Search This Blog

Showing posts with label Third-party breach. Show all posts

Apple warns app developers over screen recording

Apple has given an ultimatum to all its app developers who secretly record the screens of the customers, to quit snooping or get kicked off the Apple store.

The company has taken this decision after TechCrunch reported about the apps like  Expedia, Hollister, and who are using third-party analytics software to record a user's taps and swipes on the screen.

The report also mentioned that none of the apps had prior explicit permission from the users to record screen activity or disclose that their apps use such software.

According to the report, most of these apps are using an analytics tool called Glassbox, which is also known as "session replaying,"  it records all the user's activity and they let snoopers replay how a user interacted with the apps. The tool is completely a violation of Apple's privacy policies.

In a statement, Apple said: “Protecting user privacy is paramount in the Apple ecosystem. Our App Store review guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging or otherwise making a record of user activity. We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary.”

However reacting to the claims,  Glassbox has said that they are not interested in 'spying' on customers, but their goal is to improve the online experiences.

“Since its inception, Glassbox has helped organizations improve millions of customer experiences by providing tools that record and analyze user activity on websites and apps. This information helps companies better understand how consumers are using their services, and where and why they are struggling. We are strong supporters of user privacy and security. Glassbox provides its customers with the tools to mask every element of personal data. We firmly believe that our customers should have clear policies in place so that consumers are aware that their data is being recorded — just as contact centres inform users that their calls are being recorded.”

Over 30 Thousand Patient Records Exposed; Third-Party Breach To Blame

Cyber-cons recently targeted another health target. ‘Managed Health Services of Indiana Health Plan’ in recent times went public regarding the third-party data breach they had gotten imperiled by, which exposed 31,000 patients’ personal details out in the open. 

This breach was the result of one of the two security incidents that the institution had to face.

There are two major healthcare programs, namely, ‘Indiana’s Hoosier Healthwise’, and ‘Hooseir Care Connect Medicaid’ which this organization runs.

The MHS were informed about the breach by one of its vendors. The information was regarding someone having illegitimately gained access to their employees’ email accounts.

Disconcertingly, according to the reports, the unauthorized accessed had occurred between the month of July and September, last year.

During the investigation initiated by the MHS, it was found out that patients’ personal data including their names, insurance ID numbers, dates of birth, dates of services provided and their addresses were all potentially out in the open.

As the investigation unfolded, it was discovered that the incident was caused due to a phishing attack on the vendor’s system.

Rapid steps were taken by the vendor to counter the attack by the aid of a computer forensic company.

Some of the information in the email accounts that were affected was laid out pretty bare to be accessed. The email accounts “hacked” were the main source of information.

The easiest trick to harvesting personal data is performing a phishing attack. The phishing attack anywhere in the entire chain could affect all the people involved.

As a result of the overall effect on the chain, 31,ooo people got affected and had their data exposed and out in the open.

 Reportedly, this has been the 4th in the list of attacks made on the health plans, that too in the last month alone.

It gets evident after such an attack, that the health-care industry exceedingly requires better management and security cyber systems.