You've heard people like me recommend this for years. It's time to just do it: freeze your credit report. There are really no downsides at this point. For example, it's now free everywhere in the US, by law. It's also free to temporarily "thaw" your credit. And it's gotten a lot easier to do, too. Freezing your credit is your main defense against financial identity theft. And with the sheer number of data breaches (like the recent massive AT&T leak), the personal information needed to commit identity theft is out there already.

In other news: AT&T now says 51 million past and current customers' data were leaked; beware of a new password reset 'bomb' campaign; Microsoft is using Outlook to harvest and share your data; a new email scam alters their content after forwarding; a devious and devastating supply chain attack was thwarted in the nick of time; AI organizations are using sneaky techniques to train their models on your data; Meta is lacing its apps with AI, and there's not much you can do about it; LG TVs are hacked; Roku is breached again, this time affecting over 500,000 accounts; Twitter/X looking to charge new users a small fee to try to curb bot accounts; DuckDuckGo unveils trio of new for-pay privacy services; Google launches their own Find My network; and various US government agencies, lacking a real privacy law, attempt to curb privacy abuses using existing powers.

Article Links

[BleepingComputer] AT&T now says data breach impacted 51 million customers https://www.bleepingcomputer.com/news/security/att-now-says-data-breach-impacted-51-million-customers/

[AppleInsider] If you're getting dozens of password reset notifications, you're being attacked https://appleinsider.com/articles/24/03/27/if-youre-getting-dozens-of-password-reset-notifications-youre-being-attacked

[proton.me] Outlook is Microsoft’s new data collection service https://proton.me/blog/outlook-is-microsofts-new-data-collection-service

[Lutra Security] Kobold letters https://lutrasecurity.com/en/articles/kobold-letters/

[Schneier Blog] Backdoor in XZ Utils That Almost Happened https://www.schneier.com/blog/archives/2024/04/backdoor-in-xz-utils-that-almost-happened.html

[Engadget] OpenAI and Google reportedly used transcriptions of YouTube videos to train their AI models https://www.engadget.com/openai-and-google-reportedly-used-transcriptions-of-youtube-videos-to-train-their-ai-models-163531073.html

[Lifehacker] How to Turn Off Meta AI on Facebook, Instagram, Messenger, and WhatsApp https://lifehacker.com/tech/how-to-turn-off-meta-ai-on-facebook-instagram-messenger-whatsapp

[bitdefender.com] Vulnerabilities Identified in LG WebOS https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/

[Lifehacker] Roku Says More Than 500,000 Accounts Were Compromised in a Cyberattack https://lifehacker.com/tech/roku-cyberattack-compromises-accounts

[MacRumors] X May Charge New Users a 'Small Fee' to Post, Like and Reply https://www.macrumors.com/2024/04/15/x-small-fee-new-users/

[WIRED] DuckDuckGo Is Taking Its Privacy Fight to Data Brokers https://www.wired.com/story/duckduckgo-vpn-data-removal-tool-privacy-pro/

[MacRumors] Google Launches Android Find My Device Network https://www.macrumors.com/2024/04/08/google-android-find-my-device-network-2/

[ftc.gov] Proposed FTC Order will Prohibit Telehealth Firm from Using or Disclosing Sensitive Data for Advertising Purposes https://www.ftc.gov/news-events/news/press-releases/2024/04/proposed-ftc-order-will-prohibit-telehealth-firm-cerebral-using-or-disclosing-sensitive-data

[The Verge] The CFPB wants to rein in data brokers https://www.theverge.com/2024/4/15/24131354/cfpb-data-brokers-fair-credit-reporting-act

[therecord.media] Automakers and FCC square off over potential regulations for connected cars https://therecord.media/fcc-automakers-connected-cars-regulation-mvnos

Tip of the Week: https://firewallsdontstopdragons.