Latest news with #RachelTobac
CNN
3 days ago
- Business
- CNN
Here's what cybersecurity experts think about Tea's data breach
The company behind the popular app Tea Dating Advice, which allows women to anonymously share information about the men they date for safety purposes, confirmed on Friday that 72,000 images — including about 13,000 user images submitted during account verification — were accessed in a data storage breach. When creating an account on the Tea app, users are asked to submit a selfie to 'verify that you are a woman.' The app says photos are deleted following account approval. Another 59,000 images that were accessed were 'publicly viewable in the app from posts, comments and direct messages.' Tea said the breach impacted users who registered before February 2024. The breach raises privacy and safety questions about sharing selfies on apps and how users can protect themselves. Rachel Tobac, CEO and co-founder of SocialProof Security, told CNN that while a selfie 'by itself is seemingly innocuous,' it could be used to hack bank accounts and other programs when coupled with government-issued identification. She recommended that Tea users consider freezing their credit, using data brokerage site removal tools, making social media accounts private, using a password manager and multifactor authentication. Tobac said identity verification or age verification has become increasingly popular but is a risky choice for companies. 'Any information that you collect, you have to protect. And the more information you collect, the more interesting of a target you are for cyber criminals,' Tobac said. And accepting facial recognition as the norm can also add to the risk of how law enforcement agencies or hackers can use information against consumers, said Albert Fox Cahn, founder and executive director of the Surveillance Technology Oversight Project. 'We all know online dating can be toxic, but the solution isn't more surveillance,' Cahn said. Cahn recommended that consumers think twice about sharing data with companies because 'opting out is really the best protection we have.' Tea is hardly the first dating-related service to have a security breach. In February 2014, dating app Tinder was revealed to have a technical issue that could provide the physical location of it users without their consent. In July 2015, the company behind Ashley Madison, a dating site for people interested in cheating on their spouses, said hackers had obtained the personal data of millions of members. Some companies and governments have taken action. Tinder offers a verification process using government-issued documents. In May, Texas Gov. Greg Abbott signed a law requiring Google and Apple to verify app store users' ages. Selfies and images can be a 'data goldmine' for artificial intelligence-driven data attacks, said Richard Blech, CEO and co-founder of AI security firm XSOC Corp. That data could be used to train facial recognition spoofing, biometric bypassing and deepfakes. Images accessed in a breach could also be used for fraud and other misrepresentations, said Blech. He said anyone whose images were accessed should be more diligent with their credit reports because biometric data 'isn't going to expire.' 'You're not getting a new number or changing your password,' Blech said. 'There's going to be action on that stolen information. There's no question about it.'
CNN
3 days ago
- Business
- CNN
Here's what cybersecurity experts think about Tea's data breach
The company behind the popular app Tea Dating Advice, which allows women to anonymously share information about the men they date for safety purposes, confirmed on Friday that 72,000 images — including about 13,000 user images submitted during account verification — were accessed in a data storage breach. When creating an account on the Tea app, users are asked to submit a selfie to 'verify that you are a woman.' The app says photos are deleted following account approval. Another 59,000 images that were accessed were 'publicly viewable in the app from posts, comments and direct messages.' Tea said the breach impacted users who registered before February 2024. The breach raises privacy and safety questions about sharing selfies on apps and how users can protect themselves. Rachel Tobac, CEO and co-founder of SocialProof Security, told CNN that while a selfie 'by itself is seemingly innocuous,' it could be used to hack bank accounts and other programs when coupled with government-issued identification. She recommended that Tea users consider freezing their credit, using data brokerage site removal tools, making social media accounts private, using a password manager and multifactor authentication. Tobac said identity verification or age verification has become increasingly popular but is a risky choice for companies. 'Any information that you collect, you have to protect. And the more information you collect, the more interesting of a target you are for cyber criminals,' Tobac said. And accepting facial recognition as the norm can also add to the risk of how law enforcement agencies or hackers can use information against consumers, said Albert Fox Cahn, founder and executive director of the Surveillance Technology Oversight Project. 'We all know online dating can be toxic, but the solution isn't more surveillance,' Cahn said. Cahn recommended that consumers think twice about sharing data with companies because 'opting out is really the best protection we have.' Tea is hardly the first dating-related service to have a security breach. In February 2014, dating app Tinder was revealed to have a technical issue that could provide the physical location of it users without their consent. In July 2015, the company behind Ashley Madison, a dating site for people interested in cheating on their spouses, said hackers had obtained the personal data of millions of members. Some companies and governments have taken action. Tinder offers a verification process using government-issued documents. In May, Texas Gov. Greg Abbott signed a law requiring Google and Apple to verify app store users' ages. Selfies and images can be a 'data goldmine' for artificial intelligence-driven data attacks, said Richard Blech, CEO and co-founder of AI security firm XSOC Corp. That data could be used to train facial recognition spoofing, biometric bypassing and deepfakes. Images accessed in a breach could also be used for fraud and other misrepresentations, said Blech. He said anyone whose images were accessed should be more diligent with their credit reports because biometric data 'isn't going to expire.' 'You're not getting a new number or changing your password,' Blech said. 'There's going to be action on that stolen information. There's no question about it.'
CNN
3 days ago
- Business
- CNN
Here's what cybersecurity experts think about Tea's data breach
The company behind the popular app Tea Dating Advice, which allows women to anonymously share information about the men they date for safety purposes, confirmed on Friday that 72,000 images — including about 13,000 user images submitted during account verification — were accessed in a data storage breach. When creating an account on the Tea app, users are asked to submit a selfie to 'verify that you are a woman.' The app says photos are deleted following account approval. Another 59,000 images that were accessed were 'publicly viewable in the app from posts, comments and direct messages.' Tea said the breach impacted users who registered before February 2024. The breach raises privacy and safety questions about sharing selfies on apps and how users can protect themselves. Rachel Tobac, CEO and co-founder of SocialProof Security, told CNN that while a selfie 'by itself is seemingly innocuous,' it could be used to hack bank accounts and other programs when coupled with government-issued identification. She recommended that Tea users consider freezing their credit, using data brokerage site removal tools, making social media accounts private, using a password manager and multifactor authentication. Tobac said identity verification or age verification has become increasingly popular but is a risky choice for companies. 'Any information that you collect, you have to protect. And the more information you collect, the more interesting of a target you are for cyber criminals,' Tobac said. And accepting facial recognition as the norm can also add to the risk of how law enforcement agencies or hackers can use information against consumers, said Albert Fox Cahn, founder and executive director of the Surveillance Technology Oversight Project. 'We all know online dating can be toxic, but the solution isn't more surveillance,' Cahn said. Cahn recommended that consumers think twice about sharing data with companies because 'opting out is really the best protection we have.' Tea is hardly the first dating-related service to have a security breach. In February 2014, dating app Tinder was revealed to have a technical issue that could provide the physical location of it users without their consent. In July 2015, the company behind Ashley Madison, a dating site for people interested in cheating on their spouses, said hackers had obtained the personal data of millions of members. Some companies and governments have taken action. Tinder offers a verification process using government-issued documents. In May, Texas Gov. Greg Abbott signed a law requiring Google and Apple to verify app store users' ages. Selfies and images can be a 'data goldmine' for artificial intelligence-driven data attacks, said Richard Blech, CEO and co-founder of AI security firm XSOC Corp. That data could be used to train facial recognition spoofing, biometric bypassing and deepfakes. Images accessed in a breach could also be used for fraud and other misrepresentations, said Blech. He said anyone whose images were accessed should be more diligent with their credit reports because biometric data 'isn't going to expire.' 'You're not getting a new number or changing your password,' Blech said. 'There's going to be action on that stolen information. There's no question about it.'
Yahoo
16-07-2025
- Business
- Yahoo
Social Engineering Expert and Hacker Rachel Tobac to Deliver Keynote at CyberSheath's CMMC CON 2025
RESTON, Va., July 16, 2025--(BUSINESS WIRE)--With federal contractors facing mandatory CMMC compliance deadlines and sophisticated social engineering attacks on the rise, defense industrial base (DIB) organizations need proven strategies to protect sensitive data from human-centered threats. CyberSheath, the largest CMMC managed service vendor in the DIB, will host its sixth annual free virtual conference, CMMC CON 2025: Compliance Blueprint – Plan. Execute. Certify., on Sept. 24-25, 2025. Rachel Tobac, renowned hacker and CEO of SocialProof Security, will deliver the keynote on the event's first day. She'll break down recent cyberattacks in the news and how to defend against the latest hacking methods, even when criminals are using AI. Her tales from the field and live hacking demonstrations throughout the presentation are sure to keep you and your team "politely paranoid" to catch the next human hacker in the act. "Rachel's hands-on experience exposing vulnerabilities through social engineering gives her a unique perspective on the threats our DIB contractors face daily," said Eric Noonan, CEO of CyberSheath. "Her ability to demonstrate how attackers exploit human psychology makes her the perfect speaker to help our attendees understand why CMMC compliance is so crucial and defend against these sophisticated tactics." Tobac gained recognition in DEF CON's Social Engineering Competition, establishing her as a formidable expert in the field. As CEO of SocialProof Security, she helps organizations strengthen their security posture through targeted training and penetration testing focused on social engineering threats. Her cybersecurity expertise has been sought after at the highest levels of government. Tobac served on the CISA Technical Advisory Council under Director Jen Easterly, where she contributed to national cybersecurity initiatives. Beyond her professional achievements, Tobac serves as Chair of the Board for Women in Security and Privacy (WISP), where she works to advance women leaders in cybersecurity fields. CMMC CON 2025 will feature sessions from leading experts covering compliance strategies, threat mitigation, legal insights, and practical steps for achieving and maintaining CMMC certification. The two-day virtual event runs from 9 a.m. to 1 p.m. EDT each day, providing attendees with actionable insights to enhance their cybersecurity posture and meet Department of Defense requirements. Learn more about CMMC CON 2025 and register to join the two-day event. About CyberSheathEstablished in 2012, CyberSheath is one of the most experienced and trusted IT security services partners for the U.S. defense industrial base. From CMMC compliance to strategic security planning to managed security services, CyberSheath offers a comprehensive suite of offerings tailored to clients' information security and regulatory compliance needs. Learn more at View source version on Contacts CyberSheath Services International, LLCKristen Lexie CapperellaGregory FCA for CyberSheathcybersheath@ Sign in to access your portfolio
Business Wire
16-07-2025
- Business
- Business Wire
Social Engineering Expert and Hacker Rachel Tobac to Deliver Keynote at CyberSheath's CMMC CON 2025
RESTON, Va.--(BUSINESS WIRE)--With federal contractors facing mandatory CMMC compliance deadlines and sophisticated social engineering attacks on the rise, defense industrial base (DIB) organizations need proven strategies to protect sensitive data from human-centered threats. CyberSheath, the largest CMMC managed service vendor in the DIB, will host its sixth annual free virtual conference, CMMC CON 2025: Compliance Blueprint – Plan. Execute. Certify., on Sept. 24-25, 2025. Rachel Tobac, renowned hacker and CEO of SocialProof Security, will deliver the keynote on the event's first day. She'll break down recent cyberattacks in the news and how to defend against the latest hacking methods, even when criminals are using AI. Her tales from the field and live hacking demonstrations throughout the presentation are sure to keep you and your team 'politely paranoid' to catch the next human hacker in the act. 'Rachel's hands-on experience exposing vulnerabilities through social engineering gives her a unique perspective on the threats our DIB contractors face daily,' said Eric Noonan, CEO of CyberSheath. 'Her ability to demonstrate how attackers exploit human psychology makes her the perfect speaker to help our attendees understand why CMMC compliance is so crucial and defend against these sophisticated tactics.' Tobac gained recognition in DEF CON's Social Engineering Competition, establishing her as a formidable expert in the field. As CEO of SocialProof Security, she helps organizations strengthen their security posture through targeted training and penetration testing focused on social engineering threats. Her cybersecurity expertise has been sought after at the highest levels of government. Tobac served on the CISA Technical Advisory Council under Director Jen Easterly, where she contributed to national cybersecurity initiatives. Beyond her professional achievements, Tobac serves as Chair of the Board for Women in Security and Privacy (WISP), where she works to advance women leaders in cybersecurity fields. CMMC CON 2025 will feature sessions from leading experts covering compliance strategies, threat mitigation, legal insights, and practical steps for achieving and maintaining CMMC certification. The two-day virtual event runs from 9 a.m. to 1 p.m. EDT each day, providing attendees with actionable insights to enhance their cybersecurity posture and meet Department of Defense requirements. Learn more about CMMC CON 2025 and register to join the two-day event. About CyberSheath Established in 2012, CyberSheath is one of the most experienced and trusted IT security services partners for the U.S. defense industrial base. From CMMC compliance to strategic security planning to managed security services, CyberSheath offers a comprehensive suite of offerings tailored to clients' information security and regulatory compliance needs. Learn more at
