LONDON (Reuters) – The London Stock Exchange Group said on Thursday it was investigating a lengthy outage at its newly-acquired Refinitiv market data unit.
The outage at Refinitiv’s Eikon platform for market prices began around 0830 GMT. Subscribers who rely on its data for trading currencies and other assets, said on Twitter they were unable to access prices.
“We’re aware of an issue disrupting our service to customers,” LSEG said in a statement.
“We are currently investigating the cause of the issue and working hard to resolve the problem. We apologise to customers for the disruption.”
LSEG completed its $27 billion purchase of Refinitiv on Jan 29. Analysts had already expressed concerns last month that integration costs will be heavier and cover a longer period than had been expected.
Its shares have fallen 20% so far this year.
“Clearly this morning this is bad news for the group not to mention that clients have been left high and dry with no trading and loss of crucial market data,” said Securequity sales trader Jawaid Afsar.
Thomson Reuters, owner of Reuters News, has a 15% stake in LSE Group.
LSE shares were up 1.07% at 08:59 GMT according to prices on Yahoo.
Reporting by Thyagaraju Adinarayan and Huw Jones; Editing by Rachel Armstrong and Jon Boyle
(Reuters) – BlackRock Inc Chief Executive Larry Fink on Wednesday called for more disclosure requirements for private companies as governments create new accounting standards for sustainable business areas like climate change.
In a letter to shareholders of the world’s largest asset manager, provided by a spokesman, Fink wrote that government “must play the leadership role” in cutting emissions. He called for mandatory disclosures for public and private companies worldwide, coupled with legal protections for companies making their best efforts at describing risks.
“If large private companies are not held to the same level of scrutiny as public companies, we will create an unintended incentive to shift carbon-intensive assets to markets with less transparency and, often, less regulation,” Fink wrote.
Fink’s language was more specific than in a January memo in which he said climate disclosures “should be embraced” by large private companies.
The new wording comes as European Union and U.S. regulators hash out how much sustainability data companies should provide on area like greenhouse gas emissions or workforce demographics.
New York-based BlackRock, with some $8.7 trillion under management, had previously backed mandatory climate reporting. Last month it joined other asset managers pledging to push companies in their portfolios to net zero carbon emissions by 2050 or sooner.
But many of the largest companies, including in fossil fuel industries, are not publicly listed, either because they are in private hands or are state-owned enterprises.
(Reuters) – Facebook Inc on Tuesday said a recently reported data leak affecting potentially 530 million users stemmed from a misuse of a feature in 2019 and that the company had plugged the hole after identifying the problem at the time.
Business Insider reported last week that phone numbers and other details from user profiles were available in a public database. Facebook said “malicious actors” had obtained the data prior to September 2019 by “scraping” profiles using a vulnerability in the social media service’s tool to sync contacts.
The company said it identified the issue at the time and modified the tool.
“As a result of the action we took, we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists,” Facebook said in a blog post.
Ireland’s Data Protection Commission (DPC) said it is looking into a data dump of personal information from hundreds of millions of Facebook users.
The database is believed to contain a mix of Facebook profile names, phone numbers, locations and other facts about more than 530 million people.
Facebook says the data is “old”, from a previously-reported leak in 2019.
But the Irish DPC said it will work with Facebook, to make sure that is the case.
Ireland’s regulator is critical to such investigations, as Facebook’s European headquarters is in Dublin, making it an important regulator for the EU.
The most recent data dump appears to contain the entire compromised database from the previous leak, which Facebook said it found and fixed more than a year and a half ago.
But the dataset has now been published for free in a hacking forum, making it much more widely available.
It covers 533 million people in 106 countries, according to researchers who have viewed the data. That includes 11 million Facebook users in the UK and more than 30 million Americans.
Not every piece of data is available for every user, but the large scale of the leak has prompted concern from cyber-security experts.
The DPC’s deputy commissioner Graham Doyle said the recent data dump “appears to be” from the previous leak – and that the data-scraping behind it had happened before the EU’s GDPR privacy legislation was in effect.
“However, following this weekend’s media reporting we are examining the matter to establish whether the dataset referred to is indeed the same as that reported in 2019,” he added.
Despite the claims of the data being “old”, some security researchers remain concerned due to the unchanging nature of the data involved.
Phone numbers, for example, are unlikely to have changed for many people in the past two to three years, and other information – such as a date of birth or hometown – never change.
Alon Gal, a well-known personality in cyber-security circles who tweets as @UnderTheBreach, wrote that the phone number database first appeared in January, where hackers could look up the phone database for a small fee.
But the widespread leak of the database “means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked,” he tweeted.
“I have yet to see Facebook acknowledging this absolute negligence of your data,” he added.
He also suggested that the leaked dataset could be very useful “for a targeted attack where you know someone’s name and country” – though it would be much harder to use for a blanket mass cyber-attack.
“But for spam based on using phone number alone, it’s gold,” he added.
“Not just SMS, there are heaps of services that just require a phone number these days and now there’s hundreds of millions of them conveniently categorised by country with nice mail merge fields like name and gender.”
WASHINGTON (Reuters) – A leaker says they are offering information on more than 500 million Facebook Inc users – including phone numbers and other data – virtually for free.
Alon Gal, co-founder of Israeli cybercrime intelligence firm Hudson Rock, said on Saturday the database appears to be the same set of Facebook-linked telephone numbers that has been circulating in hacker circles since January and whose existence was first reported by tech publication Motherboard.
Reuters was not immediately able to vet the information, which is being offered for a few euros’ worth of digital credit on a well-known site for low-level hackers, but Gal said he had verified the authenticity of at least some of the data by comparing it against phone numbers of people he knew.
Other journalists say they have also been able to match known phone numbers to the details in the data dump.
An attempt by Reuters to reach the leaker over the messaging service Telegram was not immediately successful. Facebook did not return messages seeking comment.
Motherboard’s story earlier this year cited Facebook as saying the leaked data appeared to be the fruit of a bug that the company fixed in August 2019.
Gal told Reuters that Facebook users should be alert to “social engineering attacks” by people who may have obtained their phone numbers or other private data in the coming months.
News of the latest leak here was first reported by Business Insider.
It was the offer from the gambling company which he is convinced started his addiction. If he deposited up to £300, they’d match it.
James – not his real name – says: “That was basically the initial hook that got me into slot machines.
“Gambling on the internet and particularly on smartphones, using apps, you in effect have a super casino in your pocket.
“I’ve never actually been in a physical bookmaker’s shop.”
In three months, James went from gambling a hundred pounds a month to five thousand pounds in a day. When he finally stopped, he was 80 thousand pounds in debt.
“For a time it ruined my life – up until the point that I was seriously considering suicide. Basically, I had ruined myself financially”
James wanted to understand his relationship with the gambling companies, in particular Sky Bet – and the trail of personal data he had agreed to share with them when he signed up. He issued what’s known as a Data Subject Access Request.
But to start to get the full picture, he had to find out his unique code and put in requests not just to Sky Bet, but also to three data harvesting companies which SkyBet sends data to from its data warehouse: Signal, which profiled his behaviour for marketing – not just from Sky Bet but other companies too; Iovation, which monitored what device he was using, when and how often; and TransUnion, the credit reference company which owns the other two firms.
The subject access request from Iovation showed almost 19,000 separate items of data, tracking his Sky Bet gambling. Sky Bet says it uses this for fraud prevention.
The behavioural profiling by Signal which can be used for marketing has more than 85 categories, and James found it had 166 fields of data on him, not just from Sky Bet. To take just three of the categories profiled: it categorises him as a high-value customer; it knows he chases losses; and it knows the percentage of its emails he opens.
‘Protect the vulnerable’
TransUnion, the data and insights company, told the BBC it offers “various services to gaming operators to support responsible conduct and protect the vulnerable from exploitation.”
“These include confirming age and identity, preventing fraud and checking affordability… All our relationships comply with relevant legal and regulatory frameworks.”
Sky Bet said it uses “a number of third party data providers” for fraud detection, age verification and marketing.
“The data that was provided to the customer in this case upon request came from several third parties and includes information that Sky Betting & Gaming does not have access to,” it added.
Ravi Naik, from the law firm AWO, helped James access his files. He says we need to understand what information we give away: “Gambling companies do not operate in a silo of data – they operate in this wider ecosystem. There’s data flowing in different times and in different ways.
“The concern for our clients is that their data is being used for behavioural surveillance, understanding what you are doing, who you are and what you like.”
The Gambling Act 2005 became law across Great Britain in September 2007 – and now the government is reviewing it to make it fit for the digital age. The call for evidence ends at the end of March. Northern Ireland is regulated separately.
Since the law was introduced, the online gambling industry has exploded, taking in around £6bn a year.
The review of the Gambling Act will look at whether the law is effective and gives the right protections – something the regulator – the Gambling Commission – says it welcomes.
Gambling today has shifted online. It’s part of the attention economy: the war for our attention that has made a small group of (mostly Californian) companies the richest in human history.
To a much greater extent than is generally acknowledged, the price of the free and open web that we have today is paid in privacy. Our every click, open and scroll is a signal that creates an item of data. Algorithms then sift and sort that data to build very detailed profiles of us, which in turn allows us to be targeted.
Often it is advertisers who target us. This is the means by which Google and Facebook have become very rich.
With good reason, there has been a big focus in recent years on those institutions who together comprise Big Tech. But the harvesting of our data trails is something that a bewilderingly vast assortment of companies specialise in – including gambling companies.
It’s only when you try to find out what these companies know about you – as ‘James’ did – that you discover how much of yourself you’ve handed over.
TOKYO (Reuters) – The Japanese government has decided to temporarily halt its use of popular messaging app Line, owned by SoftBank Corp’s Z Holdings, to handle sensitive information, Chief Cabinet Secretary Katsunobu Kato said on Monday.
The decision comes after domestic media reports this month that four engineers at a Line affiliate in Shanghai were allowed to access servers in Japan from 2018 that contained the names, telephone numbers and e-mail addresses of users.
Following the reports, a spokesman for Line, which has 186 million users worldwide, said the company has since blocked access to user data at the Chinese affiliate.
“The government will halt the use of Line when handling sensitive information for now, and set up a task force swiftly, so that usage guidelines can be compiled soon,” Kato told a regular news conference.
At a time when U.S. agencies and thousands of companies are fighting off major hacking campaigns originating in Russia and China, a different kind of cyber threat is re-emerging: activist hackers looking to make a political point.
Three major hacks show the power of this new wave of “hacktivism” – the exposure of AI-driven video surveillance being conducted by the startup Verkada, a collection of Jan. 6 riot videos from the right-wing social network Parler, and disclosure of the Myanmar military junta’s high-tech surveillance apparatus.
And the U.S. government’s response shows that officials regard the return of hacktivism with alarm. An indictment last week accused 21-year-old Tillie Hottmann, a Swiss hacker who took credit for the Verkada breach, of a broad conspiracy.
“Wrapping oneself in an allegedly altruistic motive does not remove the criminal stench from such intrusion, theft and fraud,” Seattle-based Acting U.S. Attorney Tessa Gorman said.
According to a U.S. counter-intelligence strategy released a year ago, “ideologically motivated entities such as hacktivists, leaktivists, and public disclosure organizations,” are now viewed as “significant threats,” alongside five countries, three terrorist groups, and “transnational criminal organizations.”
Earlier waves of hacktivism, notably by the amorphous collective known as Anonymous in the early 2010s, largely faded away under law enforcement pressure. But now a new generation of youthful hackers, many angry about how the cybersecurity world operates and upset about the role of tech companies in spreading propaganda, are joining the fray.
And some former Anonymous members are returning to the field, including Aubrey Cottle, who helped revive the group’s Twitter presence last year in support of the Black Lives Matter protests.
Anonymous followers drew attention for disrupting an app that the Dallas police department was using to field complaints about protesters by flooding it with nonsense traffic. They also wrested control of Twitter hashtags promoted by police supporters.
“What’s interesting about the current wave of the Parler archive and Gab hack and leak is that the hacktivism is supporting antiracist politics or antifascism politics,” said Gabriella Coleman, an anthropologist at McGill University, Montreal, who wrote a book on Anonymous.
Gab, a social network favored by white nationalists and other right-wing extremists, has also been hurt by the hacktivist campaign and had to shut down for brief periods after breaches.
Most recently, Cottle has been focused on QAnon and hate groups.
“QAnon trying to adopt Anonymous and merge itself into Anonymous proper, that was the straw that broke the camel’s back,” said Cottle, who has held a number of web development and engineering jobs, including a stint at Ericsson.
He found email data showing that people in charge of the 8kun image board, where the persona known as Q posted, were in steady contact with major promoters of QAnon conspiracies here.
The new-wave hacktivists also have a preferred place for putting materials they want to make public – Distributed Denial of Secrets, a transparency site that took up the mantle of WikiLeaks with less geopolitical bias. The site’s collective is led by Emma Best, an American known for filing prolific freedom of information requests.
Best’s two-year-old site coordinating access by researchers and media to a hoard of posts taken from Gab by unidentified hackers. In an essay this week, Best praised Hottmann and said leaks would keep coming, not just from hacktivists but insiders and the ransomware operators who publish files when companies don’t pay them off.
“Indictments like Tillie’s show just how scared the government is, and just how many corporations consider embarrassment a greater threat than insecurity,” Best wrote here.
The events covered by the Hottmann indictment here took place from November 2019 through January 2021. The core allegation is that the Lucerne software developer and associates broke into a number of companies, removed computer code and published it. The indictment also said Hottmann spoke to the media about poor security practices by the victims and stood to profit, if only by selling shirts saying things like “venture anticapitalist” and “catgirl hacker.”
But it was only after Hottmann publicly took credit for breaching Verkada and posted alarming videos from inside big companies, medical facilities and a jail that Swiss authorities raided their home at the behest of the U.S. government. Hottmann uses non-binary pronouns.
“This move by the U.S. government is clearly not only an attempt to disrupt the freedom of information, but also primarily to intimidate and silence this newly emerging wave of hacktivists and leaktivists,” Hottmann said in an interview with Reuters.
Hottmann and their lawyer declined to discuss the U.S. charges of wire fraud for some of Hottmann’s online statements, aggravated identity theft for using employee credentials, and conspiracy, which together are enough for a lengthy prison sentence.
The FBI declined an interview request. If it seeks extradition, the Swiss would determine whether Hottmann’s purported actions would have violated that country’s laws.
Hottmann was open about their disdain for the law and corporate powers-that-be. “Like many people, I’ve always been opposed to intellectual property as a concept and specifically how it’s used to limit our understanding of the systems that run our daily lives,” Hottmann said.
A European friend of Hottmann’s known as “donk_enby,” a reference to being non-binary in gender, is another major figure in the hacktivism revival. Donk grew angry about conspiracy theories spread by QAnon followers on the social media app Parler that drove protests against COVID-19 health measures.
Following a Cottle post about a leak from Parler in November, Donk dissected the iOS version of Parler’s app and found a poor design choice. Each post bore an assigned number, and she could use a program to keep adding 1 to that number and download every single post in sequence.
After the Jan. 6 U.S. Capitol riots, Donk shared links to the web addresses of a million Parler video posts and asked her Twitter followers to download them before rioters who recorded themselves inside the building deleted the evidence. The trove included not just footage but exact locations and timestamps, allowing members of Congress to catalogue the violence and the FBI to identify more suspects.
Popular with far-right figures, Parler has struggled to stay online after being dropped by Google and Amazon. Donk’s actions alarmed users who thought some videos would remain private, hindering the its attempt at a comeback.
In the meantime, protesters in Myanmar asked Donk for help, leading to file dumps that prompted Google to pull its blogging platform and email accounts here from leaders of the Feb. 1 coup. Donk’s identification of numerous other military contractors helped fuel sanctions that continue to pile up.
One big change from the earlier era of hacktivisim is that hackers can now make money legally by reporting the security weaknesses they find to the companies involved, or taking jobs with cybersecurity firms.
But some view so-called bug bounty programs, and the hiring of hackers to break into systems to find weaknesses, as mechanisms for protecting companies who should be exposed.
“We’re not going to hack and help secure anyone we think is doing something extremely unethical,” said John Jackson, an American researcher who works with Cottle on above-ground projects. “We’re not going to hack surveillance companies and help them secure their infrastructure.”
DUESSELDORF (Reuters) – A German court on Wednesday criticised curbs on data collection imposed on Facebook by the country’s antitrust watchdog, in an indication that it may find in favour of the social network’s appeal against the two-year-old order.
“We criticise the decision of the Federal Cartel Office,” Juergen Kuehnen, the presiding judge at the Higher Regional Court in Duesseldorf, told a hearing.
The cartel office ordered Facebook in February 2019 to curb its data collection practices, saying that the world’s largest social media company had abused its market dominance to gather information about its users without their consent.
Facebook appealed that decision and, in the last significant development in the case, the German Federal Court reinstated the restrictions last June pending a resolution of the high-stakes legal battle.
The case has thrown up questions over whether personal data protection – a hot-button issue in Germany – is a matter properly addressed under competition law or whether it would be better covered by the European Union’s privacy rules.
NEW YORK (Reuters) – New York’s Department of Financial Services on Tuesday said it concluded its investigation into Apple’s credit card and its underwriter Goldman Sachs Group Inc and found no evidence of unlawful discrimination against applicants under the fair lending law.
The investigation included reviewing thousands of pages of records submitted by Goldman and Apple, interviews with witnesses of Apple card applicants and data for roughly 400,0000 Apple card applicants from New York state.