At a glance.

  • Falling stolen data prices could mean an increase in transactions.
  • Google faces onslaught of complaints regarding user data collection.
  • US unemployment claim website down after malware attack.

Falling stolen data prices could mean an increase in transactions.

Privacy Affairs offers an overview of recent trends in the stolen data market on the dark web. Analyzing product prices and availability of stolen data during the period of February 2021 to June 2022, researchers found that overall the data market increased in total volume and product variety, and accordingly, as supply increased, prices fell. Over nine-thousand active vendors peddling fake IDs and credit cards reported several thousands of transactions, a marked increase over last year. New items being sold included hacked cryptocurrency accounts and credentials for web services like Uber. White House Market was the leading trading post, but closed in October with little explanation, and a clear frontrunner has not yet emerged. Monero cryptocurrency replaced Bitcoin as the payment method of choice. Competing marketplaces were found to be using traditional marketing methods like buy-one-get-one discounts, coupons, and product reviews to edge out the competition. 

Google faces onslaught of complaints regarding user data collection.

EU consumer rights groups are filing complaints against Google alleging the company is violating the General Data Protection Regulation by using deceptive methods to compel users to agree to the release of their data for advertising purposes. While Google requires consent before accessing user data, the complaints claim Google makes it too easy for users to share their personal data when creating an account, while making it far more difficult to opt out. The complainants also say Google lacks transparency when it comes to explaining how the company uses that personal data: “Regardless of the path the consumer chooses, Google’s data processing is un-transparent and unfair, with consumers’ personal data being used for purposes which are vague and far reaching.”

TechCrunch reports that the complaints are being coordinated by the European Consumer Organisation, or BEUC, and claims have been filed with data protection agencies across EU member organizations in France, the Czech Republic, Norway, Greece, and Slovenia. Ursula Pachl, deputy DG of BEUC, explains, “It takes one simple step to let Google monitor and exploit everything you do. If you want to benefit from privacy-friendly settings, you must navigate through a longer process and a mix of unclear and misleading options. In short, when you create a Google account, you are subjected to surveillance by design and by default.” The Wall Street Journal reports that a coalition of US tech and consumer groups also plan to submit a letter to the Federal Trade Commission (FTC) stating that Google’s data sharing processes likely violate the FTC Act, which empowers the agency to prevent deceptive practices that harm consumers. 

In response to the complaints, a Google spokesperson stated, “We know that consumer trust depends on honesty and transparency — which is why we’ve staked our future success on building ever simpler, more accessible controls and giving people clearer choices. And, just as important, doing more with less data. We welcome the opportunity to engage on this important topic with Europe’s consumer advocates and regulators. People should be able to understand how data is generated from their use of internet services. If they don’t like it, they should be able to do something about it.”

US unemployment claim website down after malware attack.

The Louisiana Workforce Commission (LWC) has confirmed that its HiRE website, which processes unemployment claims, is offline after being impacted by a malware attack. WGNO reports that Louisiana isn’t the only state affected; forty other states (and the District of Columbia) that work with Geographic Solutions (GSI), the company that operates HiRE, have also reported issues. GSI says that despite the attack there was no breach of HiRe users’ personal data. Nonetheless, nearly 11,000 Louisiana residents have been impacted by the site outage. LWC estimates it will take seventy-two hours to restore the website, and payments will be delayed until it’s running again.