Security News

TikTok sued over data collection of children

Avast Security News Team, Apr 23, 2021 9:56:10 AM

Plus, Facebook introduced new audio features and spies attack on LinkedIn

Former children’s commissioner of England Anne Longfield is suing TikTok on behalf of millions of children in the UK over data collection that Longfield maintains is without sufficient warning and transparency. According to BBC News, the claim covers all children who have used the popular video-sharing app since May 2018. Children wishing not to be represented can opt out, but if Longfield is successful, each child affected could be owed thousands of pounds. The collected data in question includes phone numbers, videos, exact location, and biometric information of each child. TikTok, owned by Chinese company ByteDance, issued a statement saying, “We believe the claims lack merit and intend to vigorously defend the action.”

Avast Security Evangelist Luis Corrons commented that while data protection should be a priority for digital platforms, part of the responsibility also falls on the user. “It is important to protect kids,” he said. “Even more so where they share content online. That being said, we all know how ‘useful’ warnings are – just look at everyone’s reactions to those warnings about cookies upon visiting a website. We parents are our kids’ best protectors and guardians, and it is on us to teach them, and give them the right advice about online safety.”

Facebook announces multiple new audio features

This week, Facebook announced a host of new features intended “to make audio presence easy, natural, and immersive so you can more fully experience social presence.” First and foremost in the effort is a new set of audio tools for users, what the announcement calls “a sound studio in your pocket” – sound effects, music, voice morphing, noise reduction filters, and more. These tools will allow content creators to make “Soundbites,” edited short-form audio clips that can convey jokes, anecdotes, inspiration, etc. The social platform will also begin accommodating podcast streaming. In addition, the site and Messenger app are testing Live Audio Rooms, a Facebook audio hangout in the style of the trendy social app Clubhouse.

Spies use LinkedIn to fool UK nationals

UK intelligence group MI5 warned the nation that over 10,000 professionals in the fields of government and key industries have been approached by spies hiding behind fake profiles on LinkedIn. Users who accept the connections are then baited into sharing national secrets, according to MI5. The Centre for the Protection of National Infrastructrure (CPNI) launched a campaign called “Think Before You Link” to alert government officials of the threat. BBC News reported that one concern is that once a victim accepts one of the malicious connections, that in turn would encourage the victim’s contacts to accept the request as well, since it would appear they share a mutual acquaintance. 

Codecov supply chain attack targets hundreds of networks

San Francisco-based online software testing platform Codecov suffered a supply-chain attack that went undetected for more than two months, and while initial reports were that only Codecov’s systems were affected, Reuters reported that the impact spread to hundreds of the company’s customers. Codecov has over 29,000 clients, including GoDaddy, The Washington Post, Procter & Gamble, and IBM. It is unclear who is behind the breach, but experts believe Codecov’s customers were targeted through this attack. The FBI’s San Francisco office is investigating.

New hacker tool reveals Facebook users’ email addresses

After Facebook dismissed the vulnerability a researcher found, saying it was not important enough to address, the researcher went public with a demonstration of the weakness through a hacking tool called Facebook Email Search v1.0. The researcher said the tool could link 5 million Facebook accounts to their associated email addresses in one day. Facebook then released a statement saying, “It appears that we erroneously closed out this bug bounty report before routing to the appropriate team. We appreciate the researcher sharing the information and are taking initial actions to mitigate this issue while we follow up to better understand their findings.” Read more on Ars Technica.

This week’s ‘must-read’ on The Avast Blog

How thoroughly do you want Amazon inside your home? Learn what your Amazon Echo knows about you in the latest installment of our "What Does The Internet Know About Me?" series.