The North American finals of the Apex Legends Global have been postponed after at least two hacking incidents.

The North American finals of online shooter game Apex Legends has been postponed after games were disrupted by hacking incidents.

Apex Legends, published by EA, is currently in an important stage of its Global Series, the regional finals mode. This is a big deal for the top players since there is a $5 million prize pool, with a few of the top teams in each region set to battle it out in the finals.

But on Monday, the Apex Legends official X account tweeted that it had postponed the contest after deciding the “competitive integrity” of the series had been compromised.

> Due to the competitive integrity of this series being compromised, we have made the decision to postpone the NA finals at this time.  
> We will share more information soon.
> 
> — Apex Legends Esports (@PlayApexEsports) March 18, 2024

According to PCGamer, there were at least two major incidents:

> “First, Noyan “Genburten” Ozkose of DarkZero suddenly found himself able to see other players through walls, then Phillip “ImperialHal” Dosen of TSM was given an aimbot.”

An aimbot is a program or patch that allows the player to cheat by having the character’s weapon aimed automatically. Using cheats like those would lead to immediate disqualification and total loss of respect if done on purpose.

The volunteers of the Anti-Cheat Police Department warned players against playing any games protected by Easy Anti-Cheat (EAC) or any EA titles for a while, because they suspected a Remote Code Execution (RCE) exploit was being used against the players.

> PSA: There is currently an RCE exploit being abused in @PlayApex. It is unsure whether it comes from the game or the actual anti-cheat (@TeddyEAC ). I would advise against playing any games protected by EAC or any EA titles once they have fixed this or can comment.
> 
> Currently,…
> 
> — Anti-Cheat Police Department 🕵️ (@AntiCheatPD) March 18, 2024

However, recent developments point less toward an RCE being the cause and more to an actual infection on the players’ computers…

**Malwarebytes to the rescue**

In a livestream, affected gamer ImperialHal spoke to cybersecurity expert “PirateSoftware,” who has been investigating the attacks.

ImperialHal uses Malwarebytes to scan his machine which flags an inbound connection from an IP address linked to a server known for malicious activities.

It appears that the attacker had direct access to ImperialHal’s computer, likely via a Trojan. PirateSoftware concluded:

> “I don’t see evidence of Apex having RCEs. It does not mean that it’s impossible but I still don’t see evidence, while I do see evidence of him having direct access to your machine.”

**Protect yourself**

We recommend that all gamers scan their computers with reliable security software. Malwarebytes Premium for Windows’ Brute Force Protection feature blocked the connection from being made to ImperialHal’s computer, so make sure you enable that feature.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Apex Legends Global Series plagued by hackers 

We found a tax scammer that set up a fake website where targets could apply for an Employer Identification Number.

While most tax payers don’t particularly look forward to tax season, for some scammers it’s like the opening of their hunting season. So it’s no surprise that our researchers have found yet another tax-related scam.

In this most recent scam, we’ve not seen the lure the scammer uses, but it is likely to be an email telling the target to quickly go to this site to apply for your IRS EIN/Federal tax ID number.

EIN is short for Employer Identification Number. The IRS uses this number to identify taxpayers who are required to file various business tax returns. EINs are used by employers, sole proprietors, corporations, partnerships, non-profit associations, trusts, estates of decendents, government agencies, certain individuals, and other business entities.

Given the flow of the scam it’s very likely that the targets are self-employed and/or small business (SMB) owners. It’s possible that the phisher has obtained or bought a collection of email addresses from a data broker that fit a certain profile (for example, self-employed US residents).

To start this operation, the scammer doesn’t need a lot of information about their targets. A valid email address for a self-employed US resident could cost just a few cents on an underground forum on the dark web. However, the scammer might not even need to venture that far, as Senior Director of Technology and Engineering and Consumer Privacy at Malwarebytes, Shahak Shalev told us:

> “I don’t think one would have to go to the dark web to get information like this as there are regular companies selling this information. They would probably qualify it as “lead generation”. According to our sources, pricing for one million self-employed US citizens usually goes for $1USD per contact, but for such a large amount it would probably be $0.1 per contact.”

The information the phishers are after is quite extensive and includes a person’s social security number (SSN).

A compromised social security number poses a major problem. A SSN stays with you for a lifetime, and is closely tied to your banking and credit history. Adding a person’s SSN to the scammers’ data could create far more opportunities for identity theft and fraud.

And if that wasn’t serious enough, the scammers here have the audacity to charge you for the tax ID number, even though applying for an Employer Identification Number (EIN) is a free service offered by the Internal Revenue Service (IRS).

We also found the scammer made a mistake when setting up their fake website. By looking at the privacy policy of the scammer’s site it became apparent that they forgot a small edit when they copied the privacy policy from someone else, but neglected to edit the original domain in one place.

If you’ve received a mail or other invitation including a link to the domain irs-ein-gov.us, please let us know in the comments. We would love to have a copy so we can complete this attack profile.

**How to avoid falling for a tax scam**

Before acting on an email’s request, stop and think about the following:

*   Remember: The IRS doesn’t ask taxpayers for personal or financial information over email, text messages, or social media channels. This includes requests for PINs, passwords or similar access information for credit cards, banks, or other financial accounts.
*   Do **not** interact with the sender, click any links, or open any attachments.
*   Send the full email headers or forward the email as-is to phishing@irs.gov. Do not forward screenshots or scanned images of emails because this removes valuable information.
*   Delete the email.

If you are unsure if a certain communication is from the IRS, you can go to IRS.gov and search for the letter, notice, or form number. If it is legitimate, you’ll find instructions on how to respond. If there’s a form to fill in the verify that it is identical to the same form on IRS.gov by searching forms and instructions.

Malwarebytes Premium customers are protected against this particular scam if they have Web Protection enabled.

**IOCs**

**Domains**

ustaxnumber\[.\]org

ustaxnumber\[.\]com

irs-ein-gov\[.\]us

**Check your digital footprint**

If you want to find out how much of your data has been exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Tax scammer goes after small business owners and self-employed people 

Data on over 70 million people that came from an alleged breach at AT&T has been posted online. Here's what you need to know.

Earlier this week, the data of over 70 million people was posted for sale on an online cybercrime forum. The person selling the data claims it stems from a 2021 breach at AT&T.

Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T and put the alleged stolen data up for sale for $1 million for a direct sell. Fast forward three years and another threat actor calling themselves MajorNelson has leaked what they say is the same data.

However, AT&T denies (both in 2021 and, now, in 2024) that the data came from its systems, telling BleepingComputer that it’s seen no evidence of a breach. No response was received to a follow-up question on whether the data could come from a third-party provider.

The data posted online includes names, addresses, mobile phone numbers, dates of birth, social security numbers, and other internal information. Almost the same set was offered for sale in 2021, but the encrypted date of birth and social security numbers have since been decrypted and added to the set as supplemental files for most records.

Several sources have verified the dataset (or parts thereof) contains valid data.

AT&T still hasn’t confirmed that the data came from its systems, nor from a third party. However, there are some general actions you can take if you are an AT&T customer:

*   **Watch out for people posing as AT&T.** Data breaches are great for scammers because they can contact you pretending to be from the (in this case alleged) breached company. If you receive an email, phone call or something similar from someone claiming to be from AT&T be cautious and contact AT&T directly to check it’s real.
*   **Take your time.** Scammers often use themes that require urgent attention to hurry you into making a decision, filling in a form or giving away personal data. Take a step back and don’t give away any personal or financial information.
*   **Set up identity monitoring.** Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

**Check if your data has been breached**

Our Digital Footprint records now include the AT&T data so you can check if your information has been exposed online. Submit your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan and we’ll send you a report.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 The &#8216;AT&amp;T breach&#8217;—what you need to know 

Learn how top-tier cybersecurity tactics are applied in real-world scenarios.

How does a company navigate over 80 years of technical debt? Which tools do a security team of 5 rely on everyday? What threats are considered most dangerous?

On March 28, 2024, Malwarebytes CEO, Marcin Kleczynski, and Payette Associates Director of Information Technology, Dan Gallivan, will answer these questions and more in our live Byte into Security webinar.

****Event details****

Date: **March 28, 2024**  
Time: **10 AM PST / 1 PM EST**  
Registration: **Open Now**

****In this webinar, you’ll discover**…**

*   How Payette Industries ensures the security of remote teams while handling **extensive data repositories**.
*   The impact of **moving workloads to the cloud** and simplifying systems on enhancing security measures.
*   Why adopting Managed Detection and Response (MDR) services is **crucial for providing round-the-clock** monitoring and augmenting the capabilities of internal teams.

****Why attend?****

This Byte into Security webinar is a must for anyone eager to see how top-tier cybersecurity tactics are applied in real-world scenarios. Whether you’re involved in IT or simply keen on learning about state-of-the-art security practices, Marcin and Dan’s discussion will equip you with valuable insights.

Register now to secure your spot!

 Upcoming webinar: How a leading architecture firm approaches cybersecurity 

Social media influencers are attractive targets for identity thefs. Not just for their bank accounts but also to influence their followers

Social media influencers are attractive targets for identity thieves. With large followings and a literal influence on their followers, it’s no wonder they are targeted by scammers and spreaders of fake news.

A subset of influencers are the so-called “finfluencers”: influencers that provide their followers with financial advice. Such a person influences the financial investment decisions of their followers by doling out advice or recommendations. This comes in the form of get-rich-quick schemes, cryptocurrency related advice, stock investment, financial planning, or just about anything people can do to make money.

On the platforms that matter these days, like YouTube, TikTok and Instagram, the number of followers of some of the well-known finfluencers far exceeds the numbers of followers of some of the biggest broking houses. In May of 2023, India banned a YouTube finfluencer with over a million followers from the securities markets for a year for allegedly providing advisory services—daily stock investment/trading calls—without registering with the regulator.

With enough followers that heed their advice, these finfluencers also can have an effect on the financial markets. With enough demand, prices go up and if you know that’s going to happen, making money is indeed easy.

And as an exit scam in which you make one big whopper and then disappear, that’s a very profitable strategy. But most influencers are in it for the long run and don’t want to ruin the reputation they built. Unless their account falls into the wrong hands.

In October of 2023, the Federal Trade Commission warned people with a lot of social media followers they might be the target of scammers. These scammers would come up with fake job offers of offering to pay them for product promotion as “brand ambassadors.” But in reality the scammers are after personal and financial information.

Typically, the scammers say they’ll send you free products and pay you large amounts of money to promote those products in your social media posts. All you have to do is to accept the offer and give them your personal and banking information so they can pay you.

What the scammers are really after can vary from cleaning out the influencers’ bank accounts to taking over their social media accounts. “If you provide us with your login credentials, you don’t have to do the work, we’ll post the promotional content ourselves.”

The scammers will then leave the influencer behind with an account that has a bad reputation and lost a good part of its followers.

Some good news might come from the regulation side. The governments of ten nations have called on social media operators to improve their ability to detect and prevent fraud on their platforms. Australia, Canada, France, Germany, Italy, Japan, New Zealand, the Republic of Korea, Singapore, the United Kingdom, and the United States did this because:

> “Fraudsters operate at scale, exploiting telecommunications networks, cyberspace and a population that spends an increasing amount of time online.”

In a communiqué issued as a result of the Global Fraud Summit, which also included representatives from INTERPOL, the Financial Action Task Force, the UN Office on Drugs and Crime, and the European Union, the partakers listed 29 action points that should help reduce online fraud.

It will be hard to accomplish this goal but as we have seen, similar actions led to a promising decline in robocalls. Australia also reported progress towards their vision of making Australia the world’s hardest target for scammers with, for example, a 38% decrease in losses due to investment scams.

**What can influencers do to protect themselves**

*   Always assume that if it’s too good to be true, then it’s probably not true.
*   Never give out your personal or financial information without doing proper research first.
*   Contact the company directly to confirm the offer. Use a phone number or contact method you know to be legitimate.
*   Check if the person contacting you is using an email address that’s affiliated with the company they claim to represent.
*   Don’t let any person or app create posts on social media on your behalf.
*   Don’t let scammers rush you into decisions. They will always claim it’s urgent or you need to act fast.

**Check your digital footprint**

If you want to find out how much of your data has been exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

**We don’t just report on threats – we help protect your social media**

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Cyrus, powered by Malwarebytes.

 Social media influencers targeted by identity thieves 

A manager at an unnamed telecommunications company has admitted to SIM swapping his customers.

A 42-year-old manager at an unnamed telecommunications company has admitted SIM swapping customers at his store.

SIM swapping, also known as SIM jacking, is the act of illegally taking over a target’s cell phone number and re-routing it to a phone under the attacker’s control.

Once an attacker has successfully hijacked their victim’s mobile number, they can use it to send and receive calls and messages (and the victim can’t). For that reason, SIM swapping can be used to get around two-factor authentication (2FA) codes sent by SMS message. Armed with an email and password—which are easily bought online— and the 2FA code, an attacker could take over the victim’s online accounts.

SIM swapping can be done in a number of ways, but perhaps the most common involves a social engineering attack on the victim’s carrier. However, if you have a telecoms manager on your payroll then there’s no need for social engineering—they can just do the SIM swap for you.

In May 2021, Jonathan Katz, aka “Luna” was employed as a manager at a telecoms store. Using managerial credentials, he swapped the SIM numbers associated with customers’ phone numbers into mobile devices controlled by another individual, enabling this person to control the customers’ phones and access the customers’ electronic accounts – including email, social media, and cryptocurrency accounts.

In exchange, Katz received $1,000 per SIM swap and a percentage of the revenue from the compromised phone number. He was paid in Bitcoin, which was traced back to Katz’s cryptocurrency account.

Katz pleaded guilty before Chief U.S. District Judge Renée Marie Bumb in Camden federal court on March 12, 2024, to a charge of conspiracy to gain unauthorized access to a protected computer.

Katz was charged for SIM swapping five numbers. He’s now facing a statutory maximum of five years in prison and a fine of up to $250,000. Sentencing is scheduled to take place on July 16, 2024.

**What to do if you are a victim of SIM swapping**

In this case, being careful online would not have helped the victims to prevent the SIM swap. However there are some things that are tell-tale signs of a SIM swapping attack and some things you can do to limit the consequential damage.

*   If your mobile number suddenly is inactive or out of range, call your mobile operator immediately.
*   Check your online accounts immediately if you receive a notification about unusual activity. Contact the account provider if you find you no longer have access yourself.
*   If you can, register for email alerts as well as SMS for your banking transactions, so you continue to receive alerts via your email in case your SIM is deactivated.
*   If you fall victim to a SIM hijacking attempt, change the passwords for services like your online banking and email immediately.
*   If you notice irregular transactions, contact your bank to have your account blocked and avoid further fraud.
*   Contact your cellular service provider so they can stop the attacker by cutting off their access to the mobile network.
*   Consider setting up 2FA on dedicated authentication apps (such as Google Authenticator) or hardware, rather than using SMS.

**Check your digital footprint**

If you want to find out how much of your data has been exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using Malwarebytes Identity Theft Protection.

 Store manager admits SIM swapping his customers 

A list of topics we covered in the week of March 11 to March 17 of 2024

March 13, 2024 - Malwarebytes Premium for Windows detected and blocked 100% of the malware samples used in AVLab's January evaluation.

March 13, 2024 - Microsoft patched 61 vulnerabilities in the March 2024 Patch Tuesday round, including two critical flaws in Hyper-V.

March 13, 2024 - A hoax telling people to copy and paste a copyright notice on Facebook has been making the rounds since 2012. Can we make it go away? Please!

March 12, 2024 - February 2024 is likely to be remembered as one of the most turbulent months in ransomware history.

March 11, 2024 - Information newly made available under California law has shed light on data broker practices, including exactly what categories of information they trade in.

 A week in security (March 11 &#8211; March 17) 

The US healthcare industry suffers more ransomware attacks than most countries.

Following the February 21 attack on Change Healthcare, scores of people in the US have been living with the brutal, real-world effects of ransomware.

Described by the American Hospital Association (AHA) President and CEO Rick Pollack as “the most significant and consequential incident of its kind against the US health care system in history,” the attack has stopped billions of dollars in payments flowing between doctors, hospitals, pharmacies and insurers. It has also created skyrocketing pharmacy bills, pushed some healthcare providers to the edge of insolvency, and led some small practices offering chemotherapy to warn that they are just weeks from turning patients away.

There are thousands of “big game” ransomware attacks like this every year—large scale cyberattacks that can bring entire organisations to a halt. They are always damaging and they always cause pain, but when they hit the healthcare system, the consequences—particularly the risk to life—are often more immediately obvious and shocking.

From time to time individual ransomware gangs will grandstand and say they don’t or won’t hit hospitals, but the truth is that healthcare has always been a major target.

Only three weeks ago, the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning that ALPHV, the ransomware group behind the attack on Change Healthcare, was singling out targets in that sector, saying that “since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized.”

ALPHV is just one gang among many targeting the sector. In the last 12 months, known ransomware attacks on US targets have increased an enormous 101% year-on-year, but attacks on healthcare have outpaced even that, increasing 137%.

70% of all known attacks on healthcare happen in the US.

This relentless assault has made healthcare the second most attacked sector in the US, where it accounts for 9% of known attacks. In the same period, healthcare accounted for just 3% of known attacks in the rest of the world.

The stark difference between the US and everywhere else may reflect the enormous size of the US healthcare market, or it could be the result of deliberate targeting.

Screenshot

Screenshot

Given its unmatched global footprint, it’s no suprise that LockBit was responsible for more attacks on US healthcare than any other ransomware group in the last year. LockBit is the most widely used ransomware in the world, and tops the list of most active groups across a wide variety of different countries and industry sectors. What is most striking about attacks on US healthcare though is the number of different gangs involved.

In the last year, 36 different ransomware groups are known to have attacked US healthcare targets, and, unusually, the combined contribution of gangs making just a few attacks each vastly outweighs the efforts of big gangs like LockBit and ALPHV.

It’s easy to see why so many ransomare gangs might be drawn to the sector: US healthcare companies are custodians of people’s most private data, guardians of their health, and part of a marketplace worth trillions of dollars. In other words, healthcare isn’t just another industry sector, either for the people who use it, or the people who prey on it. It is a special case, and there is an argument for saying that attacks on organisations like Change Healthcare should be treated like an attack on critical infrastructure.

The last attack on US critical infrastructure, against Colonial Pipeline in 2021, was met with an immediate and ferocious response. Within a month, the FBI had recovered the vast majority of the ransom. The gang behind it, DarkSide, lost control of its infrastructure to US law enforcement (and possibly US military) before going dark, and was quickly hounded out of existence by the FBI after it attempted to remerge and rebrand as BlackMatter.

Knowing that, perhaps it’s not a surprise that the attack on Change Healthcare was one of the ALPHV gang’s last acts before it disappeared in a sloppily exectuted exit scam.

**How to avoid ransomware**

*   **Block common forms of entry.** Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
*   **Prevent intrusions.** Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
*   **Detect intrusions.** Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
*   **Stop malicious encryption.** Deploy Endpoint Detection and Response software like ThreatDown EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
*   **Create offsite, offline backups.** Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
*   **Don’t get attacked twice.** Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

 Ransomware&#8217;s appetite for US healthcare sees known attacks double in a year 

Get expert insights on the six most critical cyberthreats of 2024.

Our webinar on the 2024 State of Malware report is now available on-demand. Featuring cybersecurity experts Mark Stockley and Jérôme Segura, this webinar unpacks 2024’s most critical cyberthreats, including big game ransomware, malvertising, and emerging challenges to mobile and Mac security.

Key highlights:

*   **Expert insights**: Stockley and Segura explain how the cybercrime landscape has shifted significantly in the past year, outlining the **six most critical cyberthreats to watch out for in 2024**.
*   **Practical defense strategies**: Learn about how **layered defense systems**, including EDR, MDR, and web protection, can protect your data, devices and your business from emerging cyber threats.
*   **Why it’s essential**: The webinar equips IT and security teams with **a new threat prevention playbook** that they can leverage today to prepare for 2024 cyberthreats of all types–not just malware.

Don’t let evolving threats catch your organization off guard—watch the webinar and arm yourself with the latest insight.

 Webinar recap: 6 critical cyberthreats in 2024 and how to counter them 

A bill that passed the House of Representatives would ban TikTok from the US unless Chinese owner ByteDance gives up its share of the app.

The House of Representatives has passed a bill that would effectively ban TikTok from the US unless Chinese owner ByteDance gives up its share of the immensely popular app.

TikTok is an immensely popular social media platform that allows users to create, share, and discover, short video clips. It’s experienced explosive growth since it first appeared in 2017, and is now said to have well over 1.5 billion users, with an estimated 170 million of them in the US.

Since 2020, several governments and organizations have banned, or considered banning, TikTok from their staff’s devices, but a complete ban of an internet app would be a first in the US.

Other countries have done this before. In 2020, India was the first country to ban TikTok, along with around 200 other Chinese apps that were all blocked from operating within the country. The ban cost TikTok some 200 million users.

General Paul Nakasone, Director of the National Security Agency (NSA) certainly fueled the feeling of necessity for such a ban. Speaking at a US Senate hearing in March 2023, the general said “one third of Americans get their news from TikTok”, adding “one sixth of American youth say they’re constantly on TikTok. That’s a loaded gun.”

And a former executive at TikTok’s parent company ByteDance claimed in court documents that the Chinese Communist Party (CCP) had access to TikTok data, despite the data being stored in the US. The allegations were made in a wrongful dismissal lawsuit which was filed in May in the San Francisco Superior Court.

Ever since then, TikTok has been battling to convince politicians that it operates independently of ByteDance, which has deep ties to the CCP. For example, TikTok has repeatedly claimed the Chinese government never demanded access to US data and that TikTok would not comply if it did.

All this, and the fear of foreign influence on the upcoming elections, led to the bipartisan legislation introduced in the House with the expectation to send it to the Senate later this week.

Essentially, the bill says that TikTok has to find a new owner that is not based in a foreign adversarial country within the next 180 days or face a ban until it does comply.

The Electronic Frontier Foundation (EFF), an international non-profit digital rights group based in the US, says it opposes this bill, mainly because it is afraid that TikTok will not be the last app to face this type of ban. It mentions Tencent’s WeChat app as an example of what could be the next target.

A year ago, supporters of digital rights across the country successfully stopped the federal RESTRICT Act aka the “TikTok ban.” The RESTRICT Act was introduced in the United States Senate on March 7, 2023 and requires federal actions to identify and mitigate foreign threats to information and communications technology products and services (e.g., social media applications). It also establishes civil and criminal penalties for violations under the bill.

The EFF argues that the bill will not stop the sharing of data but it will reduce online rights in a way that is unconstitutional. And it says the focus should be on the common practice of data collection in the first place, rather than single out one app.

The point made by the EFF stipulates that data brokers will continue to sell our information to whomever is willing to pay. And the apps providing brokers with data are certainly not limited to those that hail from a foreign adversarial country.

Chinese officials reportedly said the government would “firmly oppose” any forced sale of TikTok because it would “seriously undermine the confidence of investors from various countries, including China, to invest in the United States.”

****Check your digital footprint****

If you want to find out how much of your data has been exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using Malwarebytes Identity Theft Protection.

Source

Malwarebytes