GTA V Cheaters Just Got Exposed!

Our top stories this week:

• Grand Theft Auto V cheat service gets hacked, exposing thousands of gamers
• Microsoft under fire for threatening security researcher with criminal investigation
• Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts
• Meta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of Phones
• Dashlane explains how attackers managed to download encrypted password vaults

TWIP Live 🔴

Updates from the Team

Verified Apps

With the warm reception for our new VerifiedApps database, Jonah decided to see how hard it would be to make an actual app to go with it. As it turns out, it just might be doable. The app itself should be considered pre-release and not ready for general use, but if you want to help test it out and report any issues, please do!

GitHub - privacyguides/verified-apps-android: An Android app to more easily contribute to our Verified Apps database

An Android app to more easily contribute to our Verified Apps database - privacyguides/verified-apps-android

GitHubprivacyguides

No Right to Remain Silent: Negative Rights in a Positive-Rights World

This week guest contributor Peter Marsden wrote an article about we are quickly losing the right to opt out of the online world in an era where not having an online presence can be seen as weird or suspicious. Highly recommended read!

No Right to Remain Silent: Negative Rights in a Positive-Rights World

Rights exist so that you do not have to argue every time for the legitimacy of your everyday freedoms. Without an explicit right to your opacity, the rights you do already have can be called into question.

Privacy GuidesPeter Marsden

News Briefs

This week was a little slower on the news front. Fria wrote about how Meta's AI support chatbot was used to take over Instagram accounts, and Nate wrote about this week's data breaches. Both worth your time, so be sure to check them out!

Privacy & Security News

The latest news in data privacy, cybersecurity, and consumer rights brought to you by Privacy Guides.

Privacy GuidesJonah Aragon

Sources

Grand Theft Auto V cheat service gets hacked, exposing thousands of gamers

Atlas Menu, a cheat service for Grand Theft Auto's online mode, has suffered a data breach exposing the email addresses, usernames, hashed passwords, IP addresses, and support tickets of almost 64,000 accounts. Cheating in online games can be a huge source of frustration for both professional and casual gamers alike. Atlas Menu did not respond to requests for comment.

Grand Theft Auto V cheat service gets hacked, exposing thousands of gamers | TechCrunch

Hackers stole usernames, hashed passwords, and other data from a service that allowed players to cheat in Grand Theft Auto V.

TechCrunchLorenzo Franceschi-Bicchierai

Microsoft under fire for threatening security researcher with criminal investigation

In recent weeks, a security researcher going by the alias "Nightmare Eclipse" has published several proof-of-concept vulnerabilities in various Microsoft products (we discussed one regarding Bitlocker on this very podcast recently). Microsoft is now threatening to sue the researcher, claiming the vulnerabilities were not responsibly disclosed. The researcher disputes this, saying attempts to contact Microsoft were met with responses such as account bans.

Microsoft under fire for threatening security researcher with criminal investigation | TechCrunch

A public spat between Microsoft and an independent security researcher reopens a long-running debate over who is responsible for securing software.

TechCrunchLorenzo Franceschi-Bicchierai

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

Over the weekend, several high-profile Instagram accounts including the Obama White House, the Chief Master Sergeant of the US Space Force, and Sephora were compromised to post pro-Iranian messages. It turned out the attackers were able to gain access simply by asking Meta AI to add an email address to the account in question, and then performing a password reset. Meta has since patched this behavior.

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta’s…

Krebs on SecuritySkip to content

Meta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of Phones

Meta's "NameTag" feature - which we have covered on this podcast in the past - is now being added to Smart Glasses quietly. The code to enable the feature was secretly added over the course of several updates this year according to WIRED, though it has not been enabled yet. This article mostly dives into the history of this feature so far.

Meta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of Phones

Code reviewed by WIRED uncovered an unreleased face-recognition system embedded in Meta’s smart glasses platform. It’s designed to identify people via biometric data stored on users’ phones.

WIREDDhruv Mehrotra and Dell Cameron

Dashlane explains how attackers managed to download encrypted password vaults

This week, Dashlane suffered a "2FA spraying" attack. Attackers attempted to access vaults en masse by brute forcing TOTP codes. Dashlane says the attackers were able to download about 20 encrypted vaults this way. The attackers must still guess the master passwords to get into the vaults, however, and unlike the LastPass breach of 2022 Dashlane claims that they have encrypted all fields and have been automatically upgrading security (such as iterations and hashing algorithms) without user input, so as long as users have a strong master password the vaults are likely safe. Still, it's unlikely all users do.

Dashlane explains how attackers managed to download encrypted password vaults

By targeting large numbers of users, attackers increased their chances of success.

Ars TechnicaDan Goodin

Forum Updates

Is RCS with Google Messages worth having Google on my phone?

Is RCS with Google Messages worth having Google on my phone?

I’ve been looking at apps and realizing that I could likely remove Sandboxed play services from my GrapheneOS phone (at least from my always-on main Owner profile) without sacrificing anything…except Google Messages and RCS. For RCS to work on GrapheneOS, Sandboxed Play Services and Google Messages needs to be installed on the Owner profile. Play Services also has to always be running with battery optimization turned off. You also need to hand over multiple permissions including network, conta…

Privacy Guides CommunityZenByte

How do I compellingly advocate for my privacy with doctors and other healthcare professionals?

How do I compellingly advocate for my privacy with doctors and other healthcare professionals?

TL;DR: What are the best arguments to make healthcare professionals care about privacy? Would it be insensitive to use Carissa Véliz’ Holocaust example if I know my doctor is Jewish? Two months ago I had an appointment with a dermatologist who uses a Gmail address for her practice. She also uses WhatsApp. It was my first time seeing her, so I had to fill out some forms, and I noticed that there was no mention of their privacy policy in them. Ever since I read Carissa Véliz’s Privacy is Power (…

Privacy Guides CommunityPurpleDime