition firm, violating privacy promises. Match Group settlement filed March 30, 2026. https://ppc.land/okcupid-gave-nearly-3-million-user-photos-to-a-facial-recognition-startup/ #OkCupid #PrivacyViolation #FacialRecognition #UserData #FTCCharges
OkCupid gave nearly 3 million user photos to a facial recognition startup

FTC charges OkCupid with sharing nearly 3M user photos with a facial recognition firm, violating privacy promises. Match Group settlement filed March 30, 2026.

PPC Land
N-gated Hacker NewsMar 31
🚨 Oh no, a tragedy! An engineer accidentally flicked the #CDN switch and now everyone's lunch orders have been publicly cached for 52 whole minutes. 🍕 But don't worry, only 0.05% of the internet knows you like extra anchovies. Move along, folks, nothing to see here except some spicy user data! 🔍💾
https://blog.railway.com/p/incident-report-march-30-2026-accidental-cdn-caching #tragedy #disaster #userdata #technews #privacyconcerns #HackerNews #ngated
Incident Report: March 30th, 2026 — Authenticated user data cached

Railway experienced an incident where CDN features were accidentally enabled for some domains without users enabling them.

Railway Blog
WinbuzzerMar 27

https://winbuzzer.com/2026/03/27/google-gemini-imports-chats-memory-chatgpt-claude-xcxwbn/

Google Gemini Now Imports Chats and Memory from ChatGPT, Claude

#AI #GoogleGemini #Google #ChatGPT #AIAssistants #Anthropic #Claude #OpenAI #BigTech #Chatbots #UserData

Hacker NewsFeb 28

Please, please, please stop using passkeys for encrypting user data

https://blog.timcappalli.me/p/passkeys-prf-warning/

#HackerNews #passkeys #encryption #userdata #cybersecurity #datasecurity #technews

Please, please, please stop using passkeys for encrypting user data

Passkeys are the future of authentication, but using them for data encryption is a disaster waiting to happen. Overloading these credentials creates a dangerous blast radius that can lead to the irreversible loss of a user's most sacred memories and documents.

Timbits
PrivacyDigestFeb 26

#Lawmakers Ask Tech Companies What #UserData They Provided to #DHS.

The requests followed Times reporting that the Department of Homeland #Security had sent #Meta and other companies #subpoenas for information on accounts that track or comment on #ICE.
#privacy #immigration #deportation

https://www.nytimes.com/2026/02/25/technology/lawmakers-tech-companies-dhs.html

Lawmakers Ask Tech Companies What User Data They Provided to D.H.S.

The requests followed Times reporting that the Department of Homeland Security had sent Meta and other companies subpoenas for information on accounts that track or comment on ICE.

The New York Times
LusogeekFeb 12

Google expands tools to let users remove sensitive data about themselves from Search

https://techcrunch.com/2026/02/10/google-remove-sensitive-personal-data-from-search/

#google #googlenews #googlesearch #sensitivedata #privacy #userdata #websearch #tech #technews #dataremoval #usaonly #techusa #personaldata #googledata #googletools

Google expands tools to let users remove sensitive data about themselves from Search | TechCrunch

Users will be able to more easily request the removal of results that include private information or non-consensual explicit imagery.

TechCrunch
WinbuzzerFeb 11

https://winbuzzer.com/2026/02/11/google-gave-ice-student-journalists-bank-data-no-notice-xcxwbn/

Google Gave ICE a Student Journalist's Bank Data Without Prior Notice

#Google #BigTech #Privacy #DataPrivacy #UserPrivacy #UserData #DataSharing #Surveillance #DigitalRights #Government #USGovernment #CivilLiberties #Journalism #FreeSpeech #HumanRights #ICE #DHS

McDonald_69Feb 4

The Department of Homeland Security has been quietly demanding tech companies turn over user information about critics of the Trump administration, according to reports.

https://techcrunch.com/2026/02/03/homeland-security-is-trying-to-force-tech-companies-to-hand-over-data-about-trump-critics/

#HomelandSecurity #BigTech #userdata

Homeland Security is trying to force tech companies to hand over data about Trump critics | TechCrunch

The use of administrative subpoenas, which are not subject to judicial oversight, are used to demand a wealth of information from tech companies, including the owners of anonymous online accounts documenting ICE operations.

TechCrunch
JacketDec 31

Just figured out how to setup #kratos by #ory. It's a self hostable user manager. With login, logout, 2fA etc. It's a good way to keep up with auth without having to code a less secure version of it. There is versions of this in the cloud like cognito but if you host your user manager, you own your user data.

#cybersecurity #authentification #userdata