Stay one step ahead of cyber criminals with our regular news and tips
“Data is the DNA of modern life…” said Technology Secretary Peter Kyle recently. And it’s fast becoming a digital battleground as companies, governments and hackers all vie for our personal information. It’s a theme we addressed recently to mark World Data Protection Day, when Intersys’ Head of Security Jake Ives shared advice on how individuals can better protect their privacy online. It’s definitely worth a read. Personal data is at the heart of our first big story of 2025, in which a hack exposed the privacy of millions of people worldwide. Please read it: it’s truly shocking stuff and we all should be aware. There are also alerts about the latest PayPal phishing scam, new North Korean malware and a security blunder from an AI chatbot. As always, you’ll find practical steps to improve your cyber hygiene and stay vigilant.
The Russians are coming. And they know where you are…
What happened?
The hacking of American data broker Gravy Analytics has revealed the precise location data of people using apps such as Tindr, Mumsnet, Flightradar and Spotify. Russian hackers have posted a sample of several terabytes of data online. It includes people’s precise device locations from places such as The White House in Washington DC to the Kremlin in Moscow, as well as military bases around the world and the location data of Tindr users in the UK. The UK Information Commissioner’s Office has confirmed it is aware of the breach.
The hacking of American data broker Gravy Analytics has revealed the precise location data of people using apps such as Tindr, Mumsnet, Flightradar and Spotify.
Russian hackers have posted a sample of several terabytes of data online. It includes people’s precise device locations from places such as The White House in Washington DC to the Kremlin in Moscow, as well as military bases around the world and the location data of Tindr users in the UK.
The UK Information Commissioner’s Office has confirmed it is aware of the breach.
Why you should care:
Data brokers such as Gravy Analytics profit from gathering people’s personal data and selling it to marketers, organisations and governments. The data collected could be anything from your date of birth and home address to your hobbies and whereabouts.
Gravy Analytics collected this data through personalised online ads on smartphones. It’s believed that thousands of advertisers may have unwittingly shared device information this way – even though big names such as Flightradar, Grindr and Tindr have denied any direct links with Gravy Analytics but do admit showing ads.
Gravy Analytics was already ordered by The Federal Trade Commission to stop unlawfully tracking and selling users’ sensitive location data before the breach happened. Now it seems a Class Action Lawsuit could also be on the way for failing to secure sensitive location data.
Data privacy advocates and security specialists are concerned about the wider impact this exposed data could have if it falls into the wrong hands. Forbes magazine has warned of the threat to LGBTQ+ people who live in countries where same-gender relationships are banned. Security researcher Baptiste Robert from Predicta Lab has flagged how easy it will be for hostile state actors to identify individuals around military bases and government offices.
Tips to protect yourself:
Jake Ives’ Intersys Head of Security says, “There are lots of things that we as individuals can do to protect our privacy. As far as ad tracking goes, a good first step is to regularly delete your advertising IDs in your smartphone settings. It may mean that you might see fewer personalised ads. But it also makes it harder for your data to fall into the wrong hands.”
On Android: Settings > Privacy > Ads > Delete Advertising ID
On iOS: Settings > Privacy & Security > Tracking > Allow Apps to Request to Track (SELECT OFF)
PayPal phishing scam: so good it could fool savvy users
What happened?
Security experts at Fortinet are warning of a new hard-to-spot PayPal phishing scam. Fortinet CISO Carl Windsor recently blogged about a type of social engineering scam that looks so legit that it could easily fool most people.
The new scam doesn’t have the usual hallmarks of a phishing email – think typo-filled domains, a URL that doesn’t correspond to the text displayed, etc. It uses the ‘send and request money’ feature on PayPal to send emails to victims’ inboxes from a legitimate PayPal email address and URL. On opening the email, users are redirected to a PayPal login page showing a payment request. As soon as they log in, their account automatically gets linked to the hacker’s infrastructure and the bad guys can then take over and clean it out.
Why you should care:
This scam is nefarious because it uses legitimate PayPal email addresses and URLs to bypass email protection protocols such as SPF/DKIM/DMARC. So even with traditional phishing awareness training, you might struggle to pick it up.
Tips to protect yourself:
Make sure that your organisation’s user awareness training includes advice on spotting unsolicited emails even if they look genuine. For further reading, check out our tips on how to spot phishing emails and examples of common phishing emails.
North Korea stages fake job interviews to spread malware
The North Koreans are at it again. Late last year, cyber security experts warned of consistent campaigns by the hostile state to spread malware into Western software developers’ systems via fake job interviews.
Palo Alto Networks called this state-sponsored campaign “Contagious Interview”. It’s believed that the North Koreans are posing as employers to trap job-seeking software programmers into downloading malware during the interview process. It’s suspected that the aim of the campaign is to steal cryptocurrency from victims’ computers and also to use compromised systems as a staging environment for future attacks.
Our Head of Security Jake Ives has shared his advice on how job seekers and businesses can stay protected from these attacks.
Sage Copilot leaks customer data
As the UK rushes to adopt AI into every aspect of work from government to business, news stories of teething troubles are starting to trickle in. This month, UK accounting software firm Sage temporarily suspended its AI assistant for accidentally leaking confidential customer information to other users.
The Register reported a source as saying: “A customer found when they asked [Sage Copilot] to show a list of recent invoices, the AI pulled data from other customer accounts including their own.”
Sage briefly pulled the chatbot offline to fix it.
Such incidents highlight the importance of guardrails for AI. Intersys’ Managing Director Matthew Geyman has said, “…using AI in business is like walking a tightrope between a colossal opportunity and an equally large information security risk.” It’s why roles such as Chief AI Officer (CAIO) may become as fundamental as HR or finance.
For a deeper dive into this subject, see how Intersys’ own leadership team uncovered some worrying anomalies when testing Copilot.