IPVM disputes this allegation and says it promptly contacted the FBI upon discovering the crimes.
A murdered Russian submarine captain may have been tracked by his killer through the Strava fitness app. According to the BBC, the commander, Stanislav Rzhitsky, kept a public Strava profile that detailed his jogging routes—including one that took him through the park where he was killed early this week.
Privacy experts have been concerned about the dangers posed by social fitness apps like Strava for years. In 2018, for example, researchers exposed several secret US military installations using public data from soldiers tracking their fitness with the app.
While the killer’s motivations are currently unclear, Russian investigators say they arrested a man named Serhiy Denysenko, born in Ukraine, in connection with the murder. According to several Russian Telegram channels, Denysenko was the former head of the Ukrainian Karate Federation.
Ukrainian media reported that Rzhitsky commanded a Russian Kilo-class submarine that may have carried out a deadly missile attack on the Ukrainian city of Vinnytsia last year. Rhitsky’s personal information had previously been uploaded to the Ukrainian website Myrotvorets (Peacemaker), an unofficial database of people considered to be enemies of Ukraine, according to CNN.
Ukraine’s Defense Intelligence did not take responsibility for the commander’s death. “Obviously, he was eliminated by his own men for refusing to continue to carry out combat orders from his command regarding missile attacks on peaceful Ukrainian cities,” the agency wrote in a statement.
A congressional investigation, led by US senator Elizabeth Warren, found that millions of Americans who file their taxes online with H&R Block, TaxSlayer, and TaxAct had financial information shared with Google and Facebook. The investigation was spurred by a 2022 report by The Markup that revealed how the three companies were transmitting sensitive data to Facebook through a tool called the Meta Pixel. The data was sent as taxpayers filed their taxes and contained personal information, including income and refund amounts.
Warren and six other lawmakers wrote to the US Justice Department this week, asking for criminal charges against the tax companies for breaking laws forbidding them from sharing their clients’ personal information. “The tax prep firms were shockingly careless with their treatment of taxpayer data,” the lawmakers wrote.
A third of the 80,000 most popular websites on the internet use the Meta Pixel, a 2020 investigation by The Markup found. Website operators include the pixel to measure clicks from their ads on Facebook’s platforms, but at the expense of their users’ privacy. Crisis Pregnancy Centers, Suicide Hotlines, and hospitals and have all been caught sending sensitive user data to Meta in the past few years.
The seven Democrats called on the US Internal Revenue Service to build its own free tax preparation software, though government services have also been caught using the Pixel to send data to Meta.
A Nebraska woman has pleaded guilty to criminal charges after helping her 17-year-old daughter with a medication abortion last year; key evidence against her included her Facebook messages. In mid-June of 2022, Nebraska police sent a warrant to Meta requesting private messages from the mother and daughter as part of an investigation into an illegal abortion, court documents show. The chats appear to show the mother instructing her daughter about how to take the pills. “Ya the 1 pill stops the hormones an rhen u gotta wait 24 HR 2 take the other,” reads one of her messages.
Since the US Supreme Court overturned Roe v. Wade in June 2022, experts have raised serious concerns about the variety of ways data will be weaponized by law enforcement who want to prosecute people seeking abortions. Because Facebook Messenger doesn’t default to end-to-end encryption (E2EE) the way messaging services like Signal, WhatsApp, and iMessage do, people are especially vulnerable to criminal investigations if they use the platform.
According to a recent report from Reuters, prosecutors told a London court that a teenager associated with the hacking group Lapsus$ was responsible for high-profile hacks of Uber and fintech company Revolut in September of last year. Arion Kurtaj, who is 18, faces 12 charges, including three counts of blackmail, two counts of fraud, and six charges under the UK’s Computer Misuse Act.
The Uber hack reportedly cost the company $3 million in damages. At the time, Uber said the hacker who took responsibility posted pornographic material to an internal information page alongside the message: “Fuck you wankers.”
Kurtaj, along with an unnamed 17-year-old, is also facing allegations of blackmailing BT Group, EE, and Nvidia. Prosecutors described the pair as “key players” in Lapsus$. Kurtaj has been deemed not fit to stand trial by medical professionals; the jury will decide whether he is responsible for the hacking incidents rather than guilty of them.
