After having upgraded to a graphics card that can handle 4k and 120Hz, I spent a LOT of time figuring out why I couldn’t find (or create) that mode on my PC. Support first told me the monitor had 110Hz, but that (or lower) didn’t work either. Support then told me – nope: it’s only 60 Hz.
It turns out that this is indeed buried in the manual on page 15.
The customer support rep was sorry for me, but that’s it. There is no way to take a company like LG to task apart from writing about it.
Possibly I haven’t learnt from my own posts: Don’t Buy an HDMI 2.1 TV Before You Read the Fine Print – The HDMI 2.1 specification is crazy and as long as any one of the components in the system is 2.1 compatible the rest don’t have to be, but you still get the label.
Billions of records detailing people’s personal information may soon be dumped online after being allegedly obtained from a Florida firm that handles background checks and other requests for folks’ private info.
A criminal gang that goes by the handle USDoD put the database up for sale for $3.5 million on an underworld forum in April, and rather incredibly claimed the trove included 2.9 billion records on all US, Canadian, and British citizens. It’s believed one or more miscreants using the handle SXUL was responsible for the alleged exfiltration, who passed it onto USDoD, which is acting as a broker.
The pilfered information is said to include individuals’ full names, addresses, and address history going back at least three decades, social security numbers, and people’s parents, siblings, and relatives, some of whom have been dead for nearly 20 years. According to USDoD, this info was not scraped from public sources, though there may be duplicate entries for people in the database.
Fast forward to this month, and the infosec watchers at VX-Underground say they’ve not only been able to view the database and verify that at least some of its contents are real and accurate, but that USDoD plans to leak the trove. Judging by VX-Underground’s assessment, the 277.1GB file contains nearly three billion records on people who’ve at least lived in the United States – so US citizens as well as, say, Canadians and Brits.
This info was allegedly stolen or otherwise obtained from National Public Data, a small information broker based in Coral Springs that offers API lookups to other companies for things like background checks. The biz did not respond to The Register‘s inquiries.
There is a small silver lining, according to the VX team: “The database DOES NOT contain information from individuals who use data opt-out services. Every person who used some sort of data opt-out service was not present.” So, we guess this is a good lesson in opting out.
USDoD is the same crew that previously peddled a 3GB-plus database from TransUnion containing financial information on 58,505 people.
And last September, the same criminals touted personal information belonging to 3,200 Airbus vendors after the aerospace giant fell victim to an intrusion
Computer hardware manufacturer Cooler Master has suffered a data breach after a threat actor breached the company’s website and claimed to steal the Fanzone member information of 500,000 customers.
Cooler Master is a hardware manufacturer based in Taiwan that is known for its computer cases, cooling devices, gaming chairs, and other computer peripherals.
Yesterday, a threat actor by the alias ‘Ghostr’ contacted BleepingComputer and claimed to have stolen 103 GB of data from Cooler Master on May 18th, 2024.
“This data breach included cooler master corporate, vendor, sales, warranty, inventory and hr data as well as over 500,000 of their fanzone members personal information, including name, address, date of birth, phone, email + plain unencrypted credit card information containing name, credit card number, expiry and 3 digits cc code,” the threat actor told BleepingComputer.
Cooler Master’s Fanzone site is used to register a product’s warranty, submit return merchandise authorization (RMA) requests, contact support, and register for news updates.
In a conversation with BleepingComputer, Ghostr told BleepingComputer that the data was stolen by breaching one of the company’s front-facing websites, allowing them to download numerous databases, including the one containing Fanzone information.
The threat actor said they attempted to contact the company for payment not to leak or sell the data, but Cooler Master did not respond.
However, they did share a link to a small sample of allegedly stolen data in the form of comma-separated values files (CSV) that appear to have been exported from Cooler Master’s Fanzone site.
Samples of stolen data Source: BleepingComputer
These CSV files contain a wide variety of data, including product, vendor, customer, and employee information.
One of the files contains approximately 1,000 records of what appear to be recent customer support tickets and RMA requests, which include customers’ names, email addresses, date of birth, physical addresses, phone numbers, and IP addresses.
BleepingComputer has confirmed with numerous Cooler Master customers in this file that the listed data is correct and that they opened an RMA or support ticket on the date specified in the leaked sample.
The Japanese government is pushing ahead with a plan to make Japan’s publicly funded research output free to read. From a report: In June, the science ministry will assign funding to universities to build the infrastructure needed to make research papers free to read on a national scale. The move follows the ministry’s announcement in February that researchers who receive government funding will be required to make their papers freely available to read on the institutional repositories from January 2025. The Japanese plan “is expected to enhance the long-term traceability of research information, facilitate secondary research and promote collaboration,” says Kazuki Ide, a health-sciences and public-policy scholar at Osaka University in Suita, Japan, who has written about open access in Japan.
The nation is one of the first Asian countries to make notable advances towards making more research open access (OA) and among the first countries in the world to forge a nationwide plan for OA. The plan follows in the footsteps of the influential Plan S, introduced six years ago by a group of research funders in the United States and Europe known as cOAlition S, to accelerate the move to OA publishing. The United States also implemented an OA mandate in 2022 that requires all research funded by US taxpayers to be freely available from 2026. When the Ministry of Education, Culture, Sports, Science and Technology (MEXT) announced Japan’s pivot to OA in February, it also said that it would invest around $63 million to standardize institutional repositories — websites dedicated to hosting scientific papers, their underlying data and other materials — ensuring that there will be a mechanism for making research in Japan open.
Google has accidentally collected childrens’ voice data, leaked the trips and home addresses of car pool users, and made YouTube recommendations based on users’ deleted watch history, among thousands of other employee-reported privacy incidents, according to a copy of an internal Google database which tracks six years worth of potential privacy and security issues obtained by 404 Media. From the report: Individually the incidents, most of which have not been previously publicly reported, may only each impact a relatively small number of people, or were fixed quickly. Taken as a whole, though, the internal database shows how one of the most powerful and important companies in the world manages, and often mismanages, a staggering amount of personal, sensitive data on people’s lives.
The data obtained by 404 Media includes privacy and security issues that Google’s own employees reported internally. These include issues with Google’s own products or data collection practices; vulnerabilities in third party vendors that Google uses; or mistakes made by Google staff, contractors, or other people that have impacted Google systems or data. The incidents include everything from a single errant email containing some PII, through to substantial leaks of data, right up to impending raids on Google offices. When reporting an incident, employees give the incident a priority rating, P0 being the highest, P1 being a step below that. The database contains thousands of reports over the course of six years, from 2013 to 2018. In one 2016 case, a Google employee reported that Google Street View’s systems were transcribing and storing license plate numbers from photos. They explained that Google uses an algorithm to detect text in Street View imagery.
Adobe has decided that if you use its software, it can re-use anything you create. Considering you pay to use the software, that’s a bit grating.
4.2 Licenses to Your Content. Solely for the purposes of operating or improving the Services and Software, you grant us a non-exclusive, worldwide, royalty-free sublicensable, license, to use, reproduce, publicly display, distribute, modify, create derivative works based on, publicly perform, and translate the Content. For example, we may sublicense our right to the Content to our service providers or to other users to allow the Services and Software to operate as intended, such as enabling you to share photos with others. Separately, section 4.6 (Feedback) below covers any Feedback that you provide to us.
Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware or by purchasing them on online crime forums.
Ticketmaster parent Live Nation—which disclosed Friday that hackers gained access to data it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event ticket broker said it identified the hack on May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user data for sale via the dark web.”
Ticketmaster is one of six Snowflake customers to be hit in the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said in a now-deleted post that Santander, Spain’s biggest bank, was also hacked in the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a data breach affecting customers in Chile, Spain, and Uruguay.
“The tl;dr of the Snowflake thing is mass scraping has been happening, but nobody noticed, and they’re pointing at customers for having poor credentials,” Beaumont wrote on Mastodon. “It appears a lot of data has gone walkies from a bunch of orgs.”
Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted data purportedly belonging to both as evidence. The group took to a Breach forum to seek $2 million for the Santander data, which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster data, which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.
Enlarge/ Post by ShinyHunters seeking $2 million for Santander data.
Enlarge/ Post by ShinyHunters seeking $500,000 for Ticketmaster data.
Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly on Telegram for a while and regularly relies on infostealer malware to obtain sensitive credentials.
The group has been responsible for hacks on dozens of organizations, with a small number of them including:
According to Snowflake, the threat actor used already compromised account credentials in the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).
Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.
“It did not contain sensitive data,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production or corporate systems.”
The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.
“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said in the post.
Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, or breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA on Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.
“They need to, at an engineering and secure by design level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be optional. And they’ve got to be completely transparent about steps they are taking off the back of this incident to strengthen things.”
If you contact Spotify’s customer service with a valid receipt, the company will refund your Car Thing purchase. That’s the latest development reported by Engadget. When Spotify first announced that it would brick every Car Thing device on December 9, 2024, it said that it wouldn’t offer owners any subscription credit or automatic refund. From the report: Spotify has taken some heat for its announcement last week that it will brick every Car Thing device on December 9, 2024. The company described its decision as “part of our ongoing efforts to streamline our product offerings” (read: cut costs) and that it lets Spotify “focus on developing new features and enhancements that will ultimately provide a better experience to all Spotify users.”
TechCrunch reports that Gen Z users on TikTok have expressed their frustration in videos, while others have complained directed toward Spotify in DMs on X (Twitter) and directly through customer support. Some users claimed Spotify’s customer service agents only offered several months of free Premium access, while others were told nobody was receiving refunds. It isn’t clear if any of them contacted them after last Friday when it shifted gears on refunds.
Others went much further. Billboard first reported on a class-action lawsuit filed in the US District Court for the Southern District of New York on May 28. The suit accuses Spotify of misleading Car Thing customers by selling a $90 product that would soon be obsolete without offering refunds, which sounds like a fair enough point. It’s worth noting that, according to Spotify, it began offering the refunds last week, while the lawsuit was only filed on Tuesday. If the company’s statement about refunds starting on May 24 is accurate, the refunds aren’t a direct response to the legal action. (Although it’s possible the company began offering them in anticipation of lawsuits.)Editor’s note: As a disgruntled Car Thing owner myself, I can confirm that Spotify is approving refund requests. You’ll just have to play the waiting game to get through to a Spotify Advisor and their “team” that approves these requests. You may have better luck emailing customer service directly at support@spotify.com.
Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware or by purchasing them on online crime forums.
