Security News

FTC orders Big Tech to explain their data collection

Avast Security News Team, 18 December 2020

Plus, a 6-year-old spends over $16,000 on in-app purchases and the GDPR fines Twitter €450,000

The U.S. Federal Trade Commission (FTC) sent orders this week to nine internet giants, demanding they share details of their data collection processes, including the method and manner in which they collect, use, store, and disclose information about individuals who use their services.

Amazon, Discord, Facebook, Reddit, Twitter, WhatsApp, YouTube, Snapchat owner Snap, and TikTok owner ByteDance were each served with the orders. “Privacy is becoming a major concern for citizens,” commented Avast Security Evangelist Luis Corrons, “and internet companies collect and use people's data. It only makes sense for the government to learn what they are doing with it and how that data is being handled.”

The inquiry comes at a time when the biggest social media and video streaming services are under scrutiny from several factions. All companies named have been suspected of the improper use of consumer data and/or violations of the federal anti-monopoly law. In a joint statement, FTC Commissioners Chopra, Slaughter, and Wilson wrote, “It is alarming we know so little about companies that know so much about us.” The FTC gave the companies 45 days to respond to the orders.

6-year-old spends over $16,000 on in-app purchases

Real estate broker Jessica Johnson got a shocking surprise when she learned that the charges totaling $16,293.10 on her credit card bill came from her 6-year-old son George making in-app purchases while playing his favorite game on the iPad, Sonic Forces. When the Apple charges began showing up on her Chase bank statements, Johnson thought it must be fraud. She contacted Chase, which informed her that Apple scams are among the most common, and she’d have to contact Apple to resolve the matter. She did so, but learned the charges did originate from her account. In addition, Apple told her that she missed the 60-day window to dispute charges, so there was nothing the company could do. Unfortunately, Johnson had not taken steps to set up the parental controls on her son’s iPad to prevent this kind of situation. Read more on this story at the The New York Post.

International survey reports pandemic’s impact on kids

Over 26,000 children from 137 countries participated in a global survey put together by Queen’s University Belfast to collect information about the pandemic’s impact on kids. The “Life Under Coronavirus” survey was made available in 27 different languages, and it was designed for children between the ages of 8-17. Among its findings, 61% of the participants said they were getting a better education before COVID-19, and 56% said they have not been able to talk to their friends as much as they would like since the pandemic started. For more survey results, see the article on Newswise. Living much of their lives online now, kids are also running into more internet problems than before, including more cyberbullying, access to inappropriate content, and computer viruses. Read more about this issue here on the Avast Blog.  

China suspected of spying via Caribbean phone networks 

Mobile threat intelligence expert Gary Miller shared research with The Guardian that he alleges gives evidence that China may have been spying on Americans using mobile phone networks in the Caribbean. Miller believes China has been able to target, track, and intercept Americans’ phone communications by using a state-controlled mobile phone operator to direct signaling messages to US subscribers, particularly when they are traveling abroad. Signaling messages are commands that allow operators to locate phones, connect one to another, and assess roaming charges. A spokesperson for the Chinese embassy in Washington denied the allegations. 

Twitter hit with €450,000 GDPR fine

In the first instance of an American company being fined since the new European Union privacy law – the General Data Protection Regulation (GDPR) – took effect 2½ years ago, Ireland’s Data Protection Commission has slapped a €450,000 penalty on Twitter for failing to notify the regulator within 72 hours of a data breach it suffered in January 2019. It took almost 2 years for the penalty, which equates to about $546,000, to be decided. The social media giant is not disputing the punishment, as Twitter Chief Privacy Officer Damien Kieran commented, “We take responsibility for this mistake and remain fully committed to protecting the privacy and data of our customers.”  For more on this story, see the Wall Street Journal

This week’s ‘must-read’ on The Avast Blog

With the holiday season in full swing, you might be seeing a flurry of e-cards. Unlike a traditional snail mail card, e-cards come with risks — malicious actors take advantage of people’s holiday cheer by using e-cards as a method for delivery of malware. Luckily, we've rounded up seven steps to protect yourself against e-card scams.