3 Interesting Articles

TikTok Fined $370 Million for Mishandling Child Data
NYTimes ($): The European Union fined TikTok approximately $370 million for failing to adequately protect the personal data of young users. The fine was issued by Ireland’s Data Protection Commission and is the first of its kind against TikTok by the 27-nation bloc. The decision underscores growing concerns from parents, policymakers, and regulators about TikTok’s data collection practices and its impact on young people’s mental health. Additionally, the regulators highlighted that TikTok’s default settings made content from young users public, potentially exposing sensitive information. The company defended itself by stating they had already updated relevant policies in 2021, but the fine suggests regulators remain concerned about its commitment to user privacy.

Okta Agent Involved in MGM Resorts Breach, Attackers Claim
Dark Reading: The ransomware group ALPHV claimed responsibility for recent cyberattacks on MGM Resorts and Caesars Entertainment, stating they breached MGM through its Okta platform. After compromising Okta, the group launched ransomware attacks on over 1,000 ESXi hypervisors and threatened further actions if MGM did not negotiate financially. Okta’s chief security officer confirmed that the attack had a social engineering component but was largely sophisticated. The company had previously issued an August alert warning of the potential for such attacks. Experts warn that this could be the beginning of a new wave of attacks targeting high-privilege users.

Microsoft AI researchers accidentally exposed terabytes of internal sensitive data
Tech Crunch: Microsoft’s AI research team inadvertently exposed tens of terabytes of sensitive data, including private keys and passwords, when they published a storage bucket of open-source training data on GitHub. Cloud security startup Wiz discovered that a GitHub repository from Microsoft’s AI division exposed data from an Azure Storage URL, which mistakenly granted permissions to the entire storage account. The exposed data, available since 2020, included backups from two Microsoft employees’ personal computers, Microsoft service passwords, secret keys, and over 30,000 internal Microsoft Teams messages. After being notified by Wiz, Microsoft revoked the access token and later confirmed that no customer data was compromised. As a preventative measure, Microsoft has expanded GitHub’s secret scanning service to monitor for similar exposures.

2 Stats You Should Know

The average security team is responsible for 393,419 assets & attributes. (source)

Cyber events lead to an average 7.5% stock price drop and a $5.4 billion market cap reduction for publicly-traded firms, with a recovery span of 46 days, if at all. (source)

1 More Thing