Top infosec trends in the social media spotlight this week

It’s a GDPR special this week, as the new EU data protection regulation officially came into force as of today.

The big day is finally upon us, and Twitter users celebrated the end to the barrage of ‘we’ve updated our privacy terms’ emails with a flurry of compliance-related puns.

Many implied that Christmas came early today within the infosec community…

… while others shared their take on the big day by using the hashtags #GDPR and #GDPRjokes.

Major props go to the creator of this Spotify playlist, aptly titled ‘Now That’s What I Call GDPR’.

And also to the person who crafted the GDPR Hall of Shame website, which includes this odd letter mailed to one Parcelforce customer.

Some non-EU websites – including the LA Times and Chicago Tribune – tackled the issue by blocking access to traffic coming from European ISPs, as they look to implement “technical compliance solutions”.

But our thoughts are with workers from the UK’s Information Commissioner’s Office, whose website was seemingly inundated with last-minute request this week, forcing it offline.

Instead of a PDF guide on how to comply with GDPR, site visitors were met with an error message yesterday – just hours before the deadline.

As of the time of writing the website appears to be up, but some people are still experiencing issues.

Today signals an interesting shift in the way data is kept and processed by companies both in and outside of the EU.

Whether it will have a huge effect, or just cause a major headache, has yet to be seen.

In non-GDPR related news, if you’ve ever been wary of Amazon’s Echo Dot device, then this might put you off even further.

This week, Echo assistant Alexa secretly recorded one family’s private conversation and sent the audio file to one of their contacts without gaining permission.

Amazon investigated the incident and confirmed it had happened – before hastily adding that this was “an extremely rare occurrence”.

The company’s statement didn’t do much to quell the flames of panic, as some customers reacted by unplugging their devices.

While others were largely unsympathetic towards Alexa users.

In legal news, a hacker-for-hire was jailed for 15 years this week after accessing websites belonging to companies and government agencies across Minnesota, US.

John Gammell pleaded guilty in January after a “campaign of distributed denial of services attacks” on at least three websites between 2015 and 2017.

He allegedly caused $5,000 worth of damage to employers, banks, and agencies, including two schools.

And finally, if you’re looking for a legal way to test your research skills, take a leaf out of this hacker’s book, who was awarded a $25,000 bug bounty by Shopify for discovering a remote code execution bug.

André Baptista was paid the huge sum after disclosing his critical find through HackerOne.

News of the Shopify award comes after an 18-year-old student from Uruguay was handed $36,000 after he alerted developers to a critical bug in the Google App Engine web framework.

Ezequiel Pereira was awarded the huge sum for his find, which he noted was “a pleasant surprise”.

You can read more about what he discovered here.