In one look.
- Grindr data for sale.
- Mental health apps can leak.
- Student financial aid data inadvertently shared with Facebook.
- A data breach blocks a healthcare startup.
Grindr user data is peddled on the dark web.
The Wall Street Journal reports that location data from Grindr, one of the world’s largest dating and social media apps for gay, bi, trans and queer people, has been for sale on the dark web since at least 2017. The data was collected from a digital advertising network, and although Grindr stopped sharing user location data with these networks two years ago, it appears that historical data is still circulating in underground markets. . Patrick Lenihan, Grindr spokesperson, said: “Since the start of 2020, Grindr has shared less information with advertising partners than any of the major technology platforms and most of our competitors. The activities that have been described would not be possible under Grindr’s current privacy practices, which we have had in place for two years. Although the data exposed does not include personally identifiable information, details about users’ locations can be used to determine a user’s home address, place of work, and even dating. The reports are further evidence that data from dating apps is considered a rare commodity for hackers, a fact that US national security experts demonstrated in a recent presentation warning of intelligence risks posed by hackers. commercially available information. Additionally, being a member of the queer community is still considered illegal in some parts of the world, and while Grindr says it doesn’t run ads in areas where being gay is a crime, details about romantic life of a user can still be harmful even in the US, as evidenced by the case of a US Catholic official who came to light as a Grindr user last year.
“Privacy not included” in mental health apps.
New data from Mozilla researchers shows that, compared to other mobile apps, mental health apps are the worst at protecting user privacy, with prayer apps coming the closest. Jen Caltrider, manager of Mozilla’s ‘Privacy Not Included’ guide, told The Verge: “The vast majority of mental health and prayer apps are exceptionally creepy. They track, share and exploit users’ innermost personal thoughts and feelings, such as moods, mental state and biometric data. The guide found that twenty-nine of the thirty-two mental health and prayer apps analyzed allowed weak passwords, shared data with third parties like advertisers, and in some cases even collected chat transcripts. Mental health apps like Worst Offender Better Help connect users with mental health professionals and facilitate treatment. Youper, Woebot, Better Stop Suicide, Pray.com and Talkspace round out the list, which is particularly troubling given the sensitive nature of the data the apps collect. Mozilla researcher Misha Rykov described these apps as wolves in sheep’s clothing: “They work like data-sucking machines with a sanity app veneer.”
Student financial aid data inadvertently shared with Facebook.
Markup investigators found that the personal data of millions of US students applying for college financial aid was automatically shared with Facebook through a code embedded in the Free Application for Federal Student Aid (FAFSA) website. A spokesperson for the Department of Education initially denied the claims, but Federal Student Aid (FSA) chief operating officer Richard Cordray issued a follow-up admitting that as part of an advertising campaign March, the agency had changed its tracking settings, inadvertently allowing “certain information about StudentAid.gov users that falls outside of the FSA’s normal collection efforts, such as the first and last name of a user, must be tracked. Cordray added that the automatically anonymized data was not used by the FSA or Facebook, and the embed code was disabled after the campaign ended. However, Markup’s investigation shows that the data were sent to Facebook as early as January 2022. The code in question, Meta’s Pixel, is an online visitor tracking tool used for advertising purposes on many websites, Meta spokeswoman Alisha Swinteck said. ” We are in contact with [studentaid.gov] ensure the proper implementation of our tools. It should also be noted that Meta continues to proactively educate advertisers in sensitive verticals on how to properly configure our business tools. »
Healthcare startup folds after data breach.
Healthcare startup myNurse shut down following a data breach in March, reports TechCrunch. The company, which provides chronic care management and remote patient monitoring services, said an unauthorized person accessed the company’s protected health data, including demographic, health and financial information about patients. patients. myNurse says the decision to close is unrelated to the breach, but did not disclose another reason for the closure. Co-founder and chief executive Waleed Mohsen said only that the company was considering “how best to adjust our business model in a changing healthcare landscape.”