**Google Sends Dark Web Report to its Graveyard**
In a surprising move, Google has announced that it will be discontinuing its "Dark Web Report", an email service that alerts users when their personal information appears on the internet's dark underbelly. The service, which was launched in 2023, aimed to help users stay ahead of potential threats by flagging exposed user IDs, passwords, and other sensitive information.
According to Google, the service did not provide enough actionable advice for users to take concrete steps to protect their online security. While it provided general information about data breaches and exposure attacks, users felt that it did not offer sufficient guidance on how to prevent or mitigate these threats.
"We're making this change to instead focus on tools that give you more clear, actionable steps to protect your information online," a Google spokesperson said in a statement. "We encourage you to use Results about you, which flags occurrences of a person's name and other personal information in Google Search results." However, users are required to submit a significant amount of personal information to sign up for this tool.
Google will stop scanning the dark web for new data breaches on January 15, and will cease reporting findings on February 16. Users looking for an alternative can turn to companies like Experian, Equifax, Illion, and TransUnion.
**French Cops Crack Email Intrusion Case**
In a swift response, French law enforcement has arrested a 22-year-old suspected of breaking into the Interior Ministry's email server. The individual, whose identity has not been released, is accused of attacking a state-owned automated personal data processing system, which could carry a penalty of up to ten years in prison.
The attack compromised files, including criminal records, which may have motivated the intrusion. Notably, the suspect was already known to law enforcement, having been convicted of "similar offenses" earlier this year.
**The Cloud is Full of Holes**
Cloud security firm Wiz recently hosted a competition in London that exposed critical Remote Code Execution (RCE) vulnerabilities across foundational cloud infrastructure layers. The event, which attracted $320,000 in rewards and an 85% success rate among participants, highlighted the fragility of cloud security.
The researchers found vulnerabilities in Redis, PostgreSQL, MariaDB, and Linux, with one exploit involving a container escape vulnerability that could allow attackers to break out of compromised accounts and access underlying infrastructure managing all user accounts. The competition was sponsored by AWS, Microsoft, and Google, which will likely expedite the implementation of fixes.
**Hospital Leaks Its Own Data**
UK hospital Royal Cornwall Hospitals Trust recently breached its own data protection policies when it inadvertently exposed thousands of current and former staff members' personal information tied to a sickness absence data list. The breach occurred during a Freedom of Information Act (FOI) response, where "hidden data" was sent with electronic records.
The hospital acknowledged the incident and expressed commitment to learning from it and improving its processes for maintaining high standards of data protection.
**Texas Sues Smart TV Makers**
Attorney General Ken Paxton has launched a lawsuit against Sony, Samsung, LG, Hisense, and TCL for allegedly spying on their customers using automated content recognition (ACR) technology in smart televisions. The suit claims that the companies collect users' data without informed consent and use it to serve targeted ads.
The AG's office described ACR as an "uninvited, invisible digital invader", stating that TV owners have no knowledge of its presence on their devices. The lawsuit seeks monetary damages of $10,000 per violation of the Texas Deceptive Trade Practices Act, plus an end to use of ACR technology in the companies' TVs.