Do you know exactly how much of your data is being collected, by whom, and for what purposes? Our data protection experts examine how modern communication methods could put you at risk when chatting to friends, families, colleagues and services.
Many businesses record telephone conversations as part of their standard monitoring and improvement practices. We have a right to expect that these audio files are kept safe, but this isn’t always happening, and the consequences could prove devastating.
For example, in March 2020, 118118 Money informed customers that criminals had accessed its network and obtained call recordings made to its customer service line. Following this breach, we spoke to someone who had shared sensitive bank info with 118118 Money over the phone. Another person told us that fraudsters took cash out of her credit card account around the time of the breach.
In another data privacy violation, Teletext, the trading name for package holiday firm Truly Travel, left 212,000 customer call recordings unprotected on a server for three years. The recordings took place between April and August 2016. Many included details of holiday bookings and exposed postal and email addresses, phone numbers and customer dates of birth. The damage that cybercriminals could cause with this information should not be underestimated.
The data held on our phones needs to be protected. Especially when you consider that today, our phones often know more about us than our friends and family. However, the tech giants have previously admitted to harvesting the data on our devices.
For example, Google used cookies on Apple’s Safari web browser to collect data about its users between 2011 and 2012. The data included info about racial and ethnic origin, physical and mental health, political affiliations and opinions, sexuality and sexual interests, and social class. It is alleged that Google then used this information to sell a targeted advertising service.
Most of us know to be careful about the things we post on social media, but did you know that your private conversations might not be as confidential as you think?
In 2019, Facebook admitted that it had been listening in on some users’ conversations. These messages were audio communications that users exchanged via its Messenger app. In its defence, the social media giant said that all the other tech companies were doing it too. And this certainly appears to be the case with Amazon, Apple, Google, and Microsoft all capturing and listening to audio from user devices.
In 2019, hackers claimed that they were able to crack WhatsApp’s encryption to access user messages. They also said that they could manipulate the content of a message and change the sender’s identity. Facebook (which owns WhatsApp Inc) denied the vulnerability. But, when it comes to sharing sensitive data over messaging apps, we would always advise caution.
More recently, WhatsApp accused an Israeli spyware firm of helping to hack the messages of more than a thousand users. It is thought that the hack was used to spy on senior government officials, journalists, and human rights activists. Assaf Dahan, Head of Threat Research at Cybereason, said that “Potentially any WhatsApp user can be vulnerable to this attack.” And he added that the hack “does not require any interaction from the user, and therefore is very difficult if not impossible to avoid”.
As well as hackers, the government is also keen to get access to our private messages. In fact, the current Home Secretary Priti Patel has said that the government should be allowed to read people’s WhatsApp messages to tackle crime. However, introducing laws to build back doors into end-to-end encrypted messaging services could make data security less safe.
Robert Hannigan, a former head of GCHQ, has said previously that such moves would amount to “weakening security for everybody to tackle a minority”. He added, “Encryption is an overwhelmingly good thing – it keeps us all safe and secure”.
Video conferencing app Zoom found itself involved in a significant data breach after a privacy violation resulted in half a million users’ credentials being sold or given away on the dark web. In this case, cybercriminals took advantage of a surge in the apps used during the coronavirus pandemic. The breach exposed email addresses, passwords, meeting URLs and host keys were found – many of which were put up for sale on forums on the dark web.
A report revealed that Microsoft contractors were listening to some Skype calls. These calls included intimate conversations about weight loss, personal issues, and relationship problems. Also, the source claimed that some of the things heard could “clearly be described as phone sex.”
Many services such as Skype do warn users that they analyse audio to improve their service. But often, they do not specify that this is done by humans listening in on conversations.
Our world is changing, and technology is here to stay, and using smart devices and communication apps can deliver enormous benefits. But when signing up for any new service, it is vital to check the small print and understand how your data is being used. And, before you agree to any phone-based/online services (including apps), you should always check the privacy settings.
In our regular update, we provide a roundup of some of the data breaches and… Read More
We have launched a group action against MOVEit/Zellis. Group actions can be a powerful tool… Read More
The number of organisations affected by the MoveIt Data Breach is still rising, despite the… Read More
We have launched a group action against 23andMe. Group actions can be a powerful tool… Read More
The Information Commissioner’s Office (ICO) has launched a joint investigation into the 23andMe data breach… Read More
We have launched a group action against Capita. Group actions can be a powerful tool… Read More