Latest news with #userdata
Fox News
5 hours ago
- Business
- Fox News
Massive data breach exposes 184 million passwords and logins
Data breaches are no longer rare events but a persistent problem. We've been seeing regular incidents at public-facing companies across various sectors, including healthcare, retail and finance. While bad actors are certainly to blame, these corporations aren't entirely without fault. They often make it easy for hackers to access user data by failing to protect it properly. A recent example came to light when a cybersecurity researcher discovered an open database containing over 184 million account credentials. Cybersecurity researcher Jeremiah Fowler has revealed the existence of an open database that contains 184,162,718 million account credentials. These include email addresses, passwords, usernames and URLs for platforms such as Google, Microsoft, Apple, Facebook and Snapchat. The information also covers banking services, medical platforms and government accounts. Most shockingly, the entire dataset was left completely unsecured. There was no encryption, no authentication required and no form of access control. It was simply a plain text file sitting online for anyone to find. Fowler located the database during routine scanning of publicly exposed assets. What he found was staggering. The file included hundreds of millions of unique records containing user credentials linked to the world's largest technology and communication platforms. There were also account details for financial services and official portals used by state institutions. The file was not protected in any way. Anyone who discovered the link could open it in a browser and instantly view sensitive personal data. No software exploit was needed. No password was asked for. It was as open as a public document. Fowler believes the data was harvested using an infostealer. These lightweight tools are favored by cybercriminals for their ability to silently extract login credentials and other private information from compromised devices. Once stolen, the data is often sold on dark web forums or used in targeted attacks. After reporting the breach, the hosting provider quickly removed access to the file. However, the owner of the database remains unknown. The provider did not disclose who uploaded it or whether the database was part of a legitimate archive that was accidentally published. Fowler could not determine whether this was the result of negligence or an operation with malicious intent. To verify the data, Fowler contacted some individuals listed in the records. Several confirmed that the information was accurate. This confirmation turns what might seem like abstract statistics into something very real. These were not outdated or irrelevant details. These were live credentials that could allow anyone to hijack personal accounts in seconds. 1. Change your password on every platform: If your login credentials have been exposed, it's not enough to change the password on just one account. Cybercriminals often try the same combinations across multiple platforms, hoping to gain access through reused credentials. Start by updating your most critical accounts, email, banking, cloud storage and social media, then move on to others. Use a new, unique password for each platform and avoid variations of old passwords, as they can still be predictable. Consider using a password manager to generate and store complex passwords. Our top-rated password manager delivers powerful protection to help keep your accounts secure. It features real-time data breach monitoring to alert you if your login details have been exposed, plus a built-in data breach scanner that checks your saved emails, passwords and credit card information against known leak databases. A password health checker also highlights weak, reused or compromised passwords so you can strengthen your online defenses with just a few clicks. Get more details about my best expert-reviewed Password Managers of 2025 here. 2. Enable two-factor authentication: Two-factor authentication, or 2FA, is a critical security feature that drastically reduces the risk of unauthorized access. Even if someone has your password, they won't be able to log in without the second verification step, usually a one-time code sent to your phone or an authenticator app. Enable 2FA on all services that support it, especially your email, financial accounts and any service that stores sensitive personal data. 3. Watch for unusual account activity: After a breach, it's common for compromised accounts to be used for spam, scams, or identity theft. Pay close attention to signs such as login attempts from unfamiliar locations, password reset requests you didn't initiate or unexpected messages sent from your accounts. Most platforms allow you to review login history and connected devices. If you see something off, take action immediately by changing your password and revoking suspicious sessions. 4. Invest in personal data removal services: You should also consider a data removal service. Given the scale and frequency of breaches like the one described above, relying on personal caution alone is no longer enough. Automated data removal services can provide an essential extra layer of defense by continuously scanning for and helping eliminate your exposed information from data broker sites and other online sources. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. Get a free scan to find out if your personal information is already out on the web. 5. Avoid clicking on suspicious links and use strong antivirus software: One of the most common post-breach threats is phishing. Cybercriminals often use information from leaked databases to craft convincing emails that urge you to verify your account or reset your password. Never click on links or download attachments from unknown or suspicious sources. Instead, visit websites by typing the URL directly into your browser. The best way to safeguard yourself from malicious links is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 6. Keep your software and devices up to date: Many cyberattacks exploit known vulnerabilities in outdated software. Operating systems, browsers, antivirus programs and even apps need to be updated regularly to patch security flaws. Turn on automatic updates wherever possible so you're protected as soon as fixes are released. Staying current with your software is one of the easiest and most effective ways to block malware, ransomware and spyware from infiltrating your system. Security is not only the responsibility of companies and hosting providers. Users need to adopt better practices, including unique passwords, multifactor authentication and regular reviews of their digital footprint. The careless exposure of over 184 million credentials is not just a mistake. It is an example of how fragile our systems remain when even basic protection is absent. In an era where artificial intelligence, quantum computing, and global connectivity are reshaping technology, it is unacceptable that plain text files containing financial and governmental credentials are still left sitting online. Do you feel that companies are doing enough to protect your data from hackers and other cyber threats? Let us know by writing us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Follow Kurt on his social channels: Answers to the most-asked CyberGuy questions: New from Kurt: Copyright 2025 All rights reserved.
South China Morning Post
21-05-2025
- Business
- South China Morning Post
China's ‘AI tigers' Zhipu, Moonshot accused of collecting excessive data with chatbot apps
Some of China's most popular artificial intelligence (AI) chatbot apps, made by leading developers including Zhipu AI and Moonshot AI, had been collecting excessive user information, authorities found. Zhipu's Qingyan, also known as ChatGLM, was found to have collected information beyond what users authorised, while Moonshot's Kimi had accessed data irrelevant to its functions, according to a list published on the WeChat account of the National Cyber Security Information Centre on Tuesday. Neither Zhipu nor Moonshot, start-ups that are both based in Beijing, immediately responded to requests for comment on Wednesday. Their chatbots are among the most competitive alternatives to OpenAI's ChatGPT, which is officially unavailable in China Moonshot AI founder Yang Zhilin introduces the company's Kimi chatbot. Photo: Weibo/极客公园 ChatGLM and Kimi ranked among the 10 most popular AI applications in the country, boasting a combined total of nearly 35 million monthly active users as of April, according to which tracks the popularity of AI apps and services
CNET
09-05-2025
- CNET
Does Antivirus Software Collect Your Data?
We count on antivirus software to keep our devices and personal data safe from cyber threats. But some of that software may be collecting data about you while it protects you. That's the concern raised in a 2023 report by AV-Comparatives, an independent testing lab that evaluated how 20 of the most popular antivirus programs handle user data. The study looked at what data these products collect, how much control users have over it, and whether that data is shared with third parties. It also considered how easy companies' data policies are to understand and how transparent they are about these policies. The takeaway? Antivirus tools do their job, but many gather more data than most people realize. Here's what you need to know. Read more: Best Antivirus Software for Maximum Protection in 2025 What data is my antivirus software collecting? Antivirus software must know some things about your system to keep it safe. But in many cases, it collects more information than it needs. The AV-Comparatives report found that most antivirus programs gather a mix of system info, network details, user data and file-related information. That includes basics like your operating system version, how much RAM you have, your CPU type and even your computer's name. Some go further, collecting BIOS info, a list of installed apps, or details about running processes. They also pull in network data, such as your local and external IP addresses, DNS server and network name. This helps them spot potential threats, but it also gives them a clear picture of where and how you connect. User data is where things start to feel more personal. About half of the products in the study send your Windows username to the company. Depending on your setup, that could be your full name. Time zone, language and general location info are also collected. And if your antivirus includes web protection, it might track every URL you visit, the previous URL you came from and the site's IP address. Then there's the stuff on your computer. Antivirus software often uploads file names, locations and hashes when scanning something suspicious. But in some cases, it also sends entire files -- including harmless ones like documents -- without asking first. That could be a problem. Is my antivirus software sharing my data with others? Let's say your antivirus software collected your data for legitimate reasons. What it does with that data matters. According to the AV-Comparatives report, some antivirus companies are pretty responsible when it comes to how they handle your data. Others, not so much. F-Secure, G Data and K7 were among the top performers when it comes to data collection and sharing practises. Norton, Panda and McAfee, however, scored poorly for how they share user data. AV-Comparatives Now, to be fair, not all data sharing is bad. Some of it helps improve malware detection. For example, many antivirus programs send suspicious files or file hashes to services like VirusTotal, where different security companies work together to identify threats. That kind of collaboration makes sense and helps keep everyone safer. But not every company draws the line in the right place. AVG, which was later acquired by Avast, collected users' browsing history and sold it to third-party advertisers. The FTC eventually banned Avast in June 2024 from selling or licensing users' web-browsing data and fined it $16.5 million. Not exactly the kind of behavior you want from software that's supposed to be guarding your privacy. Some antivirus tools are clearer than others about what's going on behind the scenes. If privacy matters to you, it's worth digging into these details before hitting install. How can I stop my antivirus software from collecting and sharing my data? In a perfect world, antivirus software would only collect and share data that was absolutely necessary. Since that's not the world we live in, you'll need to be proactive in protecting yourself. Here's how. Go into your settings Most antivirus programs have options tucked away in their menus that let you opt out of things like: Usage tracking Cloud analysis Uploading suspicious files Logging the websites you visit These features are often turned on by default, so it's worth spending a couple of minutes poking around and turning off anything you don't want running in the background. If you're not sure what's being shared right now, you can always disable the antivirus first and review the options later. Slow down when installing Many people fly through the software setup process without realizing they're agreeing to send all kinds of data. Look for any checkboxes related to product improvement or data sharing and uncheck them if you'd rather not participate. Avoid free antivirus software Free antivirus tools can be tempting, but they need to make money somehow. That sometimes means collecting and selling user data. If you care about privacy, it's usually safer to go with a paid version from a vendor that's more upfront about how it handles your info. Pick a privacy-conscious vendor In the AV-Comparatives report, F-Secure, ESET and G Data all scored well for how they handle and share data. Avoid the software that didn't do so well. Actually read the privacy policy Yeah, we know. It's not the most fun thing to read, but the privacy policy and end-user license agreement will usually tell you what kind of data is collected and what the company does with it. Some vendors even have simplified versions or FAQs that make things easier to understand. Here are a few you can check out: Should I be worried about having antivirus software installed for security reasons? It's fair to worry about how much data antivirus software collects, but that doesn't mean you should ditch it altogether. Antivirus is still one of the most important tools you can have to protect yourself from malware, phishing attacks and all the other junk floating around online. Yes, some programs grab more data than they probably need, but most use it to improve security, not to spy on you. The key is picking antivirus software that's upfront about what it collects and gives you some control over it. Plenty of great options offer solid protection without going overboard on data collection. So yes, it's smart to be cautious, but going without antivirus software leaves you way more exposed than using a well-reviewed one that respects your privacy.
