Hacker News with Generative AI: Data Security

UK's GCHQ Intern Transferred Top Secret Files to His Phone (bbc.com)
A former GCHQ intern has admitted risking national security by taking top secret data home with him on his mobile phone.
You're protecting your data wrong – Introducing the Protected Query Pattern (vercel.app)
Securing modern full-stack applications can be complex. You have to manage authorizations in many different contexts from UI to data mutation functions.
Kink and LGBT dating apps exposed 1.5M private user images online (bbc.com)
Researchers have discovered nearly 1.5 million pictures from specialist dating apps – many of which are explicit – being stored online without password protection, leaving them vulnerable to hackers and extortionists.
How to Delete Your 23andMe Data (eff.org)
This week, the genetic testing company 23andMe filed for bankruptcy, which means the genetic data the company collected on millions of users is now up for sale. If you do not want your data included in any potential sale, it’s a good time to ask the company to delete it.
AI browser assistant extensions probably beaming everything to the cloud (theregister.com)
Generative AI assistants packaged up as browser extensions harvest personal data with minimal safeguards, researchers warn.
Ask HN: can Wireless-CarPlay dongles steal your data? (ycombinator.com)
So I recently ordered one of the many wireless Carplay dongles from Aliexpress that work via USB in your car connecting your iPhone to the car's Carplay via Bluetooth (and/or Wifi) to the USB dongle.
Chunking Attacks on Tarsnap (and Others) (daemonology.net)
Ten years ago I wrote that it would require someone smarter than me to extract information from the way that Tarsnap splits data into chunks.
Chunking Attacks on File Backup Services Using Content-Defined Chunking [pdf] (daemonology.net)
Stop letting your RAG chatbot expose sensitive data (osohq.com)
Retrieval-Augmented Generation (RAG) lets you enhance large language model (LLM) applications by supplementing your users’ prompts with context from internal sources.
Court filing: DOGE aide broke Treasury policy by emailing unencrypted database (theregister.com)
A now-former DOGE aide violated US Treasury policy by emailing an unencrypted database containing people's private information to two Trump administration officials, according to a court document filed Friday.
Tell HN: Wise makes all user phone email and name data discoverable by default (ycombinator.com)
Wise makes all user phone email and name data discoverable by default
Data Broker Brags About Highly Detailed Personal Info on Most All Internet Users (gizmodo.com)
The owner of a data brokerage business recently put out a creepy-ass video in which he bragged about the degree to which his industry could collect and analyze data on the habits of billions of people.
Privacy Is Also Protecting the Data of Others (privacyguides.org)
In privacy, we talk a lot about how to protect our own data, but what about our responsibility to protect the data of others?
We stopped trusting clouds and started encrypting our data (vas3k.com)
Remember the situation: you want to send that fresh dank meme to your friend (let's say) Greg. You open your favorite messenger, find the chat with Greg, attach the meme and hit send.
Civil servants quit Elon Musk's DOGE citing security risks over US data (abc.net.au)
About 21 civil servants from Elon Musk's Department of Government Efficiency have resigned saying they will not use their skills to jeopardise the sensitive data of Americans.
Allstate Insurance sued for delivering personal info in plaintext, to anyone (theregister.com)
New York State has sued Allstate Insurance for operating websites so badly designed they would deliver personal information in plain-text to anyone that went looking for it.
Microsoft unveils finalized EU Data Boundary as European doubt over US grows (theregister.com)
Microsoft has completed its EU data boundary, however, analysts and some regional cloud players are voicing concerns over dependencies on a US entity, even with the guarantees in place.
Banking's critical functions are vanishing into the cloud (ft.com)
It’s 9pm — do you know where your data is?
Research Finds 12,000 'Live' API Keys and Passwords in DeepSeek's Training Data (trufflesecurity.com)
Research finds 12,000 ‘Live’ API Keys and Passwords in DeepSeek's Training Data
Corporations dig deeper: using bunkers to secure data (and their CEOs) (semafor.com)
Large corporations are shopping for underground bunkers that can survive a nuclear blast to protect their data centers and C-suite employees as geopolitical tensions rise.
CouchDB Prevents Data Corruption: Fsync (neighbourhood.ie)
Programming can be exciting when the underlying fundamentals you’ve been operating under suddenly come into question. Especially when it comes to safely storing data. This is a story of how the CouchDB developers had a couple of hours of excitement making sure their fundamentals were solid (and your data was safe).
Github scam investigation: Thousands of “mods” and “cracks” stealing data (timsh.org)
While looking through the articles on a "social engineering" themed forum I discovered a relatively new scam scheme that shocked me.People create thousands of GitHub repositories with all sorts of things - from Roblox and Fortnite mods to "cracked" FL Studio and Photoshop.
SanitAI: A reverse proxy to remove PII data from OpenAI API calls (github.com/edublancas)
DeepSeek coding can transfer users' data directly to the Chinese government (abcnews.go.com)
DeepSeek, the explosive new artificial intelligence tool that took the world by storm, has code hidden in its programming which has the built-in capability to send user data directly to the Chinese government, experts told ABC News.
Ask HN: Thoughts on using American-based cloud vendors in the Trump era? (ycombinator.com)
I think American cloud providers offer state‐of‐the‐art infrastructure but it's fair to question whether the current U.S. political environment—and the unpredictability it sometimes brings—could affect data sovereignty and regulatory stability.
Ask HN: How can I prepare my digital life for geopolitical disruptions? (ycombinator.com)
I'm from Germany and currently rely on macOS and iOS, with all my personal data stored in iCloud. Recent political tensions have made me question what might happen in the event of a military conflict between the US and Europe. Could Apple be forced to shut down its services in Europe? What would happen to my devices, operating systems, and stored data in such a scenario?
Dutch medical records on HDDs bought for €5 at fleamarket traced to software biz (theregister.com)
Typically shoppers can expect to find tie-dye t-shirts, broken lamps and old disco records at flea markets, now it seems storage drives filled with huge volumes of sensitive data can be added to that list.
Musk Team Seeks Access to IRS System with Taxpayers' Records (nytimes.com)
The Internal Revenue Service is preparing to give a team member working with Elon Musk’s so-called Department of Government Efficiency access to sensitive taxpayer data, people familiar with the matter said.
EFF Sues DOGE and the Office of Personnel Management (eff.org)
EFF and a coalition of privacy defenders have filed a lawsuit today asking a federal court to block Elon Musk’s Department of Government Efficiency (DOGE) from accessing the private information of millions of Americans that is stored by the Office of Personnel Management (OPM), and to delete any data that has been collected or removed from databases thus far.
ChatGPT maker OpenAI taking claims of data breach 'seriously' (the-independent.com)
OpenAI is investigating reports of a potential data breach affecting millions of user accounts, but says it has yet to find evidence supporting the claims.