Tag:

sensitive

Highly Sensitive Medical Cannabis Patient Data Exposed by Unsecured Database

by admin August 20, 2025

As legal cannabis has expanded around the United States for both recreational and medical use, companies have amassed troves of data about customers and their transactions. People who have applied for medical marijuana cards have had to share particularly personal health data to qualify. For some patients in Ohio who use medical weed, a recent data exposure could impact their sensitive information.

Security researcher Jeremiah Fowler found a publicly accessible database in mid-July that appeared to contain medical records, mental health evaluations, physician reports, and images of IDs like driver’s licenses for people seeking medical cannabis cards. The 323-GB trove stored close to a million records, including Social Security numbers, email addresses, physical addresses, dates of birth, and medical data—all organized by name.

Based on information that seemed to describe specific employees and business partners, Fowler suspected that the data belonged to the Ohio-based company Ohio Medical Alliance LLC, which goes by the name Ohio Marijuana Card. Fowler contacted the company on July 14; when he checked the database the next day, it had been secured and was no longer publicly accessible online. Fowler did not receive a response about his submission.

Ohio Medical Alliance did not answer WIRED’s questions about Fowler’s findings. At one point, though, the company’s president, Cassandra Brooks, wrote in an email: “I need time to investigate this alleged incident. We take data security very seriously and are looking into this matter.”

“There were physicians’ reports that would say what the underlying problem was—whether it was anxiety, cancer, HIV, or something else. In some cases, the applicants would submit their own medical records as proof” of their qualifying condition, Fowler tells WIRED. “I saw identification documents from lots of states, from everywhere. And I even saw offender release cards, which are basically IDs for people who just got out of prison that they submitted as proof of identity to get a medical marijuana card.”

Fowler says that most of the files in the database were image formats like PDFs, JPGs, and PNGs. One CSV plaintext document called “staff comments” appeared to be an export of internal communications, appointment histories, notes about clients, and application status. That file also contained more then 200,000 email addresses of Ohio Medical Alliance employees, business associates, and customers.

Databases that are misconfigured and have inadvertently been left publicly exposed on the open internet are a common problem online in spite of efforts to raise awareness about the mistake and its privacy implications.

Source link

August 20, 2025 0 comments

Gaming Gear

Meta warns users to ‘avoid sharing personal or sensitive information’ in its AI app

by admin June 17, 2025

Meta seems to have finally taken a small step to address the epidemic of over-sharing happening in the public feed of its AI app. The company has added a short disclaimer that warns users to “avoid sharing personal or sensitive information” to the “post to feed” button in the Meta AI app.

The change was first spotted by Business Insider, which labeled the app “one of the most depressing places online” due to the sheer volume of intimate, embarrassing and sometimes personally-identifying information Meta AI users were — apparently unwittingly — publicly sharing to the app’s built-in “discover” feed. Though Meta AI doesn’t share users’ chat histories by default, it seems that many of the app’s users were choosing to “share” their interactions without realizing it would make the voice and text chats visible to the public.

Last week, I found posts where users asked for advice on “improving bowel movements” and inquiring whether a relative could be liable for their employer’s unpaid taxes. Another user desperately added “keep this private” to his public posts in an apparent attempt to hide his embarrassing chats after the fact. These types of strange public interactions have been happening since the Meta AI app rolled out in April, but received renewed attention last week after social media users began posting about all of the weird conversations that were visible in the app’s “discover” feed.

Privacy experts criticized Meta, noting that most other mainstream AI chatbots don’t include a social, publicly-visible feed. “If a user’s expectations about how a tool functions don’t match reality, you’ve got yourself a huge user experience and security problem,” Rachel Tobac, a security expert who has previously partnered with Meta, observed last week. “Humans have built a schema around AI chat bots and do not expect their AI chat bot prompts to show up in a social media style Discover feed — it’s not how other tools function.” The Mozilla Foundation also urged Meta to change the app’s design. “Meta AI’s app doesn’t make it obvious that what you share goes fully public,” it wrote in a statement last week There’s no clear iconography, no familiar cues about sharing like in other Meta apps.”

Now, the company has apparently taken note. With the change, choosing to share a Meta AI interaction publicly prompts the warning seen above, though it only seems to appear on the first share. “Prompts you post are public and visible to everyone,” it states. “Your prompts may be suggested by Meta on other Meta apps. Avoid sharing personal or sensitive information.”

As Business Insider notes, the app’s public feed also seems to no longer feature text exchanges other users have shared with the app, only AI-generated images and video. It’s unclear if that’s a permanent change, or the result of the recent negative attention the app’s received. We’ve reached out to Meta for more information and will update if we hear back.

In the meantime, if you’ve found yourself the victim of unintended public posts in the app, you can remove them by tapping on your profile in the top right corner of the app, heading to Data & Privacy -> Manage your information -> Make all public prompts visible only to you and selecting “apply to all.”

Source link

June 17, 2025 0 comments

$80 for Borderlands 4 too costly? Randy Pitchford says, "If you're a real fan, you'll find a way to make it happen"

Game Reviews

Fans slam Gearbox CEO Randy Pitchford’s message to “cost sensitive” fans

by admin June 1, 2025

Gearbox CEO Randy Pitchford has double-doubled down on comments about the cost of Borderlands 4, by inviting “cost sensitive” fans to download Tiny Tina’s Wonderlands from the Epic Games Store for “FREE”.

These latest comments come after Gearbox CEO Randy Pitchford made headlines when he told a X/Twitter commenter that “real fans” would find a way to get their hands on a copy of the game, even if it came with a $80 price tag. He later tried to justify it, all the while saying pricing was “not [his] call”.

In this latest social media post, Pitchford wrote the word “free” four times, each time in blockcaps.

9 Exciting 2025 Open-World Games We Can’t Wait to Play.Watch on YouTube

“For our real fans who may be cost sensitive, the very awesome and incredibly fun smash hit videogame Tiny Tina’s Wonderlands is FREE this week on the Epic Games Store,” Pitchford wrote. “Please enjoy this FREE gift by grabbing your FREE copy here, FREE.”

Aforementioned real fans were quick to respond to this comment, too.

“You don’t get to just walk back being incredibly tone-deaf to the world around you. We are out here struggling, Randy,” said one player, while another wrote: “Dude you need to shut up already. No reason games should be $80 especially if its anything like 3 or that shit ass excuse of a movie.”

“I’m afraid the industry is moving in that direction and it’s just reality that we’ll have to accept,” Pitchford insisted. “The price for Borderlands 4 is going to get announced by the publisher soon. My wish, having worked my ass off on the game, is for as many people as possible to get to play it.”

When another commented: “So Randy, you think making backhanded comments towards your consumers about them being ‘cost sensitive’ is the plan? Wtf happened to you,” he responded: “Backhanded? There are literally people who want to play great video games, have a game-ready PC, but may not be able to spend enough to buy a new AAA game for awhile and this week there’s a free offer for one of the best shooter looters to come out over the last five years…”

“Saying ‘cost sensitive’ as the CEO of a company (In lieu of criticism of an $80 price tag for BL4) when a lot of your fan base is struggling to even pay for the roof over their heads and food on their tables is a crazy sentence to utter,” said another player.

Just a week before the “real fans” kerfuffle, Pitchford implored we “play the game first and understand the choices [the development team has] made” before passing judgement on changes Gearbox has made to the shooter’s head’s up display, including the removal of the mini-map.

Borderlands 4, as we learned a couple of weeks ago, is now arriving earlier than expected on 12th September, and developer Gearbox recently shared more of its latest looter shooter in a new PlayStation showcase. It showed off a couple of new Vault Hunters, some of its new weapons, new traversal mechanics, its new planet, and more all to whip-up enthusiasm for what creative director Graeme Timmins called “hands-down our best Borderlands ever”.

Source link

June 1, 2025 0 comments

Crypto Trends

Zero-knowledge proofs offer a cryptographic solution that keeps your sensitive data safe.

by admin May 27, 2025

Opinion by: Andre Omietanski, General Counsel, and Amal Ibraymi, Legal Counsel at Aztec Labs

What if you could prove you’re over 18, without revealing your birthday, name, or anything else at all? Zero-knowledge proofs (ZKPs) make this hypothetical a reality and solve one of the key challenges online: verifying age without sacrificing privacy.

The need for better age verification today

We’re witnessing an uptick in laws being proposed restricting minors’ access to social media and the internet, including in Australia, Florida, and China. To protect minors from inappropriate adult content, platform owners and governments often walk a tightrope between inaction and overreach.

For example, the state of Louisiana in the US recently enacted a law meant to block minors from viewing porn. Sites required users to upload an ID before viewing content. The Free Speech Coalition challenged the law as unconstitutional, making the case that it infringed on First Amendment rights.

The lawsuit was eventually dismissed on procedural grounds. The reaction, however, highlights the dilemma facing policymakers and platforms: how to block minors without violating adults’ rights or creating new privacy risks.

Traditional age verification fails

Current age verification tools are either ineffective or invasive. Self-declaration is meaningless, since users can simply lie about their age. ID-based verification is overly invasive. No one should be required to upload their most sensitive documents, putting themselves at risk of data breaches and identity theft.

Biometric solutions like fingerprints and face scans are convenient for users but raise important ethical, privacy, and security concerns. Biometric systems are not always accurate and may generate false positives and negatives. The irreversible nature of the data, which can’t be changed like a regular password can, is also less than ideal.

Other methods, like behavioral tracking and AI-driven verification of browser patterns, are also problematic, using machine learning to analyze user interactions and identify patterns and anomalies, raising concerns of a surveillance culture.

ZKPs as the privacy-preserving solution

Zero-knowledge proofs present a compelling solution. Like a government ID provider, a trusted entity verifies the user’s age and generates a cryptographic proof confirming they are over the required age.

Websites only need to check the proof, not the excess personal data, ensuring privacy while keeping minors at the gates. No centralized data storage is required, alleviating the burden on platforms such as Google, Meta, and WhatsApp and eliminating the risk of data breaches.

Recent: How zero-knowledge proofs can make AI fairer

Adopting and enforcing ZKPs at scale

ZKPs aren’t a silver bullet. They can be complex to implement. The notion of “don’t trust, verify,” proven by indisputable mathematics, may cause some regulatory skepticism. Policymakers may hesitate to trust cryptographic proofs over visible ID verification.

There are occasions when companies may need to disclose personal information to authorities, such as during an investigation into financial crimes or government inquiries. This would challenge ZKPs, whose very intention is for platforms not to hold this data in the first place.

ZKPs also struggle with scalability and performance, being somewhat computationally intensive and tricky to program. Efficient implementation techniques are being explored, and breakthroughs, such as the Noir programming language, are making ZKPs more accessible to developers, driving the adoption of secure, privacy-first solutions.

A safer, smarter future for age verification

Google’s move to adopt ZKPs for age verification is a promising signal that mainstream platforms are beginning to embrace privacy-preserving technologies. But to fully realize the potential of ZKPs, we need more than isolated solutions locked into proprietary ecosystems.

Crypto-native wallets can go further. Open-source and permissionless blockchain-based systems offer interoperability, composability, and programmable identity. With a single proof, users can access a range of services across the open web — no need to start from scratch every time, or trust a single provider (Google) with their credentials.

ZKPs flip the script on online identity — proving what matters, without exposing anything else. They protect user privacy, help platforms stay compliant, and block minors from restricted content, all without creating new honeypots of sensitive data.

Google’s adoption of ZKPs shows mainstream momentum is building. But to truly transform digital identity, we must embrace crypto-native, decentralized systems that give users control over what they share and who they are online.

In an era defined by surveillance, ZKPs offer a better path forward — one that’s secure, private, and built for the future.

Opinion by: Andre Omietanski, General Counsel, and Amal Ibraymi, Legal Counsel at Aztec Labs.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Source link

May 27, 2025 0 comments