Your privacy matters.. in the EU at least

Jul 05 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s the Captain Tom (RIP) to cybercrime’s umm well, his money-grabbing kids 😒🙈😂 #homespa #smh #covid

Today’s hottest cyber security stories:

  • Meta’s Instagram Threads won’t launch in the EU (yet!) due to privacy concerns

  • Law firm HWL Ebsworth got hacked by Russian supervillains #ransomware

  • Swedish privacy authority warns against using Google Analytics

Twitter: You’re no Thread to us
Meta: Cage fight me, bro!

Instagram Threads, Meta’s answer to Twitter, will launch tomorrow (July 6) but not in the EU thanks to privacy concerns voiced by Ireland's Data Protection Commission (DPC).

Brussels threw a spanner in the works but didn’t actually block the launch. The tech giant which also owns Facebook, Messenger, and WhatsApp, decided to hold off on the launch having fallen victim to the EU’s stringent privacy laws in the past.

Elon Musk’s takeover of Twitter, though by no means a disaster, appears to have split the platform by political orientation. More right-leaning conservative users celebrate Musk’s championing of free speech, whereas more left-leaning users decry the rise of ‘hate speech’ on the platform.

Many also object to having to pay for the illustrious blue tick (starting at $8 a month) and the return to the wild west Twitter of old.

For these reasons, now may just be the perfect time for Meta to throw its hat into the ring, so to speak. Liberals, in general, seem disillusioned with the platform since Musk’s takeover.

As such, it’s likely that this eleventh hour hold-off on the EU launch will be considered a setback by Meta but, when it comes to online habits, the U.S. seems to lead the way, in the Western world, at least.

The "App Privacy" section on the App Store explains that the app will collect a wide range of user data, including:

  • Health and Fitness

  • Purchases

  • Financial Info

  • Location

  • Contact Info

  • Contacts

  • User Content

  • Search History

  • Browsing History

  • Identifiers

  • Usage Data

  • Sensitive Info

  • Diagnostics 

Just a few things then, yeah 😳 Geez, you can see why the proposed launch raised some eyebrows in Europe, can’t you?

To be honest, there’s a lot of reasons to hate the EU but online privacy is one area when I think you can say: fair enough.

Because remember, the more data that’s out there in the ether, so to speak, the more data that’s prone to being hacked by cybercriminals.

What the HWL is going on?!

Another day, another Russian ransomware attack, eh folks? This one took place down under and was perpetrated on law giant HWL Ebsworth. UK readers: is it just me or does that name make you think of a prison. Like HMP Belmarsh or Elmley. Sorry, back to it…

So crikey, brace yourself, lads, 'cause, as mentioned, a Russian ransomware gang has struck once more, snatching sensitive and personal government secrets from the clutches of law firm HWL Ebsworth. Struth!

Australia's fresh-faced cybersecurity honcho, Darren Goldie, spilled the beans on this mind-boggling breach.

He's knee-deep in the aftermath, working tirelessly with the law firm to figure out just how many Aussies have been caught up in this digital nightmare. I tell ya, mate, it's chaos out there!

The shady ALPHV/Blackcat crew, who have cosy ties to Mother Russia, decided to rub salt in the wound.

They proudly announced on the dark web back in late April that they'd hacked into the law firm's database. These digital bogans even had the audacity to publish some of the stolen goods they'd gotten their grubby little paws on.

And get this, it wasn't just a few measly files—they nabbed a whopping 3.6TB of data!

That's like a treasure trove of juicy secrets. So far, they've leaked 1.1TB of it. Can you imagine the chaos that's gonna cause?

Here’s what old Goldie had to say on the matter: “A number of Australian government entities have been impacted by the HWL Ebsworth cyber incident, with sensitive personal and government information released.”

“I am actively engaging with HWL Ebsworth to understand the complete picture of this incident, including how their private industry clients have been impacted, as the data analysis continues.

“Additional coordination meetings are occurring to address issues for HWL Ebsworth’s broader client base. We will work to ensure the lessons from this incident are shared so that we can continue to collectively bolster our responses to cyber incidents.”

Thank god old Goldie locks and the three hairs is on the scene, eh chaps? 😂 As you were.

Uncle Sam wants YOUr data

Sweden’s had it up to here with the Americans snooping on their data so their national data protection watchdog has advised companies to avoid using Google Analytics. Whether anyone will take notice is another matter, entirely.

Although privacy is a concern and apparently Sweden thinks the American government is using the tool to spy on them, it’s a bloody useful tool which makes it hard to believe that many Swedish companies will heed the advice.

The development comes in the aftermath of an audit initiated by the Swedish Authority for Privacy Protection (IMY) against four companies CDON, Coop, Dagens Industri, and Tele2.

"In its audits, IMY considers that the data transferred to the U.S. via Google's statistics tool is personal data because the data can be linked with other unique data that is transferred," IMY said.

"The authority also concludes that the technical security measures that the companies have taken are not sufficient to ensure a level of protection that essentially corresponds to that guaranteed within the EU/EEA."

To be fair, there are alternatives to Google Analytics. According to Google (lol) the top ones are:

  • Hotjar

  • Fathom Analytics

  • Piwik Pro

  • Plausible Analytics

  • Woopra

  • Adobe Analytics

  • Matomo Analytics

  • Clicky

Something to consider I guess. In the meantime, stay safe out there, ladies and gents!

So long and thanks for reading all the phish!

Recent articles