Security News This Week: Rite Aid Used Facial Recognition in Stores for Nearly a Decade

A SubStack email mess, a Nintendo leak, and more of the week's top security news.
Rite Aid store
Photograph: JOHNATHON KELSO/Getty Images

Just over two weeks after an unprecedented hack led to the compromise of the Twitter accounts of Bill Gates, Elon Musk, Barack Obama, and dozens more, authorities have charged three men in connection with the incident. The alleged "mastermind" is a 17-year-old from Tampa, who will be tried as an adult. There are still plenty of details outstanding about how they might have pulled it off, but court documents show how a trail of bitcoin and IP addresses led investigators to the alleged hackers.

A Garmin ransomware hack disrupted more than just workouts during a days-long outage; security researchers see it as part of a troubling trend of "big game hunting" among ransomware groups. In other alarming trends, hackers are breaking into news sites to publish misinformation through their content management systems, giving them an air of legitimacy. And we took a look at how AI helped uncover Chinese boats lurking in North Korean waters.

A WIRED investigation found dozens of children apparently under the age of 13 streaming on Twitch, as well as strangers sending them disturbing chat messages. After we published our report, Twitch removed a search option that made it easier to find those streams to begin with.

We also gave you nine tips to better secure your cloud storage service of choice and dove into the world of so-called dark patterns, the manipulative interface designs that plague so much of the modern web.

And there's more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.

Reuters this week published a deep investigation into the use of facial recognition technology by Rite Aid, which the drugstore chain deployed to 200 stores over the last eight years. The tech was installed largely in low-income neighborhoods in New York and Los Angeles, alarming civil liberties advocates. Of further concern was that Rite Aid outsourced some of its technology from a company with links to the Chinese government. Rite Aid stopped using facial recognition following Reuters inquiries, but the breadth, focus, and duration of its implementation is still alarming.

The leak itself occurred two weeks ago, but Motherboard has a great dive into the ripples caused by the so-called gigaleak, a trove of historical Nintendo source code, prototypes, emails, and more. The contents of the gigaleak are compelling enough on their own, but so are the tensions its release has caused, especially given Nintendo's litigious reputation.

Millions of people rely on the Tor for anonymity, and it remains a good bet for most use cases. But security researcher Neal Krawetz this week dropped two apparent zero-day vulnerabilities in the browser. He also plans to disclose three more, one of which could reveal Tor server IP addresses. Krawetz said he went public with the security issues because the Tor Project has been unresponsive when he's tried to report problems responsibly in the past.

Who among us! This week, newsletter platform SubStack sent an email out to subscribers with an update to its privacy policy. Unfortunately, for a "small percentage" of users it forgot to BCC, leading to a potentially explosive reply-all apocalypse. "We are so sorry this happened—and we are aware of the irony," the company said in an apologetic tweet. (Anecdotally, the people on those lists showed remarkable restraint.)


More Great WIRED Stories