Data Breach Roundup (Apr 17 - 23, 2026)
A popular app-infrastructure provider, an important French government agency, a watchmaker, and a cosmetics giant make up this week's confirmed data breaches.
Privacy & Security News
RSS Feed • Follow @PrivacyNews@mstdn.plus on Mastodon • Find more news on the forum
Fingerprint.com Discovers Vulnerability That Can Link Your Tor Browsing Together
The fingerprinting company fingerprint.com discovered a vulnerability affecting “all Firefox-based browsers” that would allow a “stable process-lifetime identifier” during a browsing session, including after pressing the “New Identity“ button in Tor browser.
Apple Releases Patch for the Signal Notification Issue That Allowed Recovery of Deleted Messages
Apple has released iOS 26.4.2, which fixes the notification bug that allowed the FBI to extract Signal messages from a defendant’s iPhone.
Mozilla Used Mythos to Fix 271 Firefox Bugs
Regardless of your feelings on AI (and Mozilla), it seems Mozilla has at least found one good use for it.
Madison Square Garden Facial Recognition Surveillance Used to Ban and Track People Around
According to WIRED, Madison Square Garden’s incredibly invasive facial recognition system has been used to ban critics of the stadium and even track a trans woman around who did nothing wrong.
Maryland Set To Ban Surveillance Pricing
The bill would be the first of it's kind but is not without controversy.
Brave Launches Paid, Bloat-Free "Brave Origin"
Is this a sustainable, fair business model or paywalling what should be the free version?
HackerOne Pauses Internet Bug Bounty
Hacker One says that the rise of AI bug reports is overwhelming projects, meaning the bug bounty system needs to be rethought.
Data Breach Roundup (Apr 10-16, 2026)
This week saw yet another breach from Booking.com, education giant McGraw-Hill, freelancing job board Fiverr, and many more.
India Drops Proposal to Require Biometric ID App After Strong Opposition
Reuters reports that the Indian government has decided it won’t go through with a proposal to require operating systems to preinstall the biometric ID app Aadhaar.
Fiverr Exposes Private Information of its Users Publicly on Google Search Results
A security researcher on Hacker News claims that sensitive documents like tax forms shared between Fiverr users in private messages ended up publicly indexed by search engines like Google.
Mastodon to Get E2EE for Private Messages Thanks to Sovereign Tech Fund
Mastodon announced they were awarded a €614k service agreement by the Sovereign Tech Fund to fund the development of new features and improvements, including end-to-end encrypted private messages.
Google Chrome Adding Protection Against Cookie-Stealing Malware
Google announced on their security blog that Device Bound Session Credentials (DBSC), a protection against session theft, are shipping for Windows users on Chrome 146.
Librarians Raise Privacy Concerns Over Age Verification Bill
The Coalition of Alberta Public Libraries issued a letter raising privacy concerns over Bill 28, or the Municipal Affairs and Housing Statues Amendment Act, in Alberta, which requires age restrictions on library materials.
Data Breach Roundup (Apr 3 - 9, 2026)
It was a slow week, though we did still see a high-profile breach of a startup that provides training data for AI which likely continue to be talked about for a while.
OkCupid Settles After Selling 3 Million Photos to a Facial Recognition Company
The FTC has determined that OkCupid and their owner Match Group don’t have to pay a fine after settling a case in which they shared 3 million user photos and location information to a facial recognition firm.
Data Breach Roundup (Mar 27 - Apr 2, 2026)
FBI Director Kash Patel's emails, heath tech companies, and the European Commission are some of this week's most notable data breaches.
macOS 26.4 Brings New Terminal Security Feature to Stop Malicious Commands
macOS 26.4 is now out, and with it comes a new feature in the Terminal app to help prevent malicious commands pasted into the terminal from running.
Grandma Wrongly Arrested Due to Facial Recognition Software Finally Released After Months in Jail
Angela Lipps, an innocent, 50-year-old grandma who was arrested after wrongfully being identified by facial recognition software, has finally been released.
iOS 26.5 Beta Supports RCS End-to-End Encryption
Cross-platform end-to-end encryption in RCS may finally be coming to iOS, as the new iOS 26.5 beta released by Apple has end-to-end encryption support.
Subscribe today!
Privacy Guides is the best place to learn about protecting your digital life. You can get more articles like these, straight to your inbox:
No spam. Unsubscribe anytime.