IT News

People that predict tomorrow’s weather by looking at today’s are often right. Cloudy today? It’ll probably be cloudy tomorrow. The same is often true for cybersecurity threats. Looking back at 2021 it looks a lot like 2020: A lot of ransomware attacks.

So, when I was asked to write about the three most significant cyber-attacks of 2021, it was no real surprise that my thoughts turned to ransomware attacks.

But what made these three stand out from the other attacks this year, and from many we’ve seen before, were not the direct consequences for the targeted systems, or even the people in the organizations that were attacked, but the consequences for people far beyond those organizations.

The three I’ve chosen are:

• The Conti ransomware attack on Ireland’s Health Service Executive
• The REvil ransomware attack on Kaseya VSA
• The Darkside ransomware attack on the USA’s Colonial Pipeline

Let me explain why I chose these three from the multitude of ransomware attacks we went through in 2021.

The human cost of a ransomware attack

On May 14, Ireland’s Health Service Executive (HSE) was paralyzed by a cyberattack which turned out to be Conti Ransomware. The attack forced the organization to shut down more than 80,000 affected endpoints and plunged it back into the age of pen and paper.

Our colleague, Mark Stockley interviewed a doctor working in one of the affected hospitals.

Because of the ransomware attack, the doctor had to put in hours of extra effort after his day’s work just to determine which of the next day’s appointments he would have to cancel for lack of information. And then he could expect to deal with those anguished, sometimes angry patients, when he told them their appointment cannot go ahead.

“Imagine the scenario,” he said. “Patients will wait literally two years to see us. After two years they get a call saying ‘I’m sorry I can’t see you and I have to reschedule you and I can’t say when, because of the ransomware’. They know it’s not my fault but they are upset and very annoyed.” The doctor’s understatement kicks in. “They teach us ways to speak to angry patients, but it’s not nice.”

Asked what he would say to the attackers if he could speak to them , he responded with:

“If your loved one was sick. Would you do this? If you had somebody you cared about, would you do this to them. That’s what I’d ask them.”

“I think they lost their humanity.”

Four months later, after drafting in the army to help restore its systems, and after cancelling tens of thousands of appointments, HSE was still not fully recovered.

The ultimate supply-chain attack

On July 2, a severe ransomware attack against the popular remote monitoring and management software tool Kaseya VSA forced Kaseya into offering this urgent advice to its customers: Shutdown VSA servers immediately.

Members of the REvil ransomware gang had managed to push out a malicious Kaseya VSA update that encrypted machines and networks running the highly privileged software. The impact of the attack was enormous. Kaseya VSA is one of the more popular remote monitoring and management tools used by Managed Service Providers (MSPs) to administer their customers’ systems. The MSPs that were hit by the attack saw not only their own systems encrypted, but also the systems of their customers too.

An attack on one organization quickly became an attack on thousands.

The attack hit at a painful point in time for the Dutch Institute for Vulnerability Disclosure (DIVD), a volunteer-run organization that found a remote code execution flaw in Kaseya VSA on April 1, 2021. It was working with Kaseya to patch the VSA vulnerabilities for months prior to the attack. It took Kaseya quite a lot of effort and time, and more and more expertise to get the right patch out—to get it tested, to get it through quality assurance. And then, disaster struck just before the patches went out.

Only rarely do companies allow us a look inside their organization while they are recovering from a ransomware attack. Many find it more convenient to keep a low profile or to be secretive. We went over the work that had to be done by a Dutch MSP to repair the damage done by this attack. Doing this provided us with some valuable insights.

And our colleague David Ruiz talked to Victor Gevers, chair of the DIVD, on an episode of Malwarebytes’ Lock and Code podcast, about the ransomware attack that his organization was racing to prevent.

Gevers’ damning verdict on the current state of software: “The quality of products that are online and are exposed to the Internet are not up to par for the current situation that we are in and this is going to screw us over in the long term.”

Vital infrastructure is called vital for a reason

On May 10 the FBI confirmed that the Colonial Pipeline had been attacked by Darkside ransomware. The pipeline exists to supply gasoline and other products across the southern and eastern United States. It is the largest of its kind in the US, reportedly transporting almost half of the fuel consumed by the east coast. The US government declared an emergency and brought in emergency powers to ensure people would still be supplied with fuel.

The attack spurred new rules for critical infrastructure that represent a tidal shift in how the Transportation Security Administration (TSA) has protected pipeline security in the country for more than a decade. But it also made clear that the federal government is no longer satisfied with private industry’s lagging cybersecurity protections. President Joe Biden signed an Executive Order to place new restrictions on software companies that sell their products to the federal government.

A spokeswoman for the National Security Council explained at the time the importance of a requirement, that contractors would only gain access to federal systems on a “need-to-know” basis. Further, contractors would also have to notify government customers of any breach, bringing new transparency to the government about ongoing and increasingly frequent cybercrimes.

One other remarkable aspect of this attack that led to an 11-day shutdown and gas shortages in the eastern US, is that the US Department of Justice recovered much of the ransomware payment.

Ransom payments are the fuel that propels the digital extortion engine, and the recovery of the payment marked something of a turning point in the year. Ransomware attacks continued, but life became more uncomfortable for the gangs involved.

In August, we welcomed Lesley Carhart to the Lock and Code podcast to talk about critical infrastructure cybersecurity. Surprisingly, she managed to reassure us that while there are improvements to be made to critical infrastructure security, it’s not nearly as bad as some people think.

Have a safe 2022, everyone!

The post The three most significant cyberattacks of 2021? appeared first on Malwarebytes Labs.

Last week on Malwarebytes Labs:

• When a deepfake “empire” continues to grow
• Everything you always wanted to know about NFTs (but were too afraid to ask): Lock and Code S02E24
• Police forces pipe 225 million pwned passwords into ‘Have I Been Pwned?’
• Logistics giant warns of scams following ransomware attack
• FBI traces and grabs back $150 million theft that was turned into bitcoins
• Dridex affiliate dresses up as Scrooge

Stay safe, everyone!

The post A week in security (Dec 20 – 26) appeared first on Malwarebytes Labs.

German logistics giant Hellmann Worldwide Logistics has issued a warning that data was stolen from the company when it was hit with a ransomware attack on December 9, 2021. It is not entirely clear what type of data was extracted, but the company says it is warning partners and customers to double check their communications with it, as a precaution. Criminals could use the leaked data to make social engineering attacks more believable, so Hellmann is asking people that do business with it to look out for fraudulent mails and calls.

…the forensic investigation has meanwhile confirmed that data was extracted from our servers before our systems were taken offline on December 9. We are currently investigating what type of data was extracted and will proactively provide further information as soon as possible. We are in regular contact with relevant government authorities.

Please note that the number of so-called fraudulent calls and mails has generally increased. Whilst communication with Hellmann staff via email and telephone remains safe (inbound and outbound), please make sure that you are actually communicating with a Hellmann employee and beware of fraudulent mails/ calls from suspicious sources, in particular regarding payment transfers, change bank account details or the like.

Hellmann is one of the largest international logistics providers. Founded in 1871, it handles 16 million shipments per year by air, sea, road, and rail, and is active in 173 countries.

Stolen data

On December 9 it became obvious that there were problems at Hellmann Worldwide Logistics.

By the time the firm’s IT team responded, the threat actors had already exfiltrated sensitive files from the compromised servers. Many ransomware operators use the threat of leaking stolen data for extra leverage during the ransom negotiation stage. While companies can use backups to recover from data encryption without paying the ransom, they can’t use them to contain leaks.

And indeed, when the negotiations between Hellmann and the threat actor fell apart, the RansomExx group published some 70 GB of stolen documents on its leak site. The data reportedly included business agreements, intra-company emails, and more.

Free to download

The stolen data can be downloaded by anyone, including other criminals, who may use it to add insider knowledge to business email compromise (BEC) attacks and phishing attempts, to give them more credibility.

RansomExx

While RansomExx is not one of the ransomware operators that you see in the news often, they do have a reputation for going after big targets. In the past the group has attacked Konica Minolta, Gigabyte, and the Lazio region in Italy (including its COVID-19 vaccination registration portal).

The RansomExx ransomware is a rebranded Defray777 ransomware, which has become a lot more active since June 2020. The ransomware itself is highly targeted. Each sample contains a hardcoded name of the victim organization.

The group uses different methods to gain entry into a target’s network. In earlier cases the threat actors established an initial foothold through common banking trojans such as IcedID or Trickbot. From there, they deployed the Vatet loader, the PyXie RAT, and Cobalt Strike, before executing the ransomware entirely in memory.

And, similar to other ransomware operations, RansomEXX has also been known to breach networks using vulnerabilities or stolen credentials.

In February, the group was found abusing vulnerabilities in the VMWare ESXi product, allowing them to take over virtual machines deployed in enterprise environments and encrypt their virtual hard drives. Malwarebytes blocks RansomExx as Malware.Ransom.Agent.Generic.

Stay safe, everyone!

The post Logistics giant warns of scams following ransomware attack appeared first on Malwarebytes Labs.

On December 1, 2021, the Tokyo police arrested an employee of Sony Life Insurance on suspicion of fraudulently obtaining 17 billion yen through an illegal money transfer from an overseas unit.

On the same day 3,879 bitcoins, worth about $150 million, were seized by law enforcement, and on the December 20 the US government took action in federal court to return it back to Sony.

The theft

The funds were embezzled by Sony employee Rei Ishii, who pretending to conduct a legal fund transfer in May 2021. He allegedly transferred the money from SA Reinsurance Ltd’s bank account to a different bank account overseas, by falsifying transaction instructions, which caused the funds to be transferred to an account that Ishii controlled at a bank in La Jolla, California. He then quickly converted the funds to bitcoins, as criminals do.

Although Sony had a double authentication process set up for international money transfers, requiring both Ishii and his supervisor to sign them off, Ishii is said to have instructed the company’s bank to change the contact email address for his boss, which enabled him to initiate and sign-off money transfers.

Sony Life Insurance discovered the unapproved money transfer in August, and US law enforcement were able to trace the bitcoin transfers to a specific Bitcoin address, and then to an offline cryptocurrency cold wallet.

The recovery

The FBI—in cooperation with Japan’s National Police Agency, the Tokyo Metropolitan Police Department, Tokyo District Public Prosecutors Office, the Japan Prosecutors unit on Emerging Crimes (JPEC), and with assistance from Sony and Citibank—then obtained the private key needed to control the Bitcoin address. This allowed them to recover all the bitcoins that could be traced back to the theft.

An FBI press release on the matter spells out how long the long arm of the law is when agencies in different countries cooperate:

Second, the FBI’s footprint internationally through our Legal Attaché offices and the pre-existing relationships we have established in foreign countries—in this instance with Japan—enabled law enforcement to coordinate and identify the subject. The FBI’s technical expertise was able to trace the money to the subject’s crypto wallet and seize those funds … Criminals should take note: You cannot rely on cryptocurrency to hide your ill-gotten gains from law enforcement.

The end?

The FBI intends to return the stolen funds to the victim, and Ishii has been charged in Japan. However, the FBI continues to investigate the crime. The Major Frauds and Public Corruption Section and Asset Recovery Section of the US Attorney’s Office for the Southern District of California is handling the proceedings, with significant assistance from the Department of Justice Criminal Division’s Money Laundering and Asset Recovery Section and Computer Crime and Intellectual Property Section.

The post FBI traces and grabs back $150 million theft that was turned into bitcoins appeared first on Malwarebytes Labs.

Threat actors are hoping to catch a few more victims before they leave work for the Christmas holidays. The recent malicious spam campaigns (malspam) we and others have observed appear to have been created by someone who wants to play Scrooge and add onto people’s already heightened state of anxiety.

The lures are particularly mean playing on people’s fears for job security and Covid infections. Unsuspecting users will open those attachments and get infected with Dridex a multi-purpose loader that can drop additional payloads, including ransomware.

Dark lures

An email captured by TheAnalyst shows fake termination letters being sent out by a Dridex affiliate. What kind of employer would terminate someone on Christmas eve?

We’ve also seen similar morbid subjects using the latest Covid variant, Omicron, likely from the same threat actor.

The email claims that 80% of the company’s employees have tested positive for Omicron and that you were a close contact. Opening at the so-called test results in the attached document delivers malware.

Maldoc leads to Dridex

The Excel document is password protected in order to prevent sandboxes from analyzing and flagging it as malicious. In fact, it also requires user interaction to click on a pop-up dialog in order to run the macro.

It drops a .rtf file into %programdata% and executes via mshta.exe:

This is used to download the actual payload, hosted on a Discord server.

This binary belongs to the Dridex malware family:

Malwarebytes customers are protected against this attack thanks to our Anti-Exploit layer which automatically closes the malicious attachment before it can deliver its payload.

As always, we recommend users to stay particularly vigilant when opening emails, especially if those sound urgent and require immediate attention. When in doubt, it is best to contact your IT or HR department to ask for more information and confirm whether the email is legitimate.

Indicators of compromise

Malicious documents

Dridex payloads

Network IOCs

cdn[.]discordapp[.]com/attachments/914830201811238985/923509961307357205/cPRBQdzjCbfmuhammadismyfriend.bin

The post Dridex affiliate dresses up as Scrooge appeared first on Malwarebytes Labs.

On his blog, Troy Hunt has announced a major milestone in the ‘Have I Been Pwned?’ project, thanks to the contributions of two of the world’s foremost law enforcement agencies, the FBI and the NCA (the UK equivalent of the FBI, the National Crime Agency).

This enormous injection of used passwords has puffed up the world’s largest publicly available password database by 38%, according to Hunt.

‘Have I Been Pwned?’

‘Have I Been Pwned?’ (HIBP) allows users to type in an email address, phone number or password and find out how many times they’ve been involved in a data breach. So, if HIBP says your email address was involved in the great big LinkedIn breach of 2012, the Canva breach of 2019, or any other notable episode of credential theft, you know to change your passwords on those systems, and not use them anywhere else. If it says a password you use has breached, you know to never use it again.

In recent years, HIBP has been integrated with a number of third-party systems like password managers and web browsers, so they can alert users immediately if they attempt to use a credential that might already be in the hands of cybercriminals.

The site has been around for almost a decade, and through the years it has proven itself to be an extremely useful tool for everyday Internet users, governments, and organizations alike. The project is run by Troy Hunt with support from the community. The model he uses makes sure that privacy is maintained and passwords can safely be checked without any risk of disclosure. And it’s extremely well used. To give you some perspective, in the last month, there were 1,260,000,000 occasions where a service somewhere checked a password against HIBP’s Pwned Password API.

Hunt says the system stores minimal information about each user, and it only stores SHA-1 hashes of passwords (because you can generate a hash from a password, but you can’t generate a password from a hash). If you enter a password to see if it’s been pwned, it’s immediately turned into a SHA-1 hash and checked against the database.

Police pipeline

In May of 2021, Hunt announced that the FBI had reached out to him and discussed what it might look like if the FBI were to feed compromised passwords into HIBP and surface them via the Pwned Passwords feature.

Over the last few months the HIBP project has been revamped to allow data be fed into the system as they are made available by law enforcement. This new pipeline enables the ingestion of passwords from law enforcement agencies, like the FBI and the NCA.

The NCA contribution has been enormous. At some point the NCA indicated it had hundreds of millions of passwords it believed weren’t already in the Pwned Passwords store of 613 million password hashes. After cross-checking, 225,665,425 turned out to be brand new. Adding them has inflated the total Pwned Passwords count to 847,223,402.

Have you been pwned?

While it is useful to know whether your personal details or credentials have been leaked, it is much more important to act on the information. So, what do you do now, knowing that your account might have been compromised?

For starters, change your password. Your new password needs to be hard to guess, and the best way to ensure that is to let a password manager do it for you. If you’re doing it yourself, pick something that is hard to guess: Avoid individual words, and avoid passwords that look like words with a few numb3r5 sprinkled in them. Instead, go for lengthy pass phrases or long, meaningless combinations of letters, numbers, and other characters.

Lastly, use two-factor authentication (2FA) to add a layer of protection to your accounts. We strongly suggest using a hardware key like a YubiKey. The next best option is a one-time password (OTP) app like Google Authenticator. Take note that some big-name companies like Facebook have already started giving their users the option to use a hardware key. So if you want to do that, check if your online service provider offers it, too, and take advantage of it.

Stay safe!

The post Police forces pipe 225 million pwned passwords into ‘Have I Been Pwned?’ appeared first on Malwarebytes Labs.

Last week on Malwarebytes Labs:

• Spear phish, whale phish, regular phish: What’s the difference?
• Kronos crippled by ransomware, service may be out for weeks
• 5 security lessons from 18 months of working from home
• What SMBs can do to protect against Log4Shell attacks
• After Log4j, December’s Patch Tuesday has snuck up on us
• Grindr fined for selling user data to advertisers

Stay safe!

The post A week in security (Dec 13 – 19) appeared first on Malwarebytes Labs.

I’ve been quite vocal on the impact of deepfakes, in terms of where the most harm takes place. Back in 2019, we looked at malign interference campaigns. I took the line that, other than revenge porn, this was where deepfakes were likely to have the most influence. Although people keep talking about major election interference, nothing of significance ever happens. Indeed, election fakes tend to be pretty bad.

Meanwhile, in smaller scale but significantly more personal cases, horrible fakes of teenagers were the order of the day. When you make fakery easily available to all on DIY mobile apps, the results are inevitable: People are going to be awful to one another. Deepfake shenanigans are primarily all about mass producing harmful fake porn of individuals without consent.

On that subject specifically, there’s news of yet another site offering easy DIY deepfake porn.

The beginnings of a Deepfake empire?

The unnamed site in question uses AI to generate nude images of women. Sites in the past along these lines have tended to operate in isolation. This time, the site is using “partner agreements” and referral systems to generate look-alike services. If one site goes down, others are ready and waiting to take its place.

Researchers claim the images are “hyper realistic” and are able to generate nude / pornographic imagery even if the photo submitted contains fully clothed individuals. Site operators say they’re building a decentralised model to help ward off the threat of takedowns while raking in the cash. Wired reports up to 50 million visits between January and October of 2021. One day alone apparently saw hundreds of thousands of image uploads run through the fakery tool. These are big numbers, with big money implications.

Reactive measures

When action started to be taken against the main site with payment accounts suspended and hosting removed, numbers fell, which seems to have kickstarted the partner program drive. Wired states that a spin-off site operator claims to be paying about $500 to the main site in return for being able to generate up to 10,000 naked edits.

With the traffic numbers these sites are doing, many would view $500 as a small outlay to generate so many fakes. The spin-off sites funnel image creators down the payment route after allowing visitors to generate some free images initially. It’s a guaranteed money spinner, and fake DIY sites aren’t exactly difficult to find online. As many sites and creators go off and promote their content on social media, it’s becoming increasingly easier to find dubious services along these lines and make use of them.

Where does the deepfake harm lie?

The majority of non-consensual deepfake imagery targets women, and always has done. For every vaguely humorous fake of Tom Cruise being Tom Cruise, there’s a significant amount more women placed into content they want no part of. Laws continue to struggle with dealing with the problem. With anonymous creators generating thousands of images on the fly in other jurisdictions, it’s an uphill struggle to take the reins on the situation.

The genie’s bottle: broken

Deepfakes appear to be seeping into most aspects of technological life. Witness someone resurrect their father, then be utterly mortified by what they’ve done. You’ve got those who continue to talk about the risk it poses to business. Elsewhere, the tattered remnants of “deepfakes could derail the US elections” continue to burn out quietly in the corner.

For most everyone else, though, the only real probable harm is from what pretty much kicked things into the mainstream arena in the first place: Pornographic images created without permission. I’m willing to bet that’s going to be the biggest issue for a long time to come.

The post When a deepfake “empire” continues to grow appeared first on Malwarebytes Labs.

In August, the NFT for a cartoon rock sold for $1.3 million, and ever since then, much of the world has been asking: What the heck is going on?

NFTs, or non-fungible tokens, have skyrocketed in popularity this year, with the NFTs for several artworks selling for more than $2 million each; the most expensive sale being that of the NFT for the piece “Everydays: The First 5,000 Days,” which sold for $69 million. Many celebrities, including Jay-Z, Steph Curry, Elijah Wood, Reese Witherspoon, and Lindsay Lohan have either purchased, sold, or expressed interest in NFTs, as well.

But just what exactly is an NFT, and when people buy an NFT associated with a piece of art, do they also buy that artwork itself?

Not exactly, as we explain in today’s episode of Lock and Code, with host David Ruiz. An NFT is not the artwork itself, but rather a way to prove that the artwork in question is owned by the NFT’s purchaser. Think of it as a car title—it’s a way to prove that something you say is yours is actually yours. But with a car title, it’s hard to imagine someone purchasing just the slip of paper and not also wanting access to the car. After all, what good is ownership of a thing if you can’t do anything with it?

To answer this and many, many other questions about NFTs, we spoke to three experts on three separate NFT topics: The basics of NFTs and the cryptocurrency-related technology behind them, the implied value of NFTs and why people are paying so much money for them, and the future of NFT’s both within the art world and beyond it.

As to why NFTs are demanding such high prices for such basic art? According to our guest Lucas Matney, a writer for TechCrunch who covers NFTs, it’s that owning a small digital image isn’t just about being able to display it on, say, a Twitter profile. Instead, it’s also about being part of something potentially bigger.

“The idea of ownership is more about it being an investment in something that is, you know, provably yours, you know, that’s how NFTs work, but it’s more about it being kind of a share of a larger product.”

Lucas Matney, TechCrunch

As to whether or not NFTs are a safe or smart investment vehicle? Well, you’ll have to listen to our full episode to learn more.

You can also find us on Apple Podcasts, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.

The post Everything you always wanted to know about NFTs (but were too afraid to ask): Lock and Code S02E24 appeared first on Malwarebytes Labs.

Dating network Grindr has been slapped with a US$7.7 million fine by Norwegian regulator Datatilsynet for sharing data with advertisers.

Grindr—which call itself the world’s largest social networking app for gay, bi, trans, and queer people—sold data which includes GPS, IP address, age, and gender.

No consent, no app

The Norwegian Data Protection Authority (Datatilsynet), ruled that the way in which Grindr collected user consent did not meet with the regulations stipulated in the EU GDPR. And, as such, the disclosure of personal data was in breach of the Privacy Ordinance.

Users had to accept the privacy statement in its entirety to use the app, and they were not specifically asked if they would consent to disclosure to third parties for marketing purposes. In addition, information about the disclosure of personal information was not clear or accessible enough to users.

The fine covers the period from July 2018, when the “Law on the Processing of Personal Data (Personal Data Act)” was established, until April 2020, when Grindr changed the consent solution. Whether Grindr’s current consent solution meets with the legal demands has not been established yet.

Shared data

Grindr disclosed information about a user’s GPS location, IP address, mobile phone advertising ID, age and gender to several third parties for marketing purposes. With this information, users could be identified, and third parties could potentially share this data further.

According to GDPR, the personal data that companies must protect includes any information that can “directly or indirectly” identify a person—or subject—to whom the data belongs or describes. Included are names, identification numbers, location data, online identifiers like screen names or account names, and even characteristics that describe the “physical, physiological, genetic, mental, commercial, cultural, or social identity of a person.”

The authority emphasized that the information that a person is a Grindr user establishes a special category of personal information, because it strongly indicates that they belong to a sexual minority. Information about someone’s sexual orientation has a special protection in the Privacy Ordinance. And since the consent Grindr collected was invalid, Grindr was not legally entitled to share such information.

It is customary in dating apps to be very careful about the information you share. Many users choose not to enter their full name or upload photos of their face so that they can be discreet. Nevertheless, identifiable information about them and their use of Grindr was passed on to an unknown number of companies for marketing purposes.

High fine

Datatilsynet initially fined Grindr around US$12.2 million following an initial ruling in January 2021, but later revised this amount down to 7.7 million, after reviewing Grindr’s turnover figures. Nevertheless, this is the highest fee to date from the Norwegian Data Protection Authority.

Despite reconsidering the amount, Norway considers the offence by Grindr to be “grave” – most likely because the data collected, including gender, falls under the GDPR rules. According to Datatilsynet:

“Because thousands of users in Norway have had their personal information illegally disclosed for Grindr’s commercial interests, including location data and that they are Grindr users. Business models based on behavior-based marketing are common in the digital economy, and it is important that the infringement fee for offenses acts as a deterrent and contributes to compliance with the privacy regulations.“

Grindr has not responded to the fine and now has three weeks to appeal the verdict. The app has previously confirmed that the fined offenses were committed before April 2020, when its terms of use were updated.

Previous concerns

It is not the first time Grindr has raised privacy concerns. Earlier action against the app was sparked by an NPR news report exposing Grindr’s practice of sharing the most personal and sensitive information of its users with third-party analytics firms, without their informed consent. That data included personally identifiable and sensitive user information such as HIV status, email address, telephone number, precise geolocation, sexuality, relationship status, ethnicity and “last HIV tested date.”

The post Grindr fined for selling user data to advertisers appeared first on Malwarebytes Labs.