📰 Microsoft Disables Controversial Windows Recall | Tuesday Times | June 11, 2024

Joses · June 11

What is Tuesday Times?

Tuesday Times is a weekly Tuesday series where we highlight a handful of recent cybersecurity-related news stories. We'll provide brief summaries of these news stories and link the articles directly, should you want to read more!

Feel free to comment on any of the articles highlighted, or share your own in the comments below!

Microsoft Disables Controversial Windows Recall | Tuesday Times | June 11, 2024

Microsoft Bows to Public Pressure, Disables Controversial Windows Recall by Default

Earlier this month Microsoft announced a new AI feature named Windows Recall that sparked a lot of conversation and controversy regarding data security risks and intrusive AI usage. In the support article titled, "Retrace your steps with Recall", Microsoft describes this feature as a way to "Search across time to find the content you need."
The issue most critics brought up is the way in which this data would be collected. As stated in the support article, "As you use your PC, Recall takes snapshots of your screen. Snapshots are taken every five seconds while content on the screen is different from the previous snapshot. Your snapshots are then locally stored and locally analyzed on your PC."
The real kicker was that Microsoft was going to enable this feature by default on all new Copilot+ PC machines. Fortunately, after some heavy public criticism that mentioned the intrusive nature of the AI tool and potential security issues, Microsoft announced that the feature would no longer be enabled by default and that they've added some new security measures such as encrypting the search database.

23andMe data breach under investigation in UK and Canada

When there's a data breach, you might think that details stolen include basic information like names, addresses, and in worst-case scenarios social security numbers, but have you ever considered something as personal as genetic information?
Earlier this week, Canada's Privacy Commissioner of Canada (POC) and the United Kingdom's Information Commissioner's Office (ICO) joined forces to investigate a data breach that occurred in October of 2023. This investigation involves one of the largest DNA genetic testing companies, known as 23andMe, and focuses on whether there were adequate safeguards in place protecting this data and if any data protection laws were broken.
According to Bleeping Computer, "23andMe told BleepingComputer in December that the threat actors downloaded data for 6.9 million out of 14 million customers after breaching around 14,000 user accounts. Approximately 5.5 million individuals had their data scraped through the DNA Relatives feature and 1.4 million via the Family Tree feature."

Ticketmaster’s Snowflake data breach was just one of 165

Ticketmaster remains in the news spotlight after their recent data breach was linked to Snowflake's string of customer data breaches. Snowflake, a computing-based data cloud company, has notified 165 of its customers that their data was compromised.
Snowflake launched their own investigation alongside Mandiant, a cybersecurity firm, and concluded that they "have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform… or compromised credentials of current or former Snowflake personnel."
Since this is an ongoing investigation, there will be more details to come, however, it is unlikely that Snowflake will admit fault any time soon.