All articles tagged with #privacy risk
A whistleblower has revealed that the Department of Government Efficiency uploaded a massive, unsecured Social Security database to the cloud, risking sensitive personal information of over 300 million Americans, raising concerns about identity theft and data security, despite official assurances of safety.
Researchers from Duke University have discovered that sensitive personal information, including home addresses and health conditions, of thousands of active-duty US military personnel can be purchased online from data brokers for as little as $0.12 per record. The study highlights the national security concerns of foreign intelligence services potentially obtaining this information, which could be used to target or blackmail military personnel and their families. The researchers found that the US data-broker ecosystem, which includes major credit reporting agencies and mobile apps, lacks legal restrictions on buying and selling personal data. Regulators are now considering new regulations to address this issue, while Senator Ron Wyden has called for comprehensive solutions to protect Americans' data.
Researchers have discovered that AI code completion tools like GitHub Copilot and Amazon CodeWhisperer can inadvertently expose hardcoded credentials, such as API keys, that were captured during their training. The researchers used regular expressions to identify specific string patterns associated with these credentials on GitHub and then constructed prompts to ask the models to complete code snippets, resulting in the extraction of valid secrets. While the exposed credentials were already accidentally public, this finding raises concerns about the potential recall of sensitive data and highlights the need for proper security practices in code repositories. GitHub and Amazon have not yet responded to the research findings.