Tech News: Dude, Where's My Data?

reports that the company had been hacked. The site Motherboard reported that hackers were offering up for sale private data of T mobile customers, including social security numbers and driver's license numbers, which prompted the company to conduct an internal investigation.

While T Mobile did say that the investigation showed someone had gained unauthorized access to T Mobile's system, the company has not yet determined that any personal data was compromised, and that the company quote cannot confirm the reported number of records affected or the validity of statements made by others end quote. According to Motherboard, the person who tipped them off to the fact that this breach happened. A seller of this data, said that their group compromised information

relating to one hundred million people. Motherboard confirmed that the samples of data that they saw did in fact reflect accurate information about T Mobile customers, and the sellers are peddling the info on the dark web, asking for bitcoin and exchange from millions of records of personal data. Motherboard also reported that the sellers had lost access to the back door entry to T Mobile servers, but they had already downloaded all the data, so you know, that's not great.

The damage was already done. This is why businesses that monitor stuff like the dark web and your information that may or may not beyond it are getting more popular because it's a way for you to find out if you have had your private data compromised. I may need to do a full episode about that kind of stuff to talk about. You know, what tools are out there,

how useful are they? What you should do if you find out that your information has been included in one of those breaches, because it certainly can be really overwhelming when it happens. Alright, so hackers stole data from T Mobile. But our next story is about how the Dallas, Texas Police Department lost an enormous amount of data all by themselves. And by enormous, I'm talking about twenty two terra bytes

of information. And this relates to a data migration, which is a process where I mean it's what sounds like, you're moving information from you know, one storage receptacle to another, and it's always a huge pain in the protocus to do this kind of thing, particularly as amount of information gets larger. Just think of every time that you've bought a new phone and just the process of setting everything up on there and transferring all your information from your

old phone to your new phone. Now that has slowly become easier to do, but still kind of a hassle. You know, it's time consuming and you just want to be able to use your new thing. Well, multiply that times I don't know, a bajillion, and you get the idea of what it's like to move the data of an entire organization from one resource to another, like if you're going from one cloud based service to a different

one or something like that. And in this case, during that process, the Dallas Police Department managed to delete that mountain of information. And of course we're talking about the police, so this can, and in this case did include some incredibly important, crucial and private information, including case files related

to a murder trial. So obviously that's beyond disastrous. And the actual data deletion happened way back in April of twenty one, but the police Department did not report on it until this month, and I suppose part of that reason was that the department was going into emergency data recovery mode, and to their credit, they were able to restore around fourteen terabytes of data, but that still leaves eight terabytes of information that have been lost forever, and

that includes some criminal case files that were created before July, though the police department says they don't actually know the precise number of case files that have been lost. And honestly, I am shocked that there wasn't a more comprehensive data backup strategy in place for this, because redundancy is a key feature in data management and it's absolutely critical when stuff like this happens. That's why you have backup systems.

It's why you should have a backup system just in case something goes wrong with your data, so that you still have access to it if the worst should happen, whether that's a service now goes offline because it goes out of business, or you have a hard drive that fails. Moving on, a security researcher named Vola Demir Bob Diachinko, and I'm certain I've butchered the pronunciation of his name, and I apologize anyway. He uncovered an online list that

most certainly should not have been uncoverable. It should have been hidden, and it was a terrorist watch list. Apparently the Terrorists Screening Center created the files and stored them online without turning off the index feature. So search engines have these things called spiders, and these are little bits of code just crawl the web and return results back to search engines so that the search engines can continuously

update their indices. That way, when you search for a particular topic, you have a chance of getting really recent results if those happen to be the best match to whatever your query is. But you might not want your website to enter a search engines index. Let's say that you've got a website and you just want a certain number of people to have access to it. You don't need it to be accessible to the world at large.

So you can actually go into HTML and create a little tag so that web spiders just pass over your your website, they don't index it, so it won't show up in search that You can do other things too, like obviously, you could password protect the site as well. But that's one thing you can do is just not

have it show up in search. Well, apparently someone neglected to take that step while uploading these files to a server, and search engines thus indexed these files, and Diachinko was able to read the information in the files through the search engines like it wasn't hidden or password protected, and it included tons of personal information, you know, all the stuff you would expect, like the name of the person,

their date of birth, their citizenship status. But it also included some other stuff that you don't typically see on these kinds of lists, like whether or not that person is also on a no fly list. And Diachinko said, to make matters worse, the files had no password protection, so anyone could access them, and Diachinko reported his findings

to the Department of Homeland Security. Now, according to the Verge, the files were first indexed on July nine of this year, and they were still up and available for search three weeks later before the DHS finally removed them. So here we have another example of human error leading to a mass of security breach and privacy breach with two million records affected. Pretty awful stuff. And when I say pretty awful stuff. I mean, these are people who are on

a terrorist watch list. Some of those people are innocent, like not all of those people are guilty of being associated with or being involved in terrorist activities, And so you realize that this creates are a true devastating breach of their privacy. Although I guess it could also alert them that they were, you know, on a watch list. But yeah, terrible stuff. Moving on, Here's something I'm sure a lot of you already knew, but because I have

very old, only learned about it today. There is an online vigilante group that tends to focus on TikTok accounts that's been pretty busy lately. The group is called the Great Londini l in D I and I, and in many ways it reminds me of the anarchic activist group Anonymous. Just like that famous collective, the Great Landini relies on a masked visage to serve as its symbol and spokesperson,

so Anonymous. The symbol of choice is a guy Fox mask, which is referencing one of the conspirators who plotted to ignite barrels of gunpowder hidden underneath Parliament hundreds of years ago. That plan did not go well. Remember remember the Great Landini's mask of choice has a joker like smile and creepy hollow eyes, though the profile on YouTube for the Great Landini includes other people who are actually wearing guy Fox masks as well, so they also appropriate that imagery. Well.

They claim they are dedicated to quote exposing racist bullies, scammers and trolls end quote h the racist singular is in there, so I'm sure they meant racists. So the group targets people that they identify as being bullies and racists, etcetera, and then they publish those people's identities online, kind of like dock sing. This includes informing people like the parents of kids who are being trolls and displaying these kinds of behaviors online, or employers in the case of you

know adults. They claim to consist of a collective of people with cybersecurity and military experience, which I suspect is at best and exaggeration. The website insider dot com reported that the group says they can get to the real identity of someone posting you know online on like TikTok in eight or nine clicks, and it implies that they're using some clever ways to figure out who is behind any given account, and you know, digging down and finding

that information out. I suspect that there are some much more simple methods that are being employed in many of these cases. For example, the targets, the bullies or whatever, they could be posting stuff that just contains identifiable information in it. So they could be posting TikTok videos where you're like, oh, I can totally tell who this person is, or they might include links to their other social profiles

and that makes it really easy. You just cross reference and you get all the information you need about who that person is, Like if it's a Facebook account, it might include their location and everything, and their employer and you know, spouse, all that kind of stuff. So, in other words, I'm not entirely convinced that this is a case where people are using any sort of sophisticated approach

to get the information. And I'd frankly be surprised if they really did have extensive cybersecurity or military experience, because they don't need it to do what they're doing. TikTok has banned accounts that are associated with this group multiple times, and the group consistently keeps making new accounts. As for what I think about all this, well, I think vigilante justice is not great, but I also acknowledge that there's not really a good system in place to hold trolls

accountable for their actions. I mean, typically it comes down to the individual platforms, and as a rule, platforms are not super responsive to this kind of stuff, usually because it's just operating on such a scale that it becomes impractical to react to these things, which just allows the problems to fester. And that's really an issue because the actions these bullies make, like the things they do, the way they can harass people, those can sometimes lead to tragedy.

I mean there are cases where bullied people have gone down a very self destructive pathway. So I understand the motivation of the group to see justice done and to convince bullies to stop being bullies, but I would rather much see a much more concerted effort to create a system of justice, like an an official approach, as opposed to a self appointed vigilante group. But I also realized that a lot of people have serious doubts that you could ever really make a just system and have it work.

We have a couple more news stories But before we get to that, let's take a quick break. We're back. Only Fans, the website best known for hosting content creators who specialize in not safe for work types of content, is trying to get some broader acceptance in the app store world. See, because Only Fans is mostly associated with nudity and sexual content, the company has not been able to secure permission from Apple and Google's respective app stores

to launch an app for users. So now Only Fans is promoting a new ish app called o f TV, which will allow Only Fans creators to make content specifically for this app, as long as that content is in the safe for work category. So there's a strict policy against stuff like nudity and sexual content, So if creators want to make stuff for o f TV, they have to follow those rules that allows Only Fans to have an app in the app stores without violating those app

stores policies. Now, I did say it's a new ish app because it's actually been available since January of this year, but Only Fans is only just recently started to, you know, tell people that this app even exists. Now, maybe that was an effort to allow interested content creators to make stuff that could live on this app, so that the app would have some content available as soon as folks downloaded it, rather than having a content app with no

content on it, which isn't very interesting. I'm sure the Only Fans reached out to some of their top creators and invited them to participate in this. Not Only Fans is really trying to branch out of the adult content niche and become more of a broad content creator platform that allows people to monetize their work, similar to platforms like Patreon. That being said, the app seems more like an outreach effort, like a marketing effort, rather than a

money maker. Tim Stokely, the CEO of Only Fans, told Bloomberg that the content on O f TV is quote not being monetized and there's no direct impact on creators

earnings end quote. Which if that's the case, then I question why content creators already on Only Fans, those who are you know, firmly established as creating adult content, in particular, why they would ever bother to make stuff for O f TV if they aren't allowed to create the kind of content that actually brings them revenue, and if there's no revenue to be made by creating content for o

f TV, at least not directly. Then that seems like a pretty big investment of time and effort for little to no payoff, unless your goal is to lure people to go to the Only Fans dot com site and then become a supporter there. So, in other words, to hint at the sort of content you would be able to get on the Only Fans site, but you couldn't

actually show it on o F TV. And it's possible also the Only Fans commissioned content from creators, and like, yeah, there's no monetization directly through the app, but only Fans may have paid creators to create stuff to live on o f t V. I wouldn't be surprised to learn that. I do not know for the record whether that happened or not, but it wouldn't shock me to learn that

that's what was going on. Now. Some people might just want to make fun stuff for free, and there's nothing wrong with that, you know, if you want to do that, you should totally do that. But as a content creator myself, no, certainly, not only fans creator, no one, No one wants that. But I have to really be into something in order to do it for free because my job has me creating content every ding dang day, and if there's no return on that, it feels like I might be taking

away time that I could use to do other stuff. Anyway, it will be interesting to see how o f TV plays into the overall strategy, both for only fans the company and for the content creators making content for that site. Next. Tesla is once again under the microscope for its autopilot feature. This time, the National Highway Traffic and Safety Administration or in ht s A, is looking into the company due to a series of accidents in which Tesla vehicles that

were in autopilot mode collided with parked emergency vehicles. According to the nht s A, since two thousand eighteen, there have been eleven incidents in which Tesla vehicles in the driver assist mode, whether that was autopilot or the other style of driver as system modes, collided with vehicles at a first responder emergency scene, and those crashes resulted in seventeen people being injured and in one case, one person died. And we're starting to see an increasing amount of pressure

on companies that are creating autonomous vehicle systems like government pressure. Now, in an ideal implementation, autonomous vehicles would drastically reduce the number of accidents and thus injuries and deaths on the road. The vast majority of accidents on the road are due to human error. So you take human error out and you will eliminate a ton of accidents, assuming you have

an idea real implementation of autonomous driving technology. But we are a far way away from having that ideal implementation. No one has created a system that we could call truly autonomous. Tesla maintains that autopilot is a driver assist feature. It is not a true autonomous mode, but it also promotes its vehicles as having quote all the hardware needed in the future for full self driving in almost all

circumstances end quote. So essentially it's saying, yeah, this isn't an autonomous vehicle, but it's got everything that can make it an autonomous vehicle. So it's really just you know, when we throw the switch is that's kind of the messaging. That's what sounds like. I'm not saying that's specifically what

they're saying. That's how a lot of people interpret it, which kind of comes across as a bit of a mixed message, and I think ultimately we have to hold Tesla owners accountable for their choices, such as using a feature like autopilot beyond its intended function, but still a good deal of responsibility also has to fall on the

company itself. The US investigation into Tesla covers all models from two thousand and fourteen to present day and could potentially lead to new rules about when features like autopilot are allowed to be used and when they are not.

Back in March, a Chinese military satellite called Yunhai one Dash zero two broke apart in orbit, and at the time no one was really sure what caused it to happen, so there was one hypothesis that perhaps the satellite's propulsion system had a critical failure that led to an explosion, something that the Chinese company behind Yunhai said was not likely. An astrophysicist named Jonathan McDowell has now determined that the true cause of yun Hi's demise was a high speed

space collision. He determined that a piece of debris measuring between four and twenty inches wide collided with un high and on further analysis, determined that this debris came from a Senate to rocket that was used by Russia to launch a spy satellite in orbit all the way back in. This piece that was flying around in orbit is one of eight known pieces from that rocket that satellite trackers have kept tabs on over the years, saying here's some more space debris that we have to be on the

lookout for. The collision with un High generated even more space debris, which of course means now there's even more stuff whizzing around in orbit that could potentially create hazards for various types of spacecraft, whether that has people aborted or not. Now, I will remind you space is big, or as Douglas Adams put it, space is big, really big.

But the orbits where we tend to put stuff are starting to get a little crowded, and that means that with each passing year there are more opportunities for collisions to happen, and depending upon what collides with what we could see consequences here on Earth as various services get disrupted. Now, granted,

not every satellite is inhabiting the same morbid. We have some satellites that are in really far out orbits around Earth, so it's not like everything is crowded into the same space, but it is getting a little more you know, rough out there. Also, the increase in space junk means it's harder for astronomers to see celestial bodies here on Earth's surface, Like there are more things blocking our view beyond our

own orbit. And that's not great either. Not that I think that this is necessarily going to get better anytime soon, but the problem is becoming increasingly evident. I have a couple more stories to get to. But before we jump on that, let's take another quick break. Yak and e yak. We're back, as is yik yak. I'm on track. Okay, So, for those of you who have never heard of yik yak, back in two thousand and fourteen, you could download this app called yik yak and you could use it as

a kind of hyper local social networking platform. So the idea was, at least in the original incarnation of yek yak, that you could see what people were posting in your immediate area. You could also post, and people in your area could read what you wrote wrote, but you would only see things that have been posted within a five mile radius of your current location. And on top of that, the whole thing was anonymous, so people would anonymously post

these things. The idea was for people to share fun and from aation that was relevant to the specific location. But if you're thinking hum an app that lets you post anonymously about, you know, anything within your hyper local region, I bet people could use something like that to really troll the heck out of other folks, Well, you would be right. Bullying, doxing, harassment, and more were rampant on

yik yak, which got particularly popular around college campuses. It got to the point where the company had to geo fence the app and cut it off for certain regions, like around high schools and stuff, because people were using it to do all sorts of things like spread rumors about others, and because it's anonymous, you never really knew

who it was that was saying these things. And it got bad enough, and the heat got intense enough that ultimately yik yak changed up its policy and it required users to establish a hand doll So it kind of removed that anonymous feature because now there was a handle associated with a message, it wasn't just anonymous yik yak user.

The company was already kind of spiraling at that point, and ultimately it went out of business and now it is under new management as a new group came in and purchased the intellectual property to yik yak earlier this year, and they are launching a new version of the app, and anonymity is back. That is a feature that has returned, as is the hyper local focus of the app itself. However, the new company says it has a zero tolerance policy

for harassment and bullying. It's got a list of rules that users are supposed to follow or else they face getting banned from the service. Because while they might be anonymous to all the other users, yik yak on the server side can see which account posts what. There's also a way apparently to up thee or down vote posts on yr kik. I say, apparently, because I have not

downloaded it myself. Uh, And the company says that posts that receive a minus five on that scoring system of people down vote it, those kinds of messages won't show up anymore for other users. So if someone's been talking trash and enough people in your area have voted it down and you log into yer kik, you won't even see it because it will be below that threshold. Now, whether all this is going to prevent abuse of the

platform remains to be seen. I'm somewhat weary of the whole thing because I saw how ugly things got the first time around when yek yak was a thing. And if you ever want to hear about the most uncomfortable I've ever been in my job, asked me about the time I was told to moderate a south By Southwest panel about yik yak, because I still have stressed dreams

about that day. Finally, sometimes hackers find an exploit in a system and then you know, they exploit it, or they might sell that knowledge to someone else so that that someone else can go and exploit the vulnerability, potentially getting caught in the process, while the hacker just pockets whatever money was spent in order to get that information.

But sometimes, and actually this happens more frequently than it tends to be reported, hackers will actually reach out to a company and alert them of an exploit that they found, and then they might get a reward for their good deed because the company will say, oh my gosh, thank you for telling us about this. They patch up the vulnerability, and they reward the hacker That's what happened recently with a hacker who reported an issue with valves payment process

on Steam. Now, in case you're not familiar, Steam is an online storefront for computer games, and it also has some social networking features. But I think most people just view it as a way to purchase and organize a computer game library. Maybe that's just my own experience, because that's all I use it for. Anyway. This is all digital download stuff, right You go on the online store, you buy a game, you download it to your computer. It's just the online version of what we used to

do by going into old brick and mortar stores. And Steam's success has been the Valve really hasn't need needed to spend, you know, nearly as much time doing what it used to do, which was that it used to make a lot of computer games, and now it doesn't. Anyway, this hacker found out that if he created an email address with the term amount five thousand in the email address and then registered that email with Steam, and then went through the process of allowing Steam to put a

one dollar charge to their payment system. This is a way for Steam to verify that whatever payment process you put in is legit. Then he would receive five thousand dollars in his Steam wallet just by going through this approach. So the email just had to have that term in it and Steam would award that amount of money to his wallet. So he could have just kept on making accounts like that and using these fake Steam dollars to

buy tons of games. But instead the hacker let Valve know about the exploit, and the company patched the problem and then rewarded the hacker with a bug bounty of seven thousand, five hundred dollars. And I think that's just a nice story all around the idea of someone saying, hey, you should know about this, because people, if they found out about it, would totally exploit it, and you would be out a huge amount of money because you'd have

all this money you would owe developers. It would be just manufactured cash, to be nothing flowing into Valve and everything flowing out. So it was a good thing to report. Um, Yeah, I like stories like this. Hackers do this. I should also add that there are cases, plenty of cases where you will learn about hackers who find it a vulnerability. They'll report it to whichever entity you know is responsible for that software and nothing gets done. That is incredibly

irresponsible and something that I hate to see. And there's so many stories about it where you're like, hacker X finds out that company Y has some major vulnerability and its software reports it to the company. The company doesn't respond, the company doesn't change anything or patch the vulnerability. Then the hacker then goes forward with the information going public, saying hey, there's this massive vulnerability in the software package, and then the company is saying, why are you telling

everybody this? Well, if the hacker has gone through the process of alerting the company, then it's the company's responsibility to respond and get that problem fixed. And if that doesn't work, you know someone else is going to find that exploit and take advantage of it. So I think it's the only reasonable thing for a hacker to do is to come forward and say, hey, I gave them every opportunity to fix this, they didn't do it, so maybe now they'll do it now that the whole world

knows about it. Um kind of brutal approach. But the flip side of that is if a company doesn't fix that problem, someone else will find it and they might not have the moral compass to reach out to the company and instead might exploit it and harm either the company or the company's customers, or both in the process. Okay, that's it for this episode and the news for Tuesday, August one. If you have suggestions for topics I should cover in future episodes of tech Stuff, reach out to me.

The best way to do that is over on Twitter. The handle we use for the show is text stuff HSW and I'll talk to you again really see. Text Stuff is an I Heart Radio production. For more podcasts from I Heart Radio, visit the i Heart Radio app, Apple Podcasts, or wherever you listen to your favorite shows.