A Portland, Oregon, family contacted Amazon to investigate after they say a private conversation in their home was recorded by Amazon's Alexa – the voice-controlled smart speaker – and the recorded audio was sent to the phone of a random person in Seattle, who was in the family’s contact list.
"My husband and I would joke and say, 'I'd bet these devices are listening to what we're saying,'" said Danielle, who did not want KIRO-TV to use her last name.
Every room in her family home was wired with the Amazon devices to control her home's heat, lights and security system.
But Danielle said that two weeks ago, the family's love for Alexa changed with an alarming phone call. "The person on the other line said, 'Unplug your Alexa devices right now,'" she said. "'You're being hacked.'"
That person was one of her husband's employees, calling from Seattle.
"We unplugged all of them and he proceeded to tell us that he had received audio files of recordings from inside our house," she said. "At first, my husband was, like, 'No, you didn't!' And the (recipient of the message) said, 'You sat there talking about hardwood floors.' And we said, 'Oh gosh, you really did hear us.'"
Danielle listened to the conversation when it was sent back to her, and she couldn't believe someone 176 miles away heard it, too.
"I felt invaded," she said. "A total privacy invasion. Immediately, I said, 'I'm never plugging that device in again because I can't trust it.'"
Danielle says she unplugged all the devices, and she repeatedly called Amazon. She says an Alexa engineer investigated.
"They said, 'Our engineers went through your logs, and they saw exactly what you told us; they saw exactly what you said happened, and we're sorry.' He apologized like 15 times in a matter of 30 minutes, and he said, 'We really appreciate you bringing this to our attention; this is something we need to fix!'"
But Danielle says the engineer did not provide specifics about why it happened or if it's a widespread issue.
"He told us that the device just guessed what we were saying," she said. Danielle said the device did not audibly advise her it was preparing to send the recording, something it’s programmed to do.
When KIRO-TV asked Amazon questions, the company sent this response:
“Amazon takes privacy very seriously. We investigated what happened and determined this was an extremely rare occurrence. We are taking steps to avoid this from happening in the future."
Amazon offered to “de-provision” Danielle’s Alexa communications so she could keep using its "Smart Home" features. But Danielle is hoping Amazon gives her a refund for her devices, which she said representatives have been unwilling to do. She says she’s curious to find out if anyone else has experienced the same issue.
"A husband and wife in the privacy of their home have conversations that they're not expecting to be sent to someone (in) their address book," she said.
A seemingly innocent quiz that has been sweeping social media could help scammers get their hands on your personal data, experts say.
"What's your royal wedding guest name?" the meme, which began circulating ahead of Saturday's royal wedding, asks.
One version reads as follows:
"In honor of the royal wedding, use your 'royal wedding guest name' this week. Start with either 'Lord' or 'Lady' – your first name is one of your grandparents' names. Your surname is the name of your first pet, then 'of' followed by the name of the street you grew up on."
"If they’re asking you what could be security-rated questions like ‘What’s your mother’s maiden name?' – things that you would get asked that would allow you to perhaps reset a password, login to a system through some alternative approach – they could be taking that information and be attempting to hack into systems with that," Dave Hatter, WXIX's technology expert, told the TV station.
A computer security expert identified as Snow echoed the sentiment in a message to HuffPost, saying the answers "could be used to gain access to accounts (social media, banking, work email, etc) with potential for identity theft."
A smartphone can be a lifeline in a storm, but it's useless without power. Fortunately, there's never been more ways to keep a smartphone juiced up.
Here are some easy ways to keep your phone in the green if you lose power:
1. Charge up every laptop in your home. If you lose power, turn a laptop on (but don't unlock the screen) and use your iPhone or Android cable to charge your phone via the USB ports. Most newer laptops can charge a smartphone multiple times.
2. Keep your phone on "Low Power Mode." This setting will use far less juice. On an iPhone, go to "Settings," scroll down to "Battery" and turn on "Low Power Mode." On an Android, swipe down from the top menu and find the "Power Saving" icon.
3. Use your car to charge your phone. Most newer cars have a USB port – or two. Even if your car is out of fuel, you can turn it on and charge it using the car battery. It's a last resort, but if you have a newer car battery, it will charge a phone multiple times easily.
4. Buy an external charger if you don't have one; most drug stores have them. Portable smartphone battery chargers are getting better and less expensive. Most drug store chains have them near the counter, but you will pay more for the convenience. But if you need one right now, that is a good place to look.
Companies such as Anker and Aukey sell high-quality, high capacity chargers on Amazon. Consider buying one before the next storm. Some of the new one have capacities approaching 30,000 mAh, which is enough to charge an phone over five times.
5. Still have power but want to charge a phone quickly without using a wall socket? Plug it into the USB port on your TV. Most newer TVs have one.
Google announced that singer John Legend will be one of the new voices of Google Assistant.
The musician and songwriter, who has appeared in multiple Google ads, one with his model and cookbook author wife Chrissy Teigen, is one of six new voices for the digital device.
CNET reported that Google made the announcement Tuesday at its annual I/O developer conference in Mountain View, California.
The technology used for the voices on the Assistant was WaveNet, which allowed Legend’s voice to be used for different user responses in less recording time.
According to The Verge, Legend’s voice will be on the Assistant for Google Home and other Google devices, like phones and home speakers, later in the year.
Shopping on Instagram is about to become a lot easier with the launch of its new native payments feature.
Instagram quietly began rolling out the feature this week for some users, giving them the option to register a debit or credit card, set up a security PIN and begin buying products without leaving the app at all.
Before the native payment option, users could tap the app’s Shoppable Tag to purchase products they are interested in, but they would be sent directly to the brand’s website.
TechCrunch first reported on the feature after a reader tipped the site off. An Instagram spokesperson confirmed native payments for booking restaurant reservations or salon appointments are now live for a limited set of business partners.
In March 2017, Instagram announced it would “roll out the ability to book a service with a business directly from their profile,” but there was no mention of native payments.
With the new option, brands popular on Instagram may find a new, successful business venue in the app’s native commerce feature. For users, this would also make the transaction more convenient. With payment details already stored, users can make quick purchases without leaving the app.
According to Instagram’s terms of service, the app is backed by Facebook Payments’ rules. But while Facebook has peer-to-peer payments via Messenger, it’s unclear whether the same would become available for Instagram. The option of adding a credit or debit card on file, however, is a “critical building block to that feature,” according to TechCrunch.
“Instagram Payments could make impulse buys much quicker, enticing more businesses to get on board,” TechCrunch reported. “Even if Instagram takes no cut of the revenue, brands are likely to boost ad spend to get their shoppable posts seen by more people if the native payments mean more of them actually complete a purchase.”
The new feature is available for some but not all users in the U.S. It should start rolling out for all users over the next few weeks.
Amazon.com Inc. may be gearing up for its next big project: a home robot.
According to the sources, Vesta has apparently been in the works for years, but new job listings for Lab126, Amazon’s hardware research and development division, have sprung up this year.
Lab126 engineers previously built Amazon’s Kindle, Fire Phone and Echo.
“People briefed on the plan say the company hopes to begin seeding the robots in employees’ homes by the end of this year, and potentially with consumers as early as 2019,” Bloomberg reported, noting that the timeline may change.
The Vesta robot prototypes reportedly have computer vision software and advanced cameras for navigation. Think of a “mobile Alexa, accompanying customers in parts of their home where they don’t have Echo devices,” Bloomberg analysts wrote.
An Amazon spokesperson told Bloomberg the company doesn’t comment on “rumors and speculation.” The AJC has reached out to Amazon for comment, as well.
Other companies have dabbled in domestic robots before, including iRobot and its Roomba vacuum and MobileRobots Inc.’s Jeeves home security robot.
If you're still in the dark as to whether your Facebook information was shared with data-mining firm Cambridge Analytica, the social networking site now has a tool that will clear things up.
According to Mashable, a Facebook page titled "How can I tell if my info was shared with Cambridge Analytica?" reveals whether you or your friends used a quiz app called "This Is Your Digital Life," which reportedly exposed the data.
Once you're on the page, scroll down to "Was My Information Shared?" There, you'll see one of the following messages:
1. Based on our available records, neither you nor your friends logged into "This Is Your Digital Life."
As a result, it doesn't appear your Facebook information was shared with Cambridge Analytica by "This Is Your Digital Life."
2. Based on our investigation, you don't appear to have logged into "This Is Your Digital Life" with Facebook before we removed it from our platform in 2015.
However, a friend of yours did log in.
As a result, the following information was likely shared with "This Is Your Digital Life":
A small number of people who logged into "This Is Your Digital Life" also shared their own News Feed, timeline, posts and messages which may have included posts and messages from you. They may also have shared your hometown.
3. Our investigation indicates you logged into "This Is Your Digital Life" with Facebook before we moved it from our platform in 2015.
As a result, you likely shared the following information with "This Is Your Digital Life":
A small number of people also shared their News Feed, timeline, posts, messages and friends' hometowns with "This Is Your Digital Life."
According to The Associated Press, as many as 87 million users' data may have been shared with the firm, which "may have used ill-gotten user data to try to influence elections."
Facebook previously announced it would send affected users notices, but the AP reported late Tuesday that "there were no signs that any users have yet received that notification."
Additionally, Facebook said it would be sending its 2.2 billion users a more general notice about protecting their privacy on the social networking site.
A new complaint filed with the Federal Trade Commission accuses video-sharing site YouTube of illegally collecting children's data.
According to the Guardian, nearly two dozen advocacy groups, including the Campaign for a Commercial-Free Childhood and the Center for Digital Democracy, are arguing that YouTube's parent company, Google, violates the Children's Online Privacy Protection Act by collecting data on and targeting advertising toward children without obtaining parental consent beforehand.
The complaint, filed Monday, also alleges that Google knows that children use YouTube, even though YouTube asks that children under 13 not use the site.
"Despite the presence of literally millions of child-directed videos, and despite promising advertisers access to kids via YouTube ads, Google pretends that they aren’t responsible for the children on YouTube," the CCFC said on its website. "Google knows kids are there, and they are not taking steps to protect their privacy. So we are."
YouTube released the following statement in response to the complaint:
"We are reviewing the complaint and will evaluate if there are things we can do to improve. Protecting kids and families has always been a top priority for us. Because YouTube is not for children, we’ve invested significantly in the creation of the YouTube Kids app to offer an alternative specifically designed for children."
According to The Associated Press, YouTube Kids "offers more parental controls but is not as widely used" as the main YouTube site.
Update Apr 5, 2018 3:45 PM EDT: In addition to Delta Airlines, Sears Holdings announced that customer data from Sears and Kmart stores, including names, addresses and credit card numbers, may have been exposed during a security breach last fall.
Sears Holdings uses the same online chat service as Delta, 7.ai, and said in a statement posted on its website that it believes fewer than 100,000 customers were affected by the breach.
“As soon as 7.ai informed us in mid-March 2018, we immediately notified the credit card companies to prevent potential fraud, and launched a thorough investigation with federal law enforcement authorities, our banking partners, and IT security firms,” company officials said.
Sears Holdings said the credit card information of customers making purchases online between Sept. 27, 2017 and Oct. 12, 2017, may have been compromised, but that anyone using a Sears credit card was not affected.
The company said there’s no evidence its stores were compromised or that Sears’ internal data bases were compromised.
Sears Holdings is establishing a hotline for customers to find out more about the breach by Friday.
Atlanta-based Delta Air Lines is the latest victim of a cyber incident.
Delta announced Wednesday that a "small subset" of customers may have had their payment information compromised online.
"(I’m) a little uneasy. I think they'll take care of it, so it will be OK, but the first gut reaction is a little nerve-racking," traveler Nicole Ladin told WSB-TV's Carl Willis at Hartsfield-Jackson International Airport, Delta's main hub.
According to Delta, 7.ai, an online chat service they use, was hacked from Sept. 26 to Oct. 12 of last year, and payment information may have been compromised.
Delta said the airline was notified about the breach last Wednesday.
"It's just ... I think they have to make it 100 percent, to make it work 100 percent," traveler Marquise Bishop said.
The airline also will start directly contacting customers who may have been impacted and ensure that customers are not responsible for any fraudulent payment card activity that may have happened.
Ladin told Willis that her mind will still be on her wallet as she flies home.
"Especially when you're a frequent flier. It gets a little nervous that that information has been leaked," Ladin said.
Here's is Delta's full statement about the cyber incident:
"Last week, on March 28, Delta was notified by 7.ai, a company that provides online chat services for Delta and many other companies, that 7.ai had been involved in a cyber incident. It is our understanding that the incident occurred at 7.ai from Sept. 26 to Oct. 12, 2017, and that during this time certain customer payment information for 7.ai clients, including Delta, may have been accessed – but no other customer personal information, such as passport, government ID, security or SkyMiles information was impacted.
"Upon being notified of 7.ai's incident, Delta immediately began working with 7.ai to understand any potential impact the incident had on Delta customers, delta.com, or any Delta computer system. We also engaged federal law enforcement and forensic teams, and have confirmed that the incident was resolved by 7.ai last October. At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers' information was actually accessed or subsequently compromised.
"We appreciate and understand that this information is concerning to our customers. The security and confidentiality of our customers' information is of critical importance to us and a responsibility we take extremely seriously. Delta will launch delta.com/response, a dedicated website, noon ET April 5, which we will update regularly to address customer questions and concerns. We will also directly contact customers who may have been impacted by the 7.ai cyber incident. In the event any of our customers' payment cards were used fraudulently as a result of the 7.ai cyber incident, we will ensure our customers are not responsible for that activity."
The Federal Trade Commission confirmed Monday that it is investigating Facebook’s privacy practices amid reports that the social media giant inappropriately shared user data with consultancy firm Cambridge Analytica.
“The FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook,” Tom Pahl, acting director of the FTC’s Bureau of Consumer Protection, said Monday in a statement. “Today, the FTC is confirming that it has an open non-public investigation into these practices.”
Facebook has faced criticism since reports surfaced that Cambridge Analytica got access to the data of about 50 million Facebook users inappropriately.
Citing unidentified sources, Bloomberg News reported last week that the FTC was investigating whether Facebook violated the terms of a consent decree it reached with the FTC in 2011 over privacy concerns.
The decree required the company to “notify users and receive explicit permission before sharing personal data beyond their specified privacy settings,” CNBC reported. Officials declined to confirm the report.
If found in violation of the decree, Facebook could face a fine of $40,000 per violation, CNBC reported.
Facebook founder and CEO Mark Zuckerberg said in a statement last week that Cambridge Analytica got data gathered from a personality quiz app created in 2013 by Cambridge University researcher Aleksandr Kogan. The app, which was installed by about 300,000 people, asked users to share their data as well as the data of their friends, Zuckerberg said.
“Given the way our platform worked at the time, this meant Kogan was able to access tens of millions of their friends’ data,” Zuckerberg said.
He added that Facebook implemented measures in 2014 to prevent similar situations and better protect user privacy.
Take www.y100fm.com everywhere you go! Download your app below from the Google Play Store or Apple App Store:
Enable our Skill today to listen live at home on your Alexa Devices!