A quick-thinking title company owner was able to stop a fraudulent sale when it appeared the scammer was using AI to try to steal properties.
So much data left exposed for anyone to see
Another day, another monumental data breach. Just because they’re getting more common doesn’t mean you can tune it out. In fact, it’s time to get even more serious about your private information and what’s posted online.
An estimated 106,316,633 records from U.S. citizens were exposed through “human error.” In this case, someone left a file totally unprotected online. Data of 2,319,873 people and organizations who subscribed to MC2 Data for background check services was exposed, too. Talk about a massive screwup.
Cybersecurity researchers say the company left a whopping 2.2 terabytes of private information open for anyone. MC2 Data owns several background check sites, including PrivateRecords.net, PrivateReports, PeopleSearcher, ThePeopleSearchers and PeopleSearchUSA.
Like thousands of other background check companies, MC2 Data gathers data from government sources, criminal records, employment history and family data.
The personal data left out in the open for anyone to access includes, but is not limited to:
- Names
- Email addresses
- IP addresses
- Encrypted passwords
- Partial payment information
- Home addresses
- Birth dates
- Phone numbers
- Property records
- Legal records
- Family, relative and neighbor data
- Employment histories
So far, MC2 Data hasn’t released a formal response to the breach. The story is still developing, but I wanted to make sure you knew about it.
Companies and agencies that want to read your body parts
Have you paid with your palm at Whole Foods yet? Did the TSA scan your face the last time you were at the airport? Using biometric info like your fingerprint and face can save a little time, but a whole lot of security risks come along for the ride.
‘It is not real': Title company owner warns of new twist to title fraud
✔️ It’s a yes from me: A new California bill could stop companies from collecting and sharing personal data with just one click. It’s a royal pain in the butt to opt out of every single site. If the bill passes, it could impact all Americans, since many companies apply the same privacy protections nationwide.
1x a week
How often the National Security Agency says you should reboot your phone. Sounds like a no-brainer, but it works to combat zero-click exploits. Zero-click flaws mean a hacker can get in simply by sending you the right code. Avoiding that is def worth a weekly restart.
Passwordless future: Google now lets you log into Android, Windows, macOS and Linux devices without a password. Instead, you’ll use a passkey stored in Google Password Manager, which can be authenticated via fingerprint, face scan or screen lock. Chrome and iOS support coming soon.
👋 So long, farewell: Without warning, Russian cybersecurity provider Kaspersky Lab deleted its anti-malware protection from its subscribers’ computers and replaced it with something called UltraAV. This comes after the U.S. government added Kaspersky to its national security concern list because of its ties to the Kremlin. If you were using Kaspersky for antivirus protection, try my antivirus pick instead.
✈️ Hundreds of flights a day are under attack: GPS spoofing is an electronic warfare tactic that sends fake signals to disrupt aircraft navigation. Pilots get false warnings (like “pull up”), clocks reset and flight paths go off course. The scariest part is we won’t see an equipment upgrade or fix until next year, at the earliest (paywall link). Scary.
🚨 “Hello pervert”: Scammers are sending emails claiming they’ve recorded you through your webcam and will release the footage unless you pay up. They’re using details like your home address or an old password to make it more believable. Don’t reply, and if any accounts still use that old password, change it immediately.
💸 $260 million heist: Two men were arrested at a Florida mansion, surrounded by jewelry and luxury cars, after stealing 4,100 in bitcoin from a Washington, D.C., tech billionaire. The scammers laundered the money through crypto exchanges and went on a wild spending spree (paywall link). I bet the scammers SIM-swapped the billionaire’s phone. Here’s how it works and how to protect yourself.
🅿️ Thieves are slapping fake QR codes on parking meters: The stickers are placed over the originals to look legit but redirect you to sketchy links or phony websites. Pay directly at the meter or look for a kiosk. If scanning a code is the only way, use a credit card and scan the site for spelling errors, blurry images or strange logos.
🚨 Major macOS warning: Apple’s latest macOS Sequoia update is breaking big-time cybersecurity tools from Microsoft, SentinelOne, CrowdStrike and others. Some people also claim Firefox stopped working for them after the upgrade. Pro tip: Wait a few weeks before installing a new OS, and always have a backup.
🔐 Change your password: Over 2 million VPN passwords were stolen using malware last year. ExpressVPN, Proton VPN and NordVPN were the biggest targets. The companies weren’t breached; hackers went after users through phishing attacks, keyloggers and credential stuffing. Change your password ASAP if you have a VPN. And remember, “beefstew” as a password isn’t stroganoff.
🔑 Open sesame: An update to Google’s Password Manager lets you sync passkeys across Windows, macOS, Linux and Android. Previously, passkeys only worked on Android, and using them on other devices required scanning a QR code. Use a Chromebook or iPhone? Sit tight, you’re next to get the update.
Smartphone thieves listen to steal drums: Police are warning about a rise in expensive cellphone thefts from front porches. Don’t be next: Track your package closely and request a signature upon delivery. If you’re not home, send it somewhere else, get a video doorbell, post a “You’re being recorded” sign or install a porch lockbox.
We may receive a commission when you buy through our links, but our reporting and recommendations are always independent and objective.
🚨 Watching you, watching me: Nearly 1.3 million Android TV boxes across 197 countries are infected with Vo1d malware. Compromised devices include the R4 TV Box, the KJ-SMART4KVIP and TV Box models that use Android 12.1. All run outdated Android versions with unpatched security holes. If you have an Android TV box, make sure the firmware is updated and that it’s Play Protect certified.
Hackers are targeting VPN wireless routers: ASUS, TP-Link, Zyxel and Ruckus have already been hit. How it works: They break in, infect your router with malware, then use it to infect others. Warning signs you’re part of a botnet: Weird PC behavior, slow speeds when your internet is working fine, and strange emails and messages you didn’t send. Keep your router updated and run antivirus software.
Ultimate power move? Using a dumbphone like the Punkt MP02. Some bosses are switching to old-school tech to cut out distractions and constant notifications. Snap’s Chairman swears by fax machines, saying they’re more secure than email and grab others’ attention because they’re so rare (paywall link).
We may receive a commission when you buy through our links, but our reporting and recommendations are always independent and objective.
🚨 Bogus captcha tests: Instead of picking images or typing words, these shady tests ask you to press Windows key + R and Ctrl + V. Doing so then pastes in a Windows PowerShell script that unleashes Lumma Stealer malware. Stay alert: These fake captchas are popping up on random websites and in phishing emails.