Hacker News with Generative AI: Data Security

UK's GCHQ Intern Transferred Top Secret Files to His Phone (bbc.com)
A former GCHQ intern has admitted risking national security by taking top secret data home with him on his mobile phone.

Cybersecurity, National Security, Espionage, Government, Data Security

20 points by m463 1 day ago | 6 comments

You're protecting your data wrong – Introducing the Protected Query Pattern (vercel.app)
Securing modern full-stack applications can be complex. You have to manage authorizations in many different contexts from UI to data mutation functions.

Data Security, Web Development, Software Engineering, Programming

14 points by jussinevavuori 2 days ago | 4 comments

Kink and LGBT dating apps exposed 1.5M private user images online (bbc.com)
Researchers have discovered nearly 1.5 million pictures from specialist dating apps – many of which are explicit – being stored online without password protection, leaving them vulnerable to hackers and extortionists.

Data Security, Privacy, Online Dating, LGBT

31 points by testrun 3 days ago | 8 comments

How to Delete Your 23andMe Data (eff.org)
This week, the genetic testing company 23andMe filed for bankruptcy, which means the genetic data the company collected on millions of users is now up for sale. If you do not want your data included in any potential sale, it’s a good time to ask the company to delete it.

Privacy, Genetics, Data Security, 23andMe

221 points by hn_acker 6 days ago | 120 comments

AI browser assistant extensions probably beaming everything to the cloud (theregister.com)
Generative AI assistants packaged up as browser extensions harvest personal data with minimal safeguards, researchers warn.

Generative AI, Privacy, Browser Extensions, Data Security

10 points by rntn 7 days ago | 1 comments

Ask HN: can Wireless-CarPlay dongles steal your data? (ycombinator.com)
So I recently ordered one of the many wireless Carplay dongles from Aliexpress that work via USB in your car connecting your iPhone to the car's Carplay via Bluetooth (and/or Wifi) to the USB dongle.

Data Security, Car Technology, Wireless CarPlay, Hardware

46 points by concerned_citi 7 days ago | 30 comments

Chunking Attacks on Tarsnap (and Others) (daemonology.net)
Ten years ago I wrote that it would require someone smarter than me to extract information from the way that Tarsnap splits data into chunks.

Security, Encryption, Cloud Storage, Data Security

10 points by todsacerdoti 11 days ago | 1 comments

Chunking Attacks on File Backup Services Using Content-Deﬁned Chunking [pdf] (daemonology.net)

Cybersecurity, Data Security, File Backup, Research, Attacks

123 points by cperciva 11 days ago | 21 comments

Stop letting your RAG chatbot expose sensitive data (osohq.com)
Retrieval-Augmented Generation (RAG) lets you enhance large language model (LLM) applications by supplementing your users’ prompts with context from internal sources.

Data Security

11 points by mathewpregasen 13 days ago | 1 comments

Court filing: DOGE aide broke Treasury policy by emailing unencrypted database (theregister.com)
A now-former DOGE aide violated US Treasury policy by emailing an unencrypted database containing people's private information to two Trump administration officials, according to a court document filed Friday.

Privacy, Data Security, Government, Politics, Law

67 points by rntn 14 days ago | 31 comments

Tell HN: Wise makes all user phone email and name data discoverable by default (ycombinator.com)
Wise makes all user phone email and name data discoverable by default

Privacy, Data Security, Fintech, User Data, Wise

18 points by wise-throwaway 17 days ago | 0 comments

Data Broker Brags About Highly Detailed Personal Info on Most All Internet Users (gizmodo.com)
The owner of a data brokerage business recently put out a creepy-ass video in which he bragged about the degree to which his industry could collect and analyze data on the habits of billions of people.

Privacy, Data Security, Internet, Personal Data

7 points by rntn 17 days ago | 1 comments

Privacy Is Also Protecting the Data of Others (privacyguides.org)
In privacy, we talk a lot about how to protect our own data, but what about our responsibility to protect the data of others?

Privacy, Data Security, Ethics

9 points by jonaharagon 20 days ago | 0 comments

We stopped trusting clouds and started encrypting our data (vas3k.com)
Remember the situation: you want to send that fresh dank meme to your friend (let's say) Greg. You open your favorite messenger, find the chat with Greg, attach the meme and hit send.

Privacy, Encryption, Data Security, Communication

21 points by namanyayg 20 days ago | 1 comments

Civil servants quit Elon Musk's DOGE citing security risks over US data (abc.net.au)
About 21 civil servants from Elon Musk's Department of Government Efficiency have resigned saying they will not use their skills to jeopardise the sensitive data of Americans.

Elon Musk, Government, Data Security, Privacy

16 points by Aeolun 20 days ago | 0 comments

Allstate Insurance sued for delivering personal info in plaintext, to anyone (theregister.com)
New York State has sued Allstate Insurance for operating websites so badly designed they would deliver personal information in plain-text to anyone that went looking for it.

Data Security, Privacy, Lawsuits, Insurance, Cybersecurity

8 points by rntn 21 days ago | 1 comments

Microsoft unveils finalized EU Data Boundary as European doubt over US grows (theregister.com)
Microsoft has completed its EU data boundary, however, analysts and some regional cloud players are voicing concerns over dependencies on a US entity, even with the guarantees in place.

Microsoft, Cloud Computing, Data Security, Geopolitics

7 points by nemoniac 29 days ago | 0 comments

Banking's critical functions are vanishing into the cloud (ft.com)
It’s 9pm — do you know where your data is?

Cloud Computing, Banking, Data Security

8 points by anigbrowl 29 days ago | 2 comments

Research Finds 12,000 'Live' API Keys and Passwords in DeepSeek's Training Data (trufflesecurity.com)
Research finds 12,000 ‘Live’ API Keys and Passwords in DeepSeek's Training Data

Data Security, Cybersecurity, Artificial Intelligence, Machine Learning

7 points by bathtub365 29 days ago | 2 comments

Corporations dig deeper: using bunkers to secure data (and their CEOs) (semafor.com)
Large corporations are shopping for underground bunkers that can survive a nuclear blast to protect their data centers and C-suite employees as geopolitical tensions rise.

Data Security, Business, Geopolitics, Cybersecurity

10 points by gmays 32 days ago | 4 comments

CouchDB Prevents Data Corruption: Fsync (neighbourhood.ie)
Programming can be exciting when the underlying fundamentals you’ve been operating under suddenly come into question. Especially when it comes to safely storing data. This is a story of how the CouchDB developers had a couple of hours of excitement making sure their fundamentals were solid (and your data was safe).

Databases, CouchDB, Data Security

26 points by fanf2 32 days ago | 0 comments

Github scam investigation: Thousands of “mods” and “cracks” stealing data (timsh.org)
While looking through the articles on a "social engineering" themed forum I discovered a relatively new scam scheme that shocked me.People create thousands of GitHub repositories with all sorts of things - from Roblox and Fortnite mods to "cracked" FL Studio and Photoshop.

Security, Scams, GitHub, Software, Data Security

388 points by timsh 33 days ago | 160 comments

SanitAI: A reverse proxy to remove PII data from OpenAI API calls (github.com/edublancas)

Privacy, OpenAI, Reverse Proxy, AI, Data Security

15 points by edublancas 36 days ago | 0 comments

DeepSeek coding can transfer users' data directly to the Chinese government (abcnews.go.com)
DeepSeek, the explosive new artificial intelligence tool that took the world by storm, has code hidden in its programming which has the built-in capability to send user data directly to the Chinese government, experts told ABC News.

Artificial Intelligence, China, Privacy, Data Security, Software

8 points by Anon84 36 days ago | 1 comments

Ask HN: Thoughts on using American-based cloud vendors in the Trump era? (ycombinator.com)
I think American cloud providers offer state‐of‐the‐art infrastructure but it's fair to question whether the current U.S. political environment—and the unpredictability it sometimes brings—could affect data sovereignty and regulatory stability.

Politics, Cloud Computing, Data Security, United States

17 points by kakoni 40 days ago | 18 comments

Ask HN: How can I prepare my digital life for geopolitical disruptions? (ycombinator.com)
I'm from Germany and currently rely on macOS and iOS, with all my personal data stored in iCloud. Recent political tensions have made me question what might happen in the event of a military conflict between the US and Europe. Could Apple be forced to shut down its services in Europe? What would happen to my devices, operating systems, and stored data in such a scenario?

Geopolitics, Cybersecurity, Privacy, Technology, Data Security

31 points by mwinatschek 41 days ago | 28 comments

Dutch medical records on HDDs bought for €5 at fleamarket traced to software biz (theregister.com)
Typically shoppers can expect to find tie-dye t-shirts, broken lamps and old disco records at flea markets, now it seems storage drives filled with huge volumes of sensitive data can be added to that list.

Data Security, Privacy, Netherlands, Technology, Crime

8 points by rntn 41 days ago | 0 comments

Musk Team Seeks Access to IRS System with Taxpayers' Records (nytimes.com)
The Internal Revenue Service is preparing to give a team member working with Elon Musk’s so-called Department of Government Efficiency access to sensitive taxpayer data, people familiar with the matter said.

Politics, Government, Privacy, Data Security, Taxes

21 points by 2OEH8eoCRo0 43 days ago | 9 comments

EFF Sues DOGE and the Office of Personnel Management (eff.org)
EFF and a coalition of privacy defenders have filed a lawsuit today asking a federal court to block Elon Musk’s Department of Government Efficiency (DOGE) from accessing the private information of millions of Americans that is stored by the Office of Personnel Management (OPM), and to delete any data that has been collected or removed from databases thus far.

Privacy, Lawsuits, Government, Data Security

74 points by coloneltcb 49 days ago | 40 comments

ChatGPT maker OpenAI taking claims of data breach 'seriously' (the-independent.com)
OpenAI is investigating reports of a potential data breach affecting millions of user accounts, but says it has yet to find evidence supporting the claims.

Data Security, OpenAI, ChatGPT, Artificial Intelligence

4 points by kordlessagain 52 days ago | 0 comments