A major cruise line says its customers’ private information may have been accessed during a data breach

carnival cruise
Carnival Cruise Line’s Carnival Ecstasy cruise ship in March 2020.

Carnival Corp says its guests’ and employees’ personal data may have been impacted in a data breach first discovered on March 19, a company spokesperson told Insider in an email statement on Friday.

In response to the breach, Carnival “shut down the event,” informed regulators, and called on a cybersecurity company to look into the attack. The investigation later found that information on guests, crew members, and employees with Carnival Corp and several of its brands – Carnival, Holland America, Princess, and “medical operations” – were impacted by the “third party access to limited portions of its information technology systems,” according to the spokesperson.

Personal information like Social Security and passport numbers, addresses, and health data may have been accessed during the breach, the Associated Press reported.

However, “there is evidence indicating a low likelihood of the data being misused,” the spokesperson told Insider. Carnival has since contacted the people who may have been affected by the data breach, and has created a call center to field any questions.

“As part of its ongoing operations, the company is continuing to review security and privacy policies and procedures and has been implementing changes as needed to enhance our information security and privacy program and controls,” the spokesperson said.

Carnival saw two ransomware attacks in August and December of 2020, the company reported in April.

Read the original article on Business Insider

Scraped personal data of 1.3 million Clubhouse users has reportedly leaked online

clubhouse app
  • Over a million Clubhouse users have had their personal data leaked for free, Cyber News reported.
  • The social media app, popular for its audio community, is the latest to have user records posted in a hacker forum.
  • LinkedIn and Facebook user data has also been exposed online within the past week.
  • See more stories on Insider’s business page.

The personal data of 1.3 million Clubhouse users has leaked online on a popular hacker forum, according to a Saturday report from Cyber News.

The scraped data of Clubhouse users includes names, social media profile names, and other details.

Clubhouse did not immediately respond to Insider’s request for comment that was made on Saturday. As Cyber News reported, the exposed data could enable bad actors to target users through phishing schemes or identity theft.

Clubhouse on Sunday pushed back on the Cyber News report, posting on Twitter: “Clubhouse has not been breached or hacked,” it said. “The data referred to is all public profile information from our app, which anyone can access via the app or our API (application programming interface).”

The invite-only social media app launched in March 2020 and has grown into a popular platform and attracted millions of users. Its audio community allows users to tune into conversations, or “rooms,” about various topics. The company is reportedly in talks for a funding round that values the company at $4 billion.

The development comes after two high-profile data breaches surfaced within the past week.

The same publication reported on Tuesday that the personal data of 500 million LinkedIn users – about two-thirds of the platform’s userbase – was scraped and listed for sale online. A LinkedIn spokesperson confirmed to Insider on Thursday that there is indeed a dataset posted of public information that was scraped from its platform. A hacker is attempting to sell the data for a four-digit sum and potentially in the form of bitcoin.

Paul Prudhomme, an analyst at security intelligence company IntSights, told Insider that the exposed data is significant because bad actors could use it to attack companies through their employees’ information.

Days before reports surfaced of the LinkedIn and Clubhouse data leaks, Insider’s Aaron Holmes reported that the full names, location, email addresses, and other sensitive pieces of information of 533 million Facebook users were posted in a forum.

Security researchers told Insider that hackers could use the exposed data to impersonate them or scam them into revealing sensitive login information.

Read the original article on Business Insider

Personal data of 1.3 million Clubhouse users has reportedly leaked online days after LinkedIn and Facebook also suffered data breaches

clubhouse app
  • Over a million Clubhouse users have had their personal data leaked online.
  • The social media app, popular for its audio community, is only the latest to suffer a data breach.
  • LinkedIn and Facebook user data has also been exposed online within the past week.
  • See more stories on Insider’s business page.

The personal data of 1.3 million Clubhouse users has leaked online on a popular hacker forum, according to a Saturday report from Cyber News.

The leaked data of Clubhouse users includes names, social media profile names, and other details.

Clubhouse did not immediately respond to Insider’s request for comment that was made on Saturday. As Cyber News reported, the exposed data could enable bad actors to target users through phishing schemes or identity theft.

The invite-only social media app launched in March 2020 and has grown into a popular platform and attracted millions of users. Its audio community allows users to tune into conversations, or “rooms,” about various topics. The company is reportedly in talks for a funding round that values the company at $4 billion.

Saturday’s report of a Clubhouse data breach is only the latest to surface within the past week.

The same publication reported on Tuesday that the personal data of 500 million LinkedIn users – about two-thirds of the platform’s userbase – was scraped and listed for sale online. A LinkedIn spokesperson confirmed to Insider on Thursday that there is indeed a dataset posted of public information that was scraped from its platform. A hacker is attempting to sell the data for a four-digit sum and potentially in the form of bitcoin.

Paul Prudhomme, an analyst at security intelligence company IntSights, told Insider that the exposed data is significant because bad actors could use it to attack companies through their employees’ information.

Days before reports surfaced of the LinkedIn and Clubhouse data leaks, Insider’s Aaron Holmes reported that the full names, location, email addresses, and other sensitive pieces of information of 533 million Facebook users were posted in a forum.

Security researchers told Insider that hackers could use the exposed data to impersonate them or scam them into revealing sensitive login information.

Read the original article on Business Insider

How to find out in 2 easy steps if your data was exposed in an online breach

online dating
Diana Grytsku/Shutterstock

  • Check if your email account or password is compromised in two easy steps on haveibeenpwned.com.
  • Billions of online records have been exposed in the past decade through breaches, hacks, or leaks.
  • See more stories on Insider’s business page.

A website called “Have I been pwned” can help internet users determine if their data has been exposed in an online breach.

Maintained by security analyst Troy Hunt, the database on haveibeenpwned.com, lets you check if one of your email addresses or passwords has been compromised, or “pwned,” in internet speak.

After typing the website into your browser, you just have to type in the address of the email account you wish to check for breaches. The site cross-references that email address with more than 10 billion accounts compromised in past breeches.

Here’s an example:

Screen Shot 2021 04 05 at 2.33.57 PM

Then, just click the “pwned?” button next to the search bar.

If your account is in the clear, you’ll get a green page that says “Good news,” with references for how to increase security.

Screen Shot 2021 04 05 at 2.34.24 PM

If your account details have been leaked, you’ll see a red screen that says, “Oh no — pwned!” It will tell me how many data breaches the email has been found in and where it may have been “pasted” to a publicly facing website.

Screen Shot 2021 04 05 at 2.37.09 PM

Read more: A data breach is exposing Big Law firms who were using a 20-year-old system for handling sensitive documents. Here’s what we know so far.

Over the weekend, more than 500 million Facebook users’ phone numbers, full names, locations, email addresses, and biographical information were leaked online, Insider reported. That adds to the more than 4 billion online records that have been stolen or accidentally leaked in the last 10 years, according to data from the Privacy Rights Clearinghouse.

If affected, consumers should take steps to secure their accounts by changing a password and setting up two-factor authentication.

Read the original article on Business Insider

Clubhouse users should assume they’re being recorded, a data-privacy expert said, following a breach that sent conversations to another website

clubhouse app 1
In this photo illustration the Clubhouse app logo is seen displayed on a smartphone screen.

  • Clubhouse users should not assume conversations are private, a cybersecurity expert told Bloomberg.
  • Over the weekend, the app was breached by an unknown user who streamed audio feeds to an external website.
  • This came just a week after the app said it was working to protect user data from hackers.
  • Visit the Business section of Insider for more stories.

People participating in discussions on the audio-chatroom app Clubhouse should assume they are being recorded, data-privacy expert Alex Stamos told Bloomberg.

Over the weekend – nearly a week after the app said it was working to protect user data from hackers – cybersecurity experts learned that a user was remotely sharing login information, pulling audio and metadata from Clubhouse to an external site.

The unidentified user streamed Clubhouse audio feeds from “multiple rooms” into their own third-party website, a Clubhouse spokesperson told the publication.

The company has permanently banned the user, it added.

“Clubhouse cannot provide any privacy promises for conversations held anywhere around the world,” Stamos, director of the Stanford Internet Observatory (SIO) and former Facebook security chief, told Bloomberg.

While the SIO was unable to identify the hackers, Stamos said the perpetrators used JavaScript – the same programming language used to create Clubhouse – in order to breach the system.

Insider contacted Clubhouse for comment, but did not receive a response in time for publication.

On February 12, the SIO released a report into the invite-only app which said user data may be accessible to China’s government. In response, Clubhouse said it would review its policies and roll out added encryption in the next “72 hours.” It also said it plans to hire an external data security firm to review these changes.

SIO researchers said they found some of Clubhouse’s back-end infrastructure, including its audio production and data traffic processing, had been provided by Agora, a Shanghai-based startup with an office in Silicon Valley. Some of this data was being transmitted without encryption.

“Agora would likely have access to users’ raw audio, potentially providing access to the Chinese government,” the researcher said, and cited an SEC filing in which Agora said it was required to aid the Chinese government in national security and criminal investigations. Conversations about the Tiananmen protests, Xinjiang camps, or Hong Kong protests could qualify as criminal activity, the SIO said.

Agora told Bloomberg it couldn’t comment on Clubhouse’s security or privacy protocols, but said it was “committed to making our products as secure as we can.” 

A researcher at the SIO, Jack Cable, told Bloomberg that Clubhouse will likely look into restricting the rooms a user can enter at once, as well as the use of third-party applications in the chatrooms in order to prevent future data breaches.

Clubhouse users have live streamed and shared conversations on outside platforms in the past. In January, viewers hit the app’s 5,000 guests per room limit when Tesla CEO Elon Musk interviewed Robinhood CEO Vladimir Tenev on “The Good Time Show.” The group opened additional rooms, as well as streamed the conversation on YouTube in order to allow thousands to tune in.

Weeks later, an appearance by Facebook CEO Mark Zuckerberg on the same Clubhouse show caused the app to crash for some users.

The invite-only app has continued to garner public interest since it was created less than a year ago as a way to promote free speech and dynamic conversations online. In the past few months, celebrities, including Paris Hilton, Oprah Winfrey, and Mark Cuban, have flocked to the application.  

In January, the app backed by Andreessen Horowitz received a $1 billion valuation.

Clubhouse operates as a real time, audio-only application which allows users to go into individual “rooms” and discuss anything from politics to social justice and pop culture.

The app is currently in beta mode, but in February, Clubhouse CEO Paul Davison told CNBC he plans to open the audio app to all users as soon as possible.

Read the original article on Business Insider