Dec 22, 2018
There is a new law governing encryptions in Australia. Today I will discuss what this law is trying to accomplish and what effects it may have worldwide.
AI or more precisely machine learning is becoming more common. I will talk more about what happens when algorithms go wrong.
Hacks and More Hacks. This year we have had a lot of hacks and we have talked about some of them. Today I will talk about the 21 biggest hacks of 2018.
Apps are tracking you, even when you turn off tracking. Today I will explain what you can do to prevent this from happening.
These and more tech tips, news, and updates visit - CraigPeterson.com
Below is a rush transcript of this segment, it might contain errors.
Airing date: 12/22/2018
The 21 Biggest Hacks Of 2018 - Why They Occurred
Craig Peterson: 0:00
Hi everybody, Craig Peterson here, show number 986. That's 986 weekly shows won't be long, we're going to be at show 1000 on the air for 1000 weeks is not the coolest thing ever. Alright, today, as always, we're going to talk about some of the latest tech that's out there. And it's, you know, end of the year, I hope you're going to have a great week, all of us standard tips you should already know about shopping online, and what to do with your information. But really kind of keep in mind that the biggest problem that I think most people are going to face this year as well as for years to come is kind of the fraud thing. It's not just clicking on emails anymore, which is a problem because people are still sending bad links we're talking about the problem of having an email come in, that looks legitimate asks you to do something taken action. For instance, pay off, pay a vendor off, right? Pay vendors invoice and that email did not come from the person you think it came from. It didn't come from the boss didn't come from finance people. So pay a little bit more attention to your emails. It's a huge problem. You've heard me talking about it before. And also make sure you follow through with my special report on how to keep your information safe online because we know you're going to be hacked, right? It's it's inevitable. Everyone either has been had their data stolen has been hacked, right? So it's not like you've been hacked but Equifax has been hacked we talked about them last week or one of these other organizations and it's going to affect you in a very negative way so make sure your information even though that it's it's out there isn't going to be used against you with this Marriott hack and we'll be talking
Craig Peterson 1:57
about it today is one of our articles they're saying you know passports were stolen
Craig Peterson 2:02
credit card information was stolen personal information was stolen well yeah that's a big problem no question about that but what do you do right isn't that the problem what do you do and that's what this special report all about so if you haven't got it yet if you didn't sign up for to get a copy of it. Make sure you go to Craig Peterson comm slash subscribe and you'll be given the option to get that special report we're going to have a paid version of that in the future. So get it now while it's free because it is guaranteed not to be free in the future. There's a lot of people that want this thing and we're adding more to it we're gonna have a little course on it with screenshots and we're going to have in fact I've already invited and we've got commitments from all of the major credit bureaus to be on part of this information product here we're going to have a little bit on this radio show and we'll talk more about it as well but get it now that's the best thing you can do frankly and it's all free it's all free stuff you can do you don't have to pay anybody a dime in the bottom line is don't pay these protection bureaus to protect your data because they don't actually protect it all they do is let you know after the fact so it's simple enough this you can email me at Craig Peterson calm to and either me or one of our minions will get back with you to help you out and get your copy of that
Craig Peterson 3:32
this is for you, okay I'm not I'm not going to hammer you with all kinds of messages marketing messages and stuff it's free classes yes I do have services that I sell but this is all free as I pat myself on the back
Craig Peterson 3:47
if you're watching in video Hey welcome we're going to try and do this more regularly have our shows up on the website at http://CraigPeterson.com This is going to go into to the insiders site eventually so you have to be insider in order to watch some of these videos but all of that of course just http://CraigPeterson.com/subscribe. So for today, I've got a whole lot of stuff here. I want to talk more about that Australian law that was just passed this anti encryption bill to more of what that means. I mentioned I'm going to talk about marrying it as well. This is very interesting. This is an article from The Verge I have up on http://CraigPeterson.com and this is talking about artificial intelligence. What do we do when algorithms go wrong? I was shocked to see California saying they're going to have a computer program determine whether or not somebody should be bailed out, basically, the getting rid of the bail bondsman, etc. And now your ability to get bail.
Craig Peterson 4:56
It's going to be in the hands of a computer. So what happens when things go wrong, your apps are tracking you what to do about
Craig Peterson 5:03
that. And we've got the biggest data breaches of 2018 this is this is a big deal. And the article is great as got a picture of the Zuck right there
Craig Peterson 5:13
on the front of it. Mark Zuckerberg now but data breaches and 2018 compromise the personal information of millions of people. And we're talking hundreds of million people around the world. So here are the 21 biggest data breaches of last year let's see if you were part of any of these British Airways. And by
Craig Peterson 5:35
the way, if you were not only should you make sure that you follow those directions in my personal information, special report, but you might be able to go after these companies and some of them will pay you to do some data recovery and other things British Airways 380,000 people had their credit card stolen
Craig Peterson 6:00
so that's a bad thing but it also affected the bookings Orbitz had 880,000 Records stolen Wow, almost a million people and that's payment card information, personal data, billion addresses phone numbers, emails and this is hackers the access the travel bookings in the website system, sling health one and a half million people. This is the Singapore government health a database. Yeah, we want health database and some of the patient's history of dispense medicines. And the reason they want to know about medicine prescriptions is so that they can break into your home. They sell that to local criminal organizations, gangs, and others. And then they say, Oh, this guy's got Percocet or whatever might be and they break in and steal it. Or in some cases, they've gone so far as to follow that person. And I mug them when they just before they get home. When they come back. The pharmacy information on the Prime Minister of Singapore was also targeted as part of this. And it was a deliberate targeted well-planned attack. That's from the BBC T Mobile. And this one hit me encrypted passwords, which isn't necessarily a big deal personal data including account numbers, billing information, email addresses that happened summer this this year, quote, international group of hackers unquote access T Mobile servers through a T Mobile API and API's, these application programming interfaces are being used more and more. I just had two weeks ago, I was in a three-day session, today's session, I guess it was with Cisco about their APIs and what they're doing more and more of these, you're going to see problems with my personality, 4 million people. This is personal data by Facebook customers who use the mind personality app. Remember the whole thing about the Trump campaign and using this British firm to get information on people and Facebook, it was a big deal. Of course, what was worse was what the Obama campaign did put the
Craig Peterson 8:15
course the media is never going to report on that right because the Obama campaign got way more data from about way more people. But if you play these games on Facebook, you are giving up your personal information. In this case, it was stolen
Craig Peterson 8:31
mostly active before
Craig Peterson 8:34
but it was banned from Facebook this year. And it's mishandled Facebook user data, Sachs and Lord and Taylor. You wouldn't have expected that from a higher end brand. But they lost 5 million people's information. This is payment card numbers. They never release the details on what happened. But the New York security firm Gemini advisory says a hacking group called Joker stash announced that it had put them up for sale, 5 million stolen credit card debit cards and the records came from Lord and Taylor customers. She in.com six and a half million email addresses passwords that were encrypted customers online store accounts that happened in June this year. Hackers carry out a sophisticated criminal cyber attack on its computer network.
Craig Peterson 9:26
Cathay Pacific airways I'm not sure if I'm pronouncing that right
Craig Peterson 9:29
here. 4.9 million records stolen. That includes 860,000 passports for 240 5000
Craig Peterson 9:39
Hong Kong identity card numbers 403 credit card numbers 27 without the CV v. So not a lot of credit card stuff but a lot of passport stuff which is what people worrying about with the Marriott hack. And we'll talk about that in a little bit here.
Craig Peterson 9:57
14 million names email, phone numbers, trip data, Time Hop. Hey, there's a bit of a theme this year in the travel, hoteliers, Time Hop 21 million names, emails, and some phone numbers, access credentials or cloud computing environments. Compromise come cloud computing account had not been protected by multifactor authentication. Again, the cloud is not a panacea. Everybody ticket fly 27 million people this is a ticket company sells tickets to events primarily personal information, including names, addresses, email phone numbers, a hacker compromised sites webmaster and gained access to a database called backstage contained client information for all of the venues, promoters, and festivals Facebook 29 million. That was from last summer, summer 2017 to this summer. This fall, actually 29 million highly sensitive data, including locations, contact details, relationship status reach recent searches, devices used to log in, the hackers were able to exploit vulnerabilities, and Facebook's code to get their hands on access tokens. We talked about this on the show, Chegg. 40 million people I know Chegg C-H-E-G-G, personal data including names, email, shipping account usernames, passwords, now didn't say an encrypted password. So again, another reason to use a different password on every website. Use a password manager like one password or last pass. Those are both great one password or last pass. And that happened just this year. According to Chegg's SEC, filing on authorized party gained access to company database and host user data.
Craig Peterson 11:50
Google Plus 52 million. In fact, this was according to many people, the final straw for Google Plus because 52 million people had their data stolen, Google really wasn't paying attention to it. They weren't keeping their software up to date. And they had a lot of bugs in this apparently was a known security flaw they've been out there for a while.
Craig Peterson 12:13
So this is private information on Google Plus profiles including name, employer, job title, email address, birthdate, age, and relationship status, and it went on from March to November 2018
Craig Peterson 12:28
and this was exposed by the Wall Street Journal by the way software glitch called cause Google to expose a personal profile data 500,000 Google Plus users second data breach that affected another 52 and a half million it is going to be shut down for good in April 2019 so don't bother Google Plus anymore. Cambridge Analytica, that's when I referred to a little bit earlier, the Trump guys working for the Trump guys it was this a breach I don't know, what's Obama getting information on over 300 million American accounts was, was at a data breach that's not in here. That's weird,
Craig Peterson 13:08
Cambridge Analytica, 87 million Facebook profiles and then data identify and user's preferences and interests happened in 2015. And this is your digital life. You might remember that my heritage, 92 million people's email addresses encrypted passwords of users who signed up for the service Trove email address and hash passwords sitting on a private server somewhere outside of the company. That's from Business Insider Quora. This is a recent one 100 million Have you ever used core if you haven't, you might want to check it out. Quora.com. People ask questions people answer questions hopefully experts right are answering the questions and I find some of the stuff really fascinating but they stole and this includes me again account information including names email addresses, encrypted password data from user counseling to core in users public questions and answers
Craig Peterson 14:04
I don't by the way answer questions on Quora they don't have my real name so they won't even let me post right. That's why I don't answer I guess certainly an exclusion I use I I tend to use I've done this because I who back in the 70s one of my first jobs was in marketing and I helped to develop a marketing system computerized IBM based that that put every competitor in the whole country out of business and we had some pretty major clients you know, Encyclopedia firms you know, grow earlier don't know if you remember those guys and where's the record company Columbia Records I Jude sign up for records and that was all our software
Craig Peterson 14:46
so it was kind of cool so back then I learned how your tracked and what you should do about the tracking because of course it's your data you want to know me as a marketer I wanted to know where did they get my name from so I could still to this day use different names email addresses contact info everything I can for every site so that I know what who sold my name who's contacting me what's going on? What's the marketing all about? So Quora had 100 million people
Craig Peterson 15:19
malicious third party names email encrypted passwords, My Fitness Pal 150 million people usernames, email encrypted passwords that happened in February 2018 unauthorized party gained access to data
Craig Peterson 15:36
see exact is 340 million people this is a massive database that is used
Craig Peterson 15:46
to collecting gather information from all kinds of sources and then sell it exact us
Craig Peterson 15:51
I'm in fact I think I had them on the show here 10, 15 years ago.
Craig Peterson 15:57
So they had detailed information compiled on millions of people and businesses including phone numbers, addresses personal interest, personal characteristics
Craig Peterson 16:06
and more happened in June this year a security expert spotted a database with pretty much us every US citizen in that left exposed on a publicly accessible server although it's unclear whether any hackers access the information that this is kind of interesting because what they're saying here is that they had this database on publicly accessible servers the smart money would bet that it's like an Amazon server one of these cloud servers that businesses are using a narc properly securing Marriott Starwoods Hotel 500 million people guest information including phone numbers email passports reservation date, some payment card numbers expiration date and they accessed it top install guests information in the thinking right now based on the tools that were used in this Marriott hack. The thinking is the date was the Chinese that didn't. In fact, it was Chinese spy craft trying to get all this information. And Marriott says if you can
Craig Peterson 17:07
prove that your passport number was not only stolen from Star words, but you can prove that in fact has been used illegally. Then they'll give you the hundred and $10 fee for getting into a passport. Amazing name. And the number one drumroll please was at a hard
Craig Peterson 17:28
1.1 billion records. private information on India residents including their 12 digit ID numbers and connected services, including bank accounts and credit cards, etc. was stolen. It's unclear how long the data had been out there. But it was discovered in March 2018. And this is how it happened. India's government ID database stores the citizens' identity, biometric info experienced a quote data leak honor system run by a state-owned utility company in Dane hadn't secured their API, what I mentioned earlier about API's, which is used to access the database, which gave anyone access to add a har information. So there you go, there's the biggest data breaches of heads a big deal, isn't it.
Craig Peterson 18:25
Now, this next thing is something that a lot of people are concerned about. And that is apps and how apps are tracking them, here's what you can do to stop them out there, I'm going to do a thing for the FBI in regarding going to try and do something similar. Some of the information is kind of classified, you know, that is, it's, it's sensitive information. So I may not be able to do a master class on this, I'm going to try to,
but your phone, and particularly if it's an Android phone, and particularly if you have Google software on it, but it
Craig Peterson 18:58
isn't just Google Apps to do this, your phone is being tracked. And the data the Google collects on you is incredible. It's things like you got out of a car, you walked for four minutes, and then they put a probability next year,
Craig Peterson 19:16
you were in a car traveling from here to there, probability 100%, you entered the restaurant and ate a meal probability 35%.
Craig Peterson 19:27
That's what they do. They read all of this stuff. And then they're using it internally. And they're selling now in some ways, who cares, right, in some ways is better. I don't want to see car ads. When I'm not interested in buying a car. I want to see ads for things I'm interested in. So from that point, this whole Google thing where they're tracking us is a good thing. But do you know how many people are tracking and what they're doing with these databases? It's absolutely crazy. The New York Times, just to a couple of weeks ago, purchased anonymized data from a third party vendor now a nun
Craig Peterson 20:06
data, Okay, come on people,
Craig Peterson 20:09
Craig Peterson 20:10
try and anonymized data, but you're not going to be able to completely anonymized people are going to be able to go back and figure out
Craig Peterson 20:19
who's data it is. So having anonymized data doesn't mean that the information can be traced back to and the New York Times purchased it from a third party vendor. There are many of them I just mentioned, one is part of the 21 biggest data breaches and they use it to show how companies are tracking people through their day.
And completely, they know where you live, they know where you work, they know where you go, and what you do.
Craig Peterson 20:48
So they went to the doctor, they want to exercise, etc, etc. And they found that more than 1000 apps
Craig Peterson 20:56
have location sharing capabilities. Now on both your iOS devices and your Android devices, it's supposed to pop up and tell you, hey, listen, they want to track
Craig Peterson 21:09
us and Okay,
and you might say, yes, you might say, No,
Craig Peterson 21:14
I'm going to have to talk about this in a couple of weeks. But Facebook has been gaming and cheating that whole
Craig Peterson 21:18
system. But this report that came out here, this is a 2018 report from mighty signal vague those guys have new mobile phone analysis
Craig Peterson 21:29
is saying that there are 1200 apps in the Google Android store that track you and 200 on Apple iOS, even apps that have no apparent connection to location will apparently track your whereabouts.
Craig Peterson 21:44
So here's the bottom line. There are 50 plus apps on the average phone. And I know I have at least that many, what do I do, what should you do delete the apps you don't use and then go into your settings.
And this is available both in Android and in iOS, and turn off location sharing for those apps that you don't want to do location sharing with. And Apple has
Craig Peterson 22:10
recently added a new feature like within the last couple of years, the lets you say that they can only use location tracking if you're currently using the app. So I think that's a very good thing to do. I turn if I want an app to be able to use location tracking I have it set so only while I'm using the app that's a very simple thing that you can do that should make life a little bit simpler for you. So under settings and privacy is where you'll find it I've got this article up and http://CraigPeterson.com. It's originally from Market Watch, I think you're going to find it very interesting and very helpful as well. Let's see I mentioned Marriott paying for a passport. So, we'll set that one aside.
Craig Peterson 22:57
This Australian anti encryption building, you didn't hear me last week. This is this is just crazy. Because about two weeks ago, the Australian Parliament passed a bill is forcing tech firms
Craig Peterson 23:09
to help Australia security agencies bypass encryption. It's called the assistance and access bill. And it's going to allow the police to Tell Whatsapp signal I message etc. that are all end to end encrypted communications that they must build in back doors so that investigators can get access to the content of the messages. Now, this is going to be rubber stamped into law course in Australia and the Commonwealth fee. The Crown has to prove it. But that's a rubber stamp. And security experts are unanimously pretty much against these types of backdoor so be careful.
Craig Peterson 23:52
Australia is also one of the members of what is called the Five Eyes intelligence agencies.
Craig Peterson 23:59
And this means they share data with the other members of the Five Eyes. So that's the US
Craig Peterson 24:05
UK, Canada, New Zealand, and Australia. So they share stuff all the time we heard about how the UK for instance, was sharing information about the Trump campaign and the Trump campaign organization. The UK apparently was sharing with the Obama administration because your mom Mom administration under US law can't spy on our citizens. But the UK can. Australia can New Zealand can
Canada can. And
Craig Peterson 24:36
that's how they get around the laws. Because the US isn't the only country with laws and you can't spy on your citizens. But they get around it by saying, Well, it wasn't
it was the steel. He's the guy he was in the UK. Okay,
Craig Peterson 24:50
so keep that in mind. Because this whole issue of intelligent encryption has really been bothering the intelligence agencies and should be bothering you too because now Australia will be able to break in. So if Australia can break into I message or WhatsApp or signal
Craig Peterson 25:11
and they're trying to follow someone who's in the US. Will the Australians be able to break the encryption for that US citizen while they're in the United States and then share that with the United States? And the answer is an astounding Yes,
they can and they will it's going to happen. Okay.
Craig Peterson 25:34
So be very careful about this. I don't like this law. The Five Eyes share way too much information. Our government is gathering way too much information and it just scares the living daylights out of me. Okay. That's that's the bottom line. Right?
Craig Peterson 25:50
Yeah. Okay. I do stuff within regard the FBI in regard program.
Craig Peterson 25:53
I work with the FBI on some of these really bad security cases. But it's the worst of the worst, right? We're not talking about blanket capturing, so don't blame me.
Craig Peterson 26:03
Okay, now let's talk about this real quickly. Our last article of the day and this is about programs when algorithms go wrong. I mentioned week or two ago about how California now is using computer programs to figure out if somebody should get out on bail or if they should go to jail if they can be trusted, right
Craig Peterson 26:26
and they're even getting rid of the cash bail system over there. It's kind of nuts but how do you deal with that I can I can cross-examine a witness on the stand and hopefully they can answer the questions hopefully they are the expert that they've been promised to be but many times that just is not the case so big tech companies now found themselves in this artificial intelligence Gold Rush they're going for our information as much information as they can get they are putting the AI stuff in place based on the information and you know we talked before about following people and learning how to cook and stuff so they're doing all of that what are you going to do when an AI wrongly accuses you
Craig Peterson 27:18
right or it denies you entry because it thinks that you're a bad person which is already happening in China okay then this is bad we got to have more wreck
Craig Peterson 27:28
not regulations but more accountability because there's a serious accountability gap for these companies
Craig Peterson 27:35
all right you're going to find these articles and a whole lot more http://CraigPeterson.com make sure you subscribe to my weekly email so that you get a notification about all of my webinars our master classes the free special reports all of this stuff http://CraigPeterson.com/subscribe. http://CraigPeterson.com/subscribe.
Craig Peterson 27:56
Have a great Christmas and I'll be back again next Saturday. Bye-bye.
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: