Not a Hack - What Exactly Happened with CrowdStrike? Australia's Privacy Commissioner Worried About AI (Issue 34, 2024)
Also - Google Wipes Pension Fund, More GDPR Complaints at Facebook, Slack Enlists Customers In AI Training
We’re delivering you the hottest internet news that affects all of us. Scroll down to read our full reporting below and if you love what we’re doing, please consider contributing $5 per month so that we can continue providing you with this vital, unique reporting.
Talk Liberation is committed to providing equal access for individuals with disabilities. To view an accessible version of this article, click here.
In this edition:
Not a Hack - What Exactly Happened with CrowdStrike?
Google Deletes Private Cloud of AUS Pension Fund; Australia's Privacy Commissioner Worried About AI
Tile Tracking Devices Hacked
NOYB Files GDPR Complaints Against Meta
Slack Opts All Customers into Training Its Own Proprietary AI
Ransomware Disrupts Another Health Care Provider
McDonald’s Ends Use of AI in Drive-Thrus
Courtroom Software Provider Compromised
Not a Hack - What Happened with CrowdStrike?
CrowdStrike is a cybersecurity firm that provides software to many big companies, including banks, hospitals, and airlines, who entrust CrowdStrike to protect them from cyber threats.
Or at least they did - payment systems went down and aircraft were grounded as the company released its latest update on July 18, 2024. The update to Falcon, an AI-powered software scanner, resulted in the largest global IT outage in recent times.
Temporary fixes included rebooting up to 15 times and entering a 48-digit recovery key to unlock Windows. Tech experts have framed the CrowdStrike event as a sign of the times, with the Electronic Frontier Foundation’s Rory Mir saying, “The problem is that we're really stuck in a digital monoculture, where decades of anti-competitive practices [have made] just one system responsible for so much of what we rely on."
Google Deletes AUS Pension Fund; Australia's Privacy Commissioner Worried About AI
According to a joint statement from Google, a “misconfiguration issue” within its cloud platform caused a massive disruption for customers of Australian pension fund Unisuper.
Google Cloud CEO Thomas Kurian blamed “an unprecedented sequence of events” for the inadvertent deletion of UniSuper’s Private Cloud subscription that prevented hundreds of thousands of Australian pensioners from accessing their accounts for days.
Meanwhile, Australia's new privacy commissioner is feeling frustrated as big tech companies push for the urgent rollout of artificial intelligence. Commissioner Carly Kind said she worries about not taking the time to understand AI’s implications and legislate against its misuse.
Tile Tracking Devices Hacked
A hacker breached the systems behind Tile device trackers and stole customer data, including names, addresses, emails, and phone numbers before attempting to extort the company.
The same hacker used login credentials supposedly belonging to a former Tile employee and gained access allowing them to transfer ownership of a Tile tracker, add admin accounts, and send messages to Tile users in addition to exfiltrating the aforementioned customer data.
In a press release, Life360 (parent company of Tile) CEO Chris Hulls claimed that the stolen information did not include precise Tile location data, offering a small silver lining to yet another sensitive data breach.
NOYB Files GDPR Complaints Against Meta
The European Center for Digital Rights, known as NOYB, filed complaints in 11 EU countries to stop Meta's plan to collect users’ data for undefined AI tech that could be shared with third parties. Users may have no option to remove their data once it's in the system.
Included in the filing, NOYB alleges that "Unlike the already problematic situation of companies using certain (public) data to train a specific AI system (e.g. a chatbot), Meta's new privacy policy basically says that the company wants to take all public and non-public user data that it has collected since 2007 and use it for any undefined type of current and future 'artificial intelligence technology.'"
Meta’s response to the complaints has been par for the course according to NOYB, who claimed Meta intentionally complicated the opt-out process using "dark patterns" to ensure that the fewest number of users block data processing. On a blog post addressing the issue, Meta stated that, “Specifically, we have legitimate interests in processing data to build these services and this means that people can object using a form found in our Privacy Centre if they wish.”
Slack Opts All Customers into AI Training
Slack, a business communications platform, stores the content of over 10 million daily active users and 150 thousand paying customers. Earlier this year the company came under fire for using customer data to train artificial intelligence and machine learning models.
Adding to the outrage was the fact that Slack defaulted all customers to opting-in for the AI training, requiring those who did not want private or proprietary conversations and data being used to jump through multiple hoops in order to opt-out.
Ransomware Disrupts Another Health Care Provider
Ascension, a major US healthcare provider and non-profit, suffered a cyber attack earlier this year resulting in disruptions and downtime across hospitals nationwide.
Ascension has about 142,000 employees managing hundreds of hospitals and 40 senior living facilities across the United States. The ransomware attack affected millions of customers served by Ascension and included the exfiltration of personal data that included customer names, physical mailing addresses and order information.
McDonald’s Ends Use of AI in Drive-Thrus
Starting in 2021 and ending only recently, fast food giant McDonald’s performed R&D on integrating AI into it’s operations. Primarily utilized for ordering in drive-thrus, the AI voice system was a joint project between McDonalds and IBM. Recently however, it was announced that the 2-year partnership would be ending and that the AI voice systems would be removed from all McDonald’s.
Mason Smoot who is the chief restaurant officer for McDonald’s USA was quoted saying, “While there have been successes to date, we feel there is an opportunity to explore voice ordering solutions more broadly”.
Speculation on whether the AI system’s cancellation was due to the large number of viral Tiktok videos featuring confused and frustrated customers trying to order has not been substantiated, but it is possible they directly led to McDonald’s ending their use of drive-thru AI.
Courtroom Software Provider Compromised
A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website. It's unclear how the malicious version of JAVS Viewer came to be or for how long it has been inside courtrooms.
This type of criminal act is known as a “supply-chain attack” when a legitimate service or piece of software is secretly infected. Then, everyone who downloads or updates their existing software is affected and with widely used services can impact large numbers of users.
That concludes this edition of Your Worldwide INTERNET REPORT!
Remember to SUBSCRIBE and spread the word about this unique news service.
This issue of Your Worldwide INTERNET REPORT was written by Matt Millen of WillenRimer; Edited by Suzie Dawson and Sean O’Brien; Graphics by K4t4rt; with production support by Beth Bracken.
Talk Liberation - Your Worldwide INTERNET REPORT was brought to you by Panquake.com. We Don’t Hope, We Build!
© Talk Liberation Limited. The original content of this article is licensed under a Creative Commons Attribution-ShareAlike 4.0 International license. Please attribute copies of this work to “Talk Liberation” or talkliberation.com. Some of the work(s) that this program incorporates may be separately licensed. For further information or additional permissions, contact licensing@talkliberation.com