Security

Male-Oriented App 'TeaOnHer' Also Had Security Flaws That Could Leak Men's Driver's License Photos (techcrunch.com) 107

The women-only dating-advice app Tea "has been hit with 10 potential class action lawsuits in federal and state court," NBC News reported last week, "after a data breach led to the leak of thousands of selfies, ID photos and private conversations online." The suits could result in Tea having to pay tens of millions of dollars in damages to the plaintiffs, which could be catastrophic for the company, an expert told NBC News... One of the suits lists the right-wing online discussion board 4chan and the social platform X as defendants, alleging that they allowed bad actors to spread users' personal information.
But meanwhile, a new competing app for men called "TeaOnHer" has already been launched. And it was also found to have enormous security flaws, reports TechCrunch, that "exposed its users' personal information, including photos of their driver's licenses and other government-issued identity documents..." [W]hen we looked at the TeaOnHer's public internet records, it had no meaningful information other than a single subdomain, appserver.teaonher.com. When we opened this page in our browser, what loaded was the landing page for TeaOnHer's API (for the curious, we uploaded a copy here)... It was on this landing page that we found the exposed email address and plaintext password (which wasn't that far off from "password") for [TeaOnHer developer Xavier] Lampkin's account to access the TeaOnHer "admin panel"... This API landing page included an endpoint called /docs, which contained the API's auto-generated documentation (powered by a product called Swagger UI) that contained the full list of commands that can be performed on the API [including administrator commands to return user data]...

While it's not uncommon for developers to publish their API documentation, the problem here was that some API requests could be made without any authentication — no passwords or credentials were needed...

The records returned from TeaOnHer's server contained users' unique identifiers within the app (essentially a string of random letters and numbers), their public profile screen name, and self-reported age and location, along with their private email address. The records also included web address links containing photos of the users' driver's licenses and corresponding selfies. Worse, these photos of driver's licenses, government-issued IDs, and selfies were stored in an Amazon-hosted S3 cloud server set as publicly accessible to anyone with their web addresses. This public setting lets anyone with a link to someone's identity documents open the files from anywhere with no restrictions...

The bugs were so easy to find that it would be sheer luck if nobody malicious found them before we did. We asked, but Lampkin would not say if he has the technical ability, such as logs, to determine if anyone had used (or misused) the API at any time to gain access to users' verification documents, such as by scraping web addresses from the API. In the days since our report to Lampkin, the API landing page has been taken down, along with its documentation page, and it now displays only the state of the server that the TeaOnHer API is running on as "healthy."

The flaws were discovered while TeaOnHer was the #2 free app in the Apple App Store, the article points out. And while these flaws "appear to be resolved," the article notes a larger issue. "Shoddy coding and security flaws highlight the ongoing privacy risks inherent in requiring users to submit sensitive information to use apps and websites,"

And TeaOnHer also had another authentication issue. A female reporter at Cosmopolitan also noted Friday that TeaOnHer "lets you browse through profiles before your verifications are complete. So literally anyone (like myself) can read reviews..."
AI

Google's 'AI Overview' Pointed Him to a Customer Service Number. It Was a Scam (yahoo.com) 55

A real estate developer searched Google for a cruise ship company's customer service number, reports the Washington Post, calling the number in Google's AI Overview. "He chatted with a knowledgeable representative and provided his credit card details," the Post's reporter notes — but the next day he "saw fishy credit card charges and realized that he'd been fooled by an impostor for Royal Caribbean customer service."

And the Post's reporter found the same phone number "appearing to impersonate other cruise company hotlines and popping up in Google and ChatGPT" (including Disney and Carnival's Princess line): He'd encountered an apparent AI twist on a classic scam targeting travelers and others searching Google for customer help lines of airlines and other businesses... The rep knew the cost and pickup locations for Royal Caribbean shuttles in Venice. [And "had persuasive explanations" when questioned about paying certain fees and gratuities.] The rep offered to waive the shuttle fees...

Here's how a scam like this typically works: Bad guys write on online review sites, message boards and other websites claiming that a number they control belongs to a company's customer service center. When you search Google, its technology looks for clues to relevant and credible information, including online advice. If scammer-controlled numbers are repeated as truth often enough online, Google may suggest them to people searching for a business.

Google is a patsy for scammers — and we're the ultimate victims. Google's AI Overviews and OpenAI's ChatGPT may use similar clues as Google's search engine to spit out information gleaned from the web. That makes them new AI patsies for the old impostor number scams.

"I've seen so many versions of similar trickery targeting Google users that I largely blame the company for not doing enough to safeguard its essential gateway to information," the reporter concludes, (adding "So did two experts in Google's inner workings.") The Post is now advising its reader to "be suspicious of phone numbers in Google results or in chatbots."

Reached for comment, a Google spokesman told the Post they'd "taken action" on several impostor numbers identified by the reporter. That spokesman also said Google continues to "work on broader improvements" to "address rarer queries like these." OpenAI said that many of the webpages that ChatGPT referenced with the bogus cruise number appear to have been removed, and that it can take time for its information to update "after abusive content is removed at the source."
Meanwhile, the man with the bogus charges has now canceled his credit card, the Post reports, with the charges being reversed. Reflecting on his experience, he tells the Post's readers "I can't believe that I fell for it. Be careful."
Transportation

$81M 'Trade Secrets' Verdict Against Boeing Was Overturned - and Then Reinstated (reuters.com) 9

14 months ago a jury ruled against Boeing, awarding $81 million in damages to failed electric airplane startup Zunum. "Zunum alleged that Boeing, while ostensibly investing seed money to get the startup off the ground, stole Zunum's technology and actively undermined its attempts to build a business," the Seattle Times reported at the time.

But two months later that verdict was overturned, Reuters reports, with U.S. District Judge James Robart deciding that Zunum "did not adequately identify its secrets or show that they derived their value from being kept secret."

And then three days ago a U.S. appeals court reinstated the original $81 million award, reversing that district judge's decision and "rejecting his finding that the information Boeing allegedly stole was not entitled to trade-secret protection." [T]he district court erred in concluding that "Zunum failed to identify any of its alleged trade secrets with sufficient particularity"... Here, the court rejected Zunum's repeated attempts to introduce comprehensive trade secret definitions into evidence and instead provided the jury with a court-created exhibit enumerating Zunum's alleged trade secrets with a short description of each. Zunum's witnesses identified the trade secrets by number, provided a basic explanation of each, and used exhibits and demonstratives to exemplify information comprising specific trade secrets.
"internal Boeing communications introduced at trial suggesting that Boeing intended to modify its own in-house designs, methods, and strategies to incorporate information from certain Zunum trade secrets..." according to the new ruling. "Under the parties' agreement, Boeing was not permitted to use Zunum's confidential information for any reason other than to manage its investment in Zunum."

Reuters adds that "A spokesperson for Boeing declined to comment on the appeals court's decision"

One final note: The appeals court also ordered the case to be assigned to a new judge after Robart revealed that his wife had acquired Boeing stock through a retirement savings account during the litigation.
Judge Robart had called that an "error". (And judicial ethics experts interviewed by Business Insider in 2024 "characterized Robart's trades and delayed disclosure to the parties as a minor issue," they reported Thursday.)

But Thursday's ruling notes that the delayed disclosure "taken together with the district court's consistent rulings in Boeing's favor during and after trial, could give an objective observer reason to question the district judge's impartiality in further proceedings."
AI

Duolingo's Stock Down 38%, Plummets After OpenAI's GPT-5 Language App-Building Demo (yahoo.com) 91

Duolingo's stock peaked at $529.05 on May 16th. Three months later, it's down 38% — with that drop starting shortly after backlash to the CEO's promise to make it an "AI-first" company.

Yet "The backlash against Duolingo going 'AI-first' didn't even matter," TechCrunch wrote August 7th, noting Duolingo's stock price surged almost 30% overnight. That surge vanished within two days — and instead of a 30% surge, Duolingo now shows a 5% drop over the last eight days.

Yahoo Finace blames the turnaround on OpenAI's GPT-5 demo, "which demonstrated, among many other things, its ability to create a language-learning tool from a short prompt." OpenAI researcher Yann Dubois asked the model to create an app to help his partner learn French. And in a few minutes GPT-5 churned out several iterations, with flashcards, a progress tracker, and even a simple snake-style game with a French twist, a mouse and cheese variation to learn new vocab....

[Duolingo's] corporate lawyers, of course, did warn against this in its annual 10-K, albeit in boilerplate language. Tucked into the risk factors section, Duolingo notes, "It is possible that a new product could gain rapid scale at the expense of existing brands through harnessing a new technology (such as generative AI)." Consider this another warning to anyone making software. [The article adds later that "Rapid development and fierce competition can leave firms suddenly behind — perceived as under threat, inferior, or obsolete — from every iteration of OpenAI's models and from the moves of other influential AI players..."]

There's also irony in the wild swings. Part of Duolingo's successful quarter stemmed from the business's efficient use of AI. Gross margins, the company said, outperformed management expectations due to lower AI costs. And AI conversational features have become part of the company's learning tools, helping achieve double-digit subscriber growth... But the enthusiasm for AI, which led to the initial stock bump this week, also led to the clawback. AI giveth and taketh away.

Meanwhile, this week a blog announced it was "able to activate a long-rumored Practice feature" hidden in Google Translate, notes PC Magazine, with the blogger even sharing a screen recording of "AI-led features within Translate" showing its ability to create personalized lessons. "Google's take on Duolingo is effectively ready for release," the Android Authority blog concluded. "Furthermore, the fact that a Telegram user spotted this in their app suggests that Google is already testing this in a limited fashion."

Duolingo's CEO revisited the backlash to his original "AI-first" promise today in a new interview today with the New York Times, emphasizing his hope that AI would only reduce the company's use of contractors. "We've never laid off any full-time employees. We don't plan to...." But: In the next five years, people's jobs will probably change. We're seeing it with many of our engineers. They may not be doing some rote tasks anymore. What will probably happen is that one person will be able to accomplish more, rather than having fewer people.

NYT: How are you managing that transition for employees?

Every Friday morning, we have this thing: It's a bad acronym, f-r-A-I-days. I don't know how to pronounce it. Those mornings, we let each team experiment on how to get more efficient to use A.I.

Yesterday there was also a new announcement from attorneys at Pomerantz LLP, which calls itself "the oldest law firm in the world dedicated to representing the rights of defrauded investors."

The firm announced it was investigating "whether Duolingo and certain of its officers and/or directors have engaged in securities fraud or other unlawful business practices."
Intel

Former Intel Engineer Sentenced for Stealing Trade Secrets for Microsoft (tomshardware.com) 37

After leaving a nearly 10-year position as a product marketing engineer at Intel, Varun Gupta was charged with possessing trade secrets. He was facing a maximum sentence of 10 years in prison, a $250,000 fine and three years of supervised release, according to Oregon's U.S. Attorney's Office.

Portland's KGW reports: While still employed at Intel, Varun Gupta downloaded about 4,000 files, which included trade secrets and proprietary materials, from his work computer to personal portable hard drives, according to the U.S. Attorney's Office for the District of Oregon. While working for Microsoft, between February and July 2020, Gupta accessed and used information during ongoing negotiations with Intel regarding chip purchases, according to a sentencing memo. Some of the information containing trade secrets included a PowerPoint presentation that referenced Intel's pricing strategy with another major customer, according to the U.S. Attorney's Office for the District of Oregon in a sentencing memo.

Intel raised concerns in 2020, and Microsoft and Intel launched a joint investigation, the sentencing memo says. Intel filed a civil lawsuit in February 2021 that resulted in Gupta being ordered to pay $40,000.

Tom's Hardware summarizes the trial: Oregon Live reports that the prosecutor, Assistant U.S. Attorney William Narus, sought an eight-month prison term for Gupta. Narus spoke about Gupta's purposeful and repeated access to secret documents. Eight months of federal imprisonment was sought as Gupta repetitively abused his cache of secret documents, according to the prosecutor.

For the defense, attorney David Angeli described Gupta's actions as a "serious error in judgment." Mitigating circumstances, such as Gupta's permanent loss of high-level employment opportunities in the industry, and that he had already paid $40,000 to settle a civil suit brought by Intel, were highlighted.

U.S. District Judge Amy Baggio concluded the court hearing by delivering a balance between the above adversarial positions. Baggio decided that Gupta should face a two-year probationary sentence [and pay a $34,472 fine — before heading back to France]... The ex-tech exec and his family have started afresh in La Belle France, with eyes on a completely new career in the wine industry. According to the report, Gupta is now studying for a qualification in vineyard management, while aiming to work as a technical director in the business.

Data Storage

Seagate 'Spins Up' a Raid on a Counterfeit Hard Drive Workshop (tomshardware.com) 47

An anonymous reader shared this report from Tom's Hardware: According to German news outlet Heise, notable progress has been made regarding the counterfeit Seagate hard drive case. Just like something out of an action movie, security teams from Seagate's Singapore and Malaysian offices, in conjunction with local Malaysian authorities, conducted a raid on a warehouse in May that was engaged in cooking up counterfeit Seagate hard drives, situated outside Kuala Lumpur.

During the raid, authorities reportedly uncovered approximately 700 counterfeit Seagate hard drives, with SMART values that had been reset to facilitate their sale as new... However, Seagate-branded drives were not the only items involved, as authorities also discovered drives from Kioxia and Western Digital. Seagate suspects that the used hard drives originated from China during the Chia [cryptocurrency] boom. Following the cryptocurrency's downfall, numerous miners sold these used drives to workshops where many were illicitly repurposed to appear new. This bust may represent only the tip of the iceberg, as Heise estimates that at least one million of these Chia drives are circulating, although the exact number that have been recycled remains uncertain.

The clandestine workshop, likely one of many establishments in operation, reportedly employed six workers. Their responsibilities included resetting the hard drives' SMART values, cleaning, relabeling, and repackaging them for distribution and sale via local e-commerce platforms.

Piracy

'Yubin Archive' Pirate Library Operator Arrested, Illegal Study Materials Group Canceled For 330K Members (torrentfreak.com) 36

South Korean authorities have arrested the operator of Yubin Archive, a Telegram-based "pirate library" that grew to over 330,000 members by sharing textbooks, workbooks, lectures, and exam prep materials under the banner of "eliminating educational inequality." TorrentFreak reports: An official statement confirming the operator's arrest was published locally on August 12. The timeline suggests the arrest probably took place on or around August 9. The following notice appeared on Yubin Archive on August 11. "The Ministry of Culture and Sports' Copyright Crime Science Investigation Team used digital science investigation (forensics) and various investigation methods to identify the core operator, conduct simultaneous search and seizure at their homes, and fully secure the Telegram criminal activities," the Ministry's statement reads. "Investigations into accomplices who participated in the operation are also underway."

While copyright infringement at scale is almost always a crime, regardless of content type or claimed good intention, having a Robin Hood character in the mix risks dilution of key anti-piracy messaging. No surprise then that much is being made of the existence of a 'minority room' within Yubin Archive, access to which was only permitted upon payment of a fee. "The core operator of the 'Yubin Archive', who was arrested, was found to have created a separate paid sharing channel (also known as a minority channel) while promoting the illegal sharing of learning materials as a noble act to eliminate educational inequality," the Ministry notes. "In addition, the illegal sharing channel was a criminal act that could instill incorrect copyright awareness in most users, including teenagers. The Ministry of Culture and Sports is committed to continuing its efforts to track and strictly respond to illegal activities that abuse anonymous channels such as Telegram, to protect the rights of creators."

Privacy

Proton Begins Shifting Infrastructure Outside of Switzerland Ahead of Surveillance Legislation (techradar.com) 26

Proton has begun relocating infrastructure outside Switzerland ahead of proposed surveillance legislation requiring VPNs and messaging services with over 5,000 users to identify customers and retain data for six months.

The company's AI chatbot Lumo became the first product hosted on German servers rather than Swiss infrastructure. CEO Andy Yen confirmed the decision and a spokesperson told TechRadar that the company isn't fully exiting Switzerland.

In a blog post about the launch of Lumo last month, Proton's Head of Anti-Abuse and Account Security, Eamonn Maguire, explained that the company had decided to invest outside Switzerland for fear of the looming legal changes. He wrote: "Because of legal uncertainty around Swiss government proposals to introduce mass surveillance -- proposals that have been outlawed in the EU -- Proton is moving most of its physical infrastructure out of Switzerland. Lumo will be the first product to move."

The proposed amendments to Switzerland's Ordinance on the Surveillance of Correspondence by Post and Telecommunications would also mandate decryption capabilities for providers holding encryption keys. Proton is developing additional facilities in Norway.
Government

Trump Administration Considers Stake In Intel (cnbc.com) 102

Intel's stock jumped 7% after reports that the Trump administration is considering taking a stake in the struggling chipmaker to support U.S.-based manufacturing. CNBC reports: Intel is the only U.S. company with the capability to manufacture the fastest chips on U.S. shores, although rivals including Taiwan Semiconductor Manufacturing Company and Samsung also have U.S. factories. President Donald Trump has called for more chips and high technology to be manufactured in the U.S. The government's stake would help fund factories that Intel is currently building in Ohio, according to the report.
Piracy

Impoverished Streaming Services Are Driving Viewers Back to Piracy (theguardian.com) 136

Rising subscription costs, shrinking content libraries, and regional restrictions are pushing viewers back toward piracy. Once seen as nearly dead, piracy has resurged through illicit streaming platforms as the fractured, ad-laden streaming market struggles to deliver convenience and value. The Guardian reports: According to London-based piracy monitoring and content-protection firm MUSO, unlicensed streaming is the predominant source of TV and film piracy, accounting for 96% in 2023 (PDF). Piracy reached a low in 2020, with 130bn website visits. But by 2024 that number had risen to 216bn (PDF). In Sweden, 25% of people surveyed (PDF) reported pirating in 2024, a trend mostly driven by those aged 15 to 24. Piracy is back, just sailing under a different flag.

"Piracy is not a pricing issue," Gabe Newell, the co-founder of Valve, the company behind the world's largest PC gaming platform, Steam, observed in 2011. "It's a service issue." Today, the crisis in streaming makes this clearer than ever. With titles scattered, prices on the rise, and bitrates throttled depending on your browser, it is little wonder some viewers are raising the jolly roger again. Studios carve out fiefdoms, build walls and levy tolls for those who wish to visit. The result is artificial scarcity in a digital world that promised abundance.

Whether piracy today is rebellion or resignation is almost irrelevant; the sails are hoisted either way. As the streaming landscape fractures into feudal territories, more viewers are turning to the high seas. The Medici understood the value linked to access. [The 2016 historical drama series tells of the rise of the powerful Florentine banking dynasty, and with it, the story of the Renaissance.] A client could travel from Rome to London and still draw on their credit, thanks to a network built on trust and interoperability. If today's studios want to survive the storm, they may need to rediscover that truth.

The Courts

Apple Returns Blood Oxygen Monitoring to the Latest Apple Watches (techcrunch.com) 23

Apple has reintroduced blood oxygen monitoring to certain Apple Watch models in the U.S. by shifting the feature's calculations to the paired iPhone, sidestepping an ITC import ban stemming from its legal dispute with medical device maker Masimo. TechCrunch reports: Blood oxygen data will be measured and calculated on the user's paired iPhone, and results can be viewed in the Respiratory section of the Health app. This means users won't be able to view the data on their Apple Watch, as they'll need to do so on their iPhone. Apple says the update announced today is enabled by a recent U.S. Customs ruling, which means that the tech giant is allowed to import Apple Watches with the redesigned Blood Oxygen feature.

The change doesn't affect previously sold models with the original version of the feature or units bought outside the U.S. The redesigned feature only applies to Apple Watches that were sold after the ITC import ban took effect in early 2024. These users can access the redesigned Blood Oxygen feature through an iPhone and Apple Watch software update coming on Thursday.

Privacy

Data Brokers Are Hiding Their Opt-Out Pages From Google Search (wired.com) 29

Data brokers are required by California law to provide ways for consumers to request their data be deleted. But good luck finding them. From a report: More than 30 of the companies, which collect and sell consumers' personal information, hid their deletion instructions from Google, according to a review by The Markup and CalMatters of hundreds of broker websites. This creates one more obstacle for consumers who want to delete their data.

Many of the pages containing the instructions, listed in an official state registry, use code to tell search engines to remove the page entirely from search results. Popular tools like Google and Bing respect the code by excluding pages when responding to users. Data brokers nationwide must register in California under the state's Consumer Privacy Act, which allows Californians to request that their information be removed, that it not be sold, or that they get access to it. After reviewing the websites of all 499 data brokers registered with the state, we found 35 had code to stop certain pages from showing up in searches.

The Military

How the Unraveling of Two Pentagon Projects May Result In a Costly Do-Over (reuters.com) 85

The Pentagon is poised to cancel two nearly finished Navy and Air Force HR software projects worth over $800 million so new contracts can be awarded to other vendors, including Salesforce, Palantir, and Workday. "The reason for the unusual move: officials at those departments, who have so far put the existing projects on hold, want other firms, including Salesforce and billionaire Peter Thiel's Palantir, to have a chance to win similar projects, which could amount to a costly do-over," reports Reuters. From the report: In 2019, Accenture said it had won a contract to expand an HR platform to modernize the payroll, absence management, and other HR functions for the Air Force with Oracle software. The project, which includes other vendors and was later expanded to include Space Force, grew to cost $368 million and was scheduled for its first deployment this summer at the Air Force Academy. An April "status update" on the project conducted by the Air Force and obtained by Reuters described the project as "on track," with initial deployment scheduled for June, noting that it would end up saving the Air Force $39 million annually by allowing it to stop using an older system. But on May 30, Darlene Costello, then-Acting assistant Secretary of the Air Force, sent out a memo placing a "strategic pause" on the project for ninety days and calling for the study of alternate technical solutions, according to a copy of the memo seen by Reuters that was previously unreported. Costello, who has since retired, was reacting to pressure from other Air Force officials who wanted to steer a new HR project to SalesForce and Palantir, three sources said. [...] The Air Force said in a statement that it "is committed to reforming acquisition practices, assessing the acquisition workforce, and identifying opportunities to improve major defense acquisition programs."

Space Force, which operates within the Air Force, was set to receive the Air Force's new payroll system in the coming months. But it is also pulling out of the project because officials there want to launch yet another HR platform project to be led by Workday, according to three people familiar with the matter. The service put out a small business tender on May 7 for firms to research HR platform alternatives, with the goal of selecting a company that will recommend Workday as the best option, the people said. Now the Air Force and Space Force "want to start over with vendors that do not meet their requirements, leading to significant duplication and massive costs," said John Weiler, director of the Information Technology Acquisition Advisory Council, a government-chartered nonprofit group that makes recommendations to improve federal IT contracting.

In 2022, the Honolulu-based Nakupuna Companies took over a 2019 project with other firms to integrate the Navy's payroll and personnel systems into one platform using Oracle software and known as "NP2". The project, which has cost about $425 million since 2023, according to the Government Accountability Office, was set to be rolled out earlier this year after receiving a positive review by independent reviewer and consulting firm Guidehouse in January, according to a copy obtained by Reuters. But the head of Navy's human resources, now retired Admiral Rick Cheeseman, sought to cancel the project according to a June 5 memo seen by Reuters, directing another official to "take appropriate contractual actions" to cancel the project. Navy leaders instead mandated yet another assessment of project, according to a memo seen by Reuters, leaving it in limbo, two sources said.

Cheeseman's reason for trying to kill the project was his anger over a decision by DOGE earlier this year to cancel a $171 million contract for data services provider Pantheon Data that essentially duplicated parts of the HR project. In an email obtained by Reuters, he threatened to withhold funding from the Nakupuna-led project unless the Pantheon contract was restored. "I am beyond exasperated with how this happened," Cheeseman wrote in a May 7 email to Chief Information Officer Jane Rathbun about the contract cancellation, arguing the Pantheon contract was not "duplicative of any effort." "From where I sit, I'm content taking every dime away from NP2 in order to continue this effort," he added in the email. The pausing of NP2 was "unexpected, especially given that multiple comprehensive reviews validated the technical solution as the fastest and most affordable approach," Nakupuna said in a statement, adding it was disappointed by the change because the project was ready to deploy. The Navy said it "continues to prioritize essential personnel resources in support of efforts to strengthen military readiness through fiscal responsibility and departmental efficiency."

Privacy

New York Sues Zelle Parent Company, Alleging It Enabled Fraud (cnbc.com) 28

New York Attorney General Letitia James has sued Zelle's parent company, Early Warning Services, alleging it knowingly enabled over $1 billion in fraud from 2017 to 2023 by failing to implement basic safeguards. CNBC reports: "EWS knew from the beginning that key features of the Zelle network made it uniquely susceptible to fraud, and yet it failed to adopt basic safeguards to address these glaring flaws or enforce any meaningful anti-fraud rules on its partner banks," James' office said in the release. The lawsuit alleges that Zelle became a "hub for fraudulent activity" because the registration process lacked verification steps and that EWS and its partner banks knew "for years" that fraud was spreading and did not take actionable steps to resolve it, according to the press release.

James is seeking restitution and damages, in addition to a court order mandating that Zelle puts anti-fraud measures in place. "No one should be left to fend for themselves after falling victim to a scam," James said in the release. "I look forward to getting justice for the New Yorkers who suffered because of Zelle's security failures."
A Zelle spokesperson called the lawsuit a "political stunt to generate press" and a "copycat" of the CFPB lawsuit, which was dropped in March.

"Despite the Attorney General's assertions, they did not conduct an investigation of Zelle," the spokesperson said. "Had they conducted an investigation, they would have learned that more than 99.95 percent of all Zelle transactions are completed without any report of scam or fraud -- which leads the industry."
The Courts

Do Kwon Pleads Guilty to US Fraud Charges In $40 Billion Crypto Collapse (reuters.com) 18

Terraform Labs founder Do Kwon pleaded guilty in U.S. federal court to conspiracy to defraud and wire fraud over the $40 billion collapse of TerraUSD and Luna in 2022. Reuters reports: Kwon, 33, who co-founded Singapore-based Terraform Labs and developed the TerraUSD and Luna currencies, entered the plea at a court hearing in New York before U.S. District Judge Paul Engelmayer. He had pleaded not guilty in January to a nine-count indictment charging him with securities fraud, wire fraud, commodities fraud and money laundering conspiracy.

Accused of misleading investors in 2021 about TerraUSD - a so-called stablecoin designed to maintain a value of $1 - Kwon pleaded guilty to the two counts under an agreement with the Manhattan U.S. Attorney's office, which brought the charges. He faces up to 25 years in prison when Engelmayer sentences him on December 11, though prosecutor Kimberly Ravener said the government had agreed to advocate for a prison term of no more than 12 years provided he accepts responsibility for his crimes.
"I made false and misleading statements about why it regained its peg by failing to disclose a trading firm's role in restoring that peg," Kwon said in court. "What I did was wrong."

Slashdot Top Deals