Menu
EN

Musk versus Apple, Meta employees hijack accounts, as Twitter and WhatsApp (allegedly) leak data. AdGuard’s Digest

In this edition of AdGuard’s digest: Elon Musk criticizes App Store, a tracking tool sends sensitive financial info to Meta, Apple’s tracking accusations escalate, stolen data of millions of Twitter users surfaces up for free, as WhatsApp may or may not have leaked user data.

Elon Musk takes on Apple’s 30% tax and ‘censorship’

Twitter CEO Elon Musk has reignited a feud with Apple, blasting the company for stopping nearly all advertisements on Twitter and criticizing a 30% cut it takes from in-app purchases. On November 28, Musk tweeted that Apple had “threatened” to remove Twitter from the App Store. In another tweet, Musk accused Apple of failing to support free speech on the platform by winding down its ad spend.

Elon Musk has rekindled the row with Apple over its App Store commission

Photo: Brett Jordan/Unsplash

Musk has sparred with Apple over its App Store fee before. In May, Musk argued the 30% cut “literally 10 times higher than it should be”. Musk’s growing frustration with Apple was reportedly part of the reason while he pushed back the launch of the revamped Twitter Blue subsription. However, if there was some beef between Apple and Twitter, Musk called a truce after meeting with Apple’s Tim Cook later that week. “Among other things, we resolved the misunderstanding about Twitter potentially being removed from the App Store,” he said. Apple has since resumed advertising on Twitter. It’s unclear if Apple’s 30% tax was on the agenda of the Musk-Cook meeting.

And while Musk and Cook may have buried the hatchet (at least temporary), the steep fee that iOS developers must pay Apple has long been an issue. As we explained in our recent article, the dominance of the Apple and Google app stores hurts developers and users alike.

Meta employees used internal tool called ‘Oops’ to hijack user accounts

Multiple Meta employees have been found out to have accepted bribes for getting into Instagram and Facebook accounts with a secret internal tool. The tool called “Oops” (short for Online Operations) was designed so that Meta employees and contractors could restore accounts for their friends and family without them needing to reach out to Meta’s support. However, some employees and contractors apparently decided to monetize their privileged access to the shortcut. According to a report in the Wall Street Journal, they offered their recovery services both to legitimate users who’d got locked out of their accounts as well as to hackers.

The Journal reported that some workers and contractors allegedly received “thousands of dollars in bribes” for resetting Facebook accounts. Interestingly, some of those workers were supposed to provide security for Meta. Over two dozen people were either “disciplined or fired” after Meta conducted an internal probe.

Given the scale on which Meta has mishandled user data before, it has long been apparent that the company cares more about collecting user data, than ensuring it is secure, or investing into proper customer service. That and an unclear moderation policy apparently allow Meta employees to play demigods. Thus, earlier this year, an OnlyFans star claimed that she slept with several Meta employees to reverse her Instagram ban.

Meta’s tracking tool sends user financial info to… Meta

Roses are red, violets are blue, Meta is always tracking you. Meta Pixel, a notorious tracking tool that has previously been found sending sensitive health data from hospital websites to Meta, made headlines again. This time, the code was sending financial information from several US tax filing websites to the tech giant. The information sent included email addresses, names, income, refund amounts, and, sometimes, even the names of the dependents, The Markup investigation found.

Meta has been receiving sensitive user financial data from tax filing websites

Photo: Christin Hume/Unsplash

Meta has denied any wrongdoing, blaming the website owners for failing to properly configure the tool. “Advertisers should not send sensitive information about people through our Business Tools,” a Meta spokesperson said. The tech giant has also said that it has special filters in place to prevent it from actually being able to detect the sensitive data. Since the report went live, several tax filing websites have removed the pixel, some saying that they were unaware that it had been sending the data to Facebook.

While Meta argues that it was sent the data by mistake, it’s worth noting that Meta’s lifeline is user data, which it repurposes for targeted advertising — its main source of revenue. So, one has to take with a pinch of salt the company’s assurances that it might have been fed the data against its will.

Apple collects personally identifiable info despite promises not to

The information that Apple’s native apps send to Apple include a permanent ID number that is tied to a user’s name, email, and phone number, independent researchers from the software company Mysk have found. This apparently runs contrary to Apple’s privacy policy, which states that “none of the collected information identifies you personally.”

Apple collects data directly linked to your identity, but insists it is not tracking you

The researchers noted that the user has no way to opt out from Apple’s tracking. “All these detailed analytics are going to be linked directly to you. And that’s a problem, because there’s no way to switch it off,” researcher Tommy Mysk told Gizmodo. Earlier, the same researchers found that Apple keeps on collecting detailed real-time usage data even if the user has disabled all personalization options, including “Share iPhone Analytics.” Apple is now facing a class-action lawsuit over allegedly deceiving users with its privacy settings.

Apple has long claimed to prioritize privacy. However, its reputation as a privacy stalwart has been showing more and more cracks as of late. Experts question whether Apple is holding itself to the same standards regarding tracking that it imposes on third parties such as Meta. And as Apple builds its own advertising empire, these privacy concerns only intensify.

Someone is selling 500 million WhatsApp users’ phone numbers… maybe

A hacker has claimed to be selling an up-to-date database containing 487 million WhatsApp user mobile numbers. According to a report by Cybernews that investigated a sample of US and UK telephone numbers from the database, the claim is “likely” true. The bad actor alleged that the dataset contains phone numbers of the residents of 84 countries. Cybernews speculated that the data was most likely obtained by scraping, rather than in the course of an actual hack.

WhatsApp has denied that there has been a data leak. A spokesman for the company said that the report was based “on unsubstantiated screenshots,” even though Cybernews said that they had contacted the seller.

Whether this particular report is true or not, WhatsApp is known to regularly suffer from security vulnerabilities. Not long ago, WhatsApp’s rival Telegram CEO Pavel Durov called WhatsApp a “surveillance tool” commenting on a report about a recent security issue that struck WhatsApp. The issue could have allowed hackers gain “full access” to everything on WhatsApp users’ phones. It’s also not a secret that WhatsApp itself collects vast amounts of unencrypted metadata, including users’ phone numbers, which it can share with Meta and police.

Over 5.4 million Twitter user records offered for free on dark web

While some bad actors want to cash in on the user data, others give it out for free. A large dataset containing 5.4 million of Twitter user records has been posted on a hacker forum, the Bleeping Computer reported. The trove includes user phone numbers and email addresses in addition to Twitter logins, names, locations and IDs. Previously, the same dump was advertised for sale for $30,000.

The data was scraped in December 2021 through a Twitter security vulnerability that has since been patched. The issue, however, is now believed to be way more serious than previously thought. A much larger Twitter dump reportedly consisting of over 17 million records has been uncovered by security researcher Chad Loder. The data in the dump appears to be different from the 5.4 million dataset. The Irish privacy watchdog has started looking into the alleged breach.

While we can assume that Twitter is still suffering from the effects of a vulnerability that has long been fixed, it does not help that some of the platform’s top security and privacy executives resigned following Elon Musk’s Twitter takeover. Unless Musk takes serious steps to protect Twitter’s security and privacy, this probably won’t be the last such incident. The inherent risk is that Twitter collects a lot of personal information and has been known to misuse it.

Liked this post?
By downloading the comments you agree the terms and policies

AdGuard
for Windows

AdGuard for Windows is more than an ad blocker. It is a multipurpose tool that blocks ads, controls access to dangerous sites, speeds up page loading, and protects children from inappropriate content.
User Reviews: 18601
4.7 out of 5
By downloading the program you accept the terms of the License agreement
Read more

AdGuard
for Mac

AdGuard for Mac is a unique ad blocker designed with macOS in mind. In addition to protecting you from annoying ads in browsers and apps, it shields you from tracking, phishing, and fraud.
User Reviews: 18601
4.7 out of 5
By downloading the program you accept the terms of the License agreement
Read more

AdGuard
for Android

AdGuard for Android is a perfect solution for Android devices. Unlike most other ad blockers, AdGuard doesn't require root access and provides a wide range of app management options.
User Reviews: 18601
4.7 out of 5
By downloading the program you accept the terms of the License agreement

AdGuard
for iOS

The most advanced ad blocker for Safari: it makes you forget about pop-up ads, speeds up page loading, and protects your personal data. A manual element-blocking tool and highly customizable settings help you tailor the filtering to your exact needs.
User Reviews: 18601
4.7 out of 5
By downloading the program you accept the terms of the License agreement

AdGuard Browser extension

AdGuard is the fastest and most lightweight ad blocking extension that effectively blocks all types of ads on all web pages! Choose AdGuard for the browser you use and get ad-free, fast and safe browsing.
User Reviews: 18601
4.7 out of 5

AdGuard for Safari

Ad blocking extensions for Safari are having hard time since Apple started to force everyone to use the new SDK. AdGuard extension is supposed to bring back the high quality ad blocking back to Safari.
User Reviews: 18601
4.7 out of 5
Available on the
App Store
Download
By downloading the program you accept the terms of the License agreement

AdGuard Home

AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that. With the rise of Internet-Of-Things and connected devices, it becomes more and more important to be able to control your whole network.
User Reviews: 18601
4.7 out of 5

AdGuard Content Blocker

AdGuard Content Blocker will eliminate all kinds of ads in mobile browsers that support content blocker technology — namely, Samsung Internet and Yandex.Browser. While being more limited than AdGuard for Android, it is free, easy to install and still provides high ad blocking quality.
User Reviews: 18601
4.7 out of 5
By downloading the program you accept the terms of the License agreement
Read more

AdGuard Assistant

A companion browser extension for AdGuard desktop apps. It offers an in-browser access to such features as custom element blocking, allowlisting a website or sending a report.
User Reviews: 18601
4.7 out of 5
Assistant for Chrome Is it your current browser?
Install
By downloading the program you accept the terms of the License agreement
Assistant for Firefox Is it your current browser?
Install
By downloading the program you accept the terms of the License agreement
Assistant for Edge Is it your current browser?
Install
By downloading the program you accept the terms of the License agreement
Assistant for Opera Is it your current browser?
Install
By downloading the program you accept the terms of the License agreement
Assistant for Yandex Is it your current browser?
Install
By downloading the program you accept the terms of the License agreement
Assistant for Safari Is it your current browser?
If you can't find your browser, try the old legacy Assistant version, which you can find in AdGuard extension settings.
Downloading AdGuard To install AdGuard, click the file indicated by the arrow Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, drag the AdGuard icon to the "Applications" folder. Thank you for choosing AdGuard! Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, click "Install". Thank you for choosing AdGuard!
Install AdGuard on your mobile device