Thanks to existing EU rules this has been a standard part of the account takeover playbook for years, including by authoritarian governments who leverage physical control of one activist into rolling up their entire network. https://t.co/mitx5YzPwN— Alex Stamos (@alexstamos) September 12, 2018
Hat tip: The Torygraph.
The EU’s General Data Protection Regulation (GDPR) risks abuse by granting hackers a way to access more detailed information than ever before.
The rules allow consumers to download the information a company holds on them so they can move it to another service if they wish. Prof Yang said some of the largest organisations including Uber, Instagram, Snapchat, Facebook and Google have been forced to add in a “super-dangerous” data download feature to comply with GDPR, which came into effect in May.
She said: “There’s more at stake when hackers get into accounts because they can now request all of your data, or they can request to delete your data.”
A hacker gained access to Yang’s Spotify account and her birth date, gender, postcode, mobile number, redacted credit card number and credit card expiration dates. Such information enables “jigsaw identification”.