Cleanup on Aisle Six! How to Close Online Accounts for Savings and Security.

Read Time:5 Minute, 51 Second

How many online accounts do you have? Dozens? Hundreds? You probably have more than you think, and deleting a bunch of them might be the right call.  

You have two good reasons: savings and security. 

Certainly, you have trusted accounts you use all the time, like the one with your bank and a few others with major retailers. Yet you probably have armloads of other accounts on top of those. Within that broader mix, you’ll find accounts for apps, streaming services, online publications, and for retailers where you made one-off purchases years ago. 

Sure, you still access some of them occasionally. Yet there are plenty of other accounts you don’t. And there might be some you’re still paying for too. Closing them down can certainly save you some money. 

Yet there’s a security issue, too. The more online accounts you keep, the greater the exposure you have to data breaches. Each account will have varying degrees of personal and financial information linked to it. And that means each one carries a varying degree of risk if it gets breached. Moreover, some sites and services protect data better than others, which adds another dimension of risk. 

Closing old and particularly risky accounts can decrease the risk of your personal and financial information winding up in the hands of an identity thief.  

And there’s one more reason why you might consider cleaning up your old accounts. Your privacy. Companies hold all kinds of personal information in their databases. If you’re not using an account anymore, why should a company have it? 

With security and savings in mind, McAfee created Online Account Cleanup. It finds and requests the deletion of unused accounts and protects your personal data from data breaches as a result. Monthly scans across your online accounts shows a risk level for each account and helps you decide which ones to delete. 

And now is certainly a good time to trim down those accounts—about half a billion data records were exposed worldwide between 2020 and 2022. And those are the reported figures. Actual figures are arguably higher. 

In all, Online Account Cleanup can help you take charge of your personal and financial information at a time where bad actors prize it so highly. 

How McAfee’s Online Account Cleanup helps put you in charge 

Our Online Account Cleanup lets you view all your accounts tied to your email in one place and helps you decide which ones you want to delete. It assigns a risk level to each of the accounts based on how much personal information is usually shared with each company, as well as past breaches and industry breach potential.  

When you decide to delete an account, it links you to the website in question. From there, it shows you how you can request to have your data deleted from their database. If you’re a McAfee+ Ultimate customer, it can take care of this part for you with a single click.  

Our Online Account Cleanup will continue to run monthly scans to find any new online accounts so you can stay on top of your digital footprint. 

How McAfee’s Online Account Cleanup works 

1) Scan for accounts 

You can scan whichever email address you select. Scanning an email inbox is the best way to see how many companies or organizations have access to your information. Don’t worry, we’re only looking for company email domains, welcome emails, timestamps, and most importantly—spam. 

If you decide to let McAfee help you request data deletion, we’ll keep tabs on the email replies you receive from the companies requesting more information or confirming that your data has been deleted. 

2) Review and delete accounts 

The risk level next to each account is calculated based on how much personal information each company or organization is likely to have access to and the breach potential for the company’s industry. The more important the info, such as credit card, Social Security Number, driver’s license number, the higher the risk. If the organization is in an industry with a low breach potential, like government agencies, the risk will be lower. Keep in mind, risk level doesn’t mean your specific account is more or less susceptible to getting hacked.  

For the accounts you choose to delete, we’ll provide you with instructions on how to send a deletion request and link you to the company’s website. Or if you’re using McAfee+ Ultimate, we’ll send the request for you with a single click.  

3) Recurring monitoring 

We’ll scan each month to keep you up to date on new accounts. When combined with other McAfee features like identity monitoring, transaction monitoring, and Personal Data Cleanup, plus credit monitoring and a VPN, you’ll have protection in breadth and depth. You’ll find features like these across our McAfee+ plans, which keep your privacy and identity more secure. 

See for yourself. Take a quick tour of McAfee’s Online Account Cleanup. 

Questions about your personal data? We have answers. 

Are companies required to delete my personal data? 

Not all companies are required to delete your data. It depends on the privacy laws of the country or region in which you live. For example, if you’re a resident of California or the European Union, companies are required to delete your data upon request because privacy laws require them to do so (subject to certain exceptions). 

How fast will my data be deleted after sending a request? 

Sometimes, deleting your personal data is not a one-click process. In other cases, companies will reach out to you to further verify your identity or ask for additional information. To make the deletion process more comfortable, you can view and reply to the companies directly from your McAfee Protection Center. We don’t collect any of these email messages. Your email messages remain in your own inbox. 

Should I scan my primary email address or an email I use for spam? 

We recommend using the email address that’s linked to your online accounts that use your credit card, address, or other sensitive information. These accounts are at higher risk than accounts that only have your email tied to them. 

Cleaning up online accounts for savings and security 

Saving money feels great. Especially when you shut down an online subscription you’re no longer using.  

But there’s more to deleting old accounts than that. It can protect you from data breaches. Which, if you think about it, is a strong financial move as well. Consider how costly identity theft can be in terms of time and money. 

Our new Online Account Cleanup can help you delete unused and risky accounts—and do it in minutes instead of the hours it used to take. It’s available now as part of our McAfee+ plans. 

The post Cleanup on Aisle Six! How to Close Online Accounts for Savings and Security. appeared first on McAfee Blog.

Read More

Shadow IT is increasing and so are the associated security risks

Read Time:47 Second

Despite years of modernization initiatives, CISOs are still contending with an old-school problem: shadow IT, technology that operates within an enterprise but is not officially sanctioned — or on the radar of — the IT department. Unvetted software, services, and equipment can be nightmare fuel for a security team, potentially introducing a lurking host of vulnerabilities, entry points for bad actors, and malware.

In fact, it is as big a problem as ever and may even worsen. Consider the figures from research firm Gartner, which found that 41% of employees acquired, modified, or created technology outside of IT’s visibility in 2022 and expects that number to climb to 75% by 2027. Meanwhile, the 2023 shadow IT and project management survey from technology review platform Capterra, found that 57% of small and midsize businesses have had high-impact shadow IT efforts occurring outside the purview of their IT departments.

To read this article in full, please click here

Read More

Department of Defense AI principles have a place in the CISO’s playbook

Read Time:39 Second

Artificial intelligence has zoomed to the forefront of the public and professional discourse — as have expressions of fear that as AI advances, so does the likelihood that we will have created a variety of beasts that threaten our very existence. Within those fears also lay worries about the responsibilities of those who create the large language models (LLM) and engines that harvest the data that feed them to do so in an ethical manner.

To be frank, I hadn’t given the matter much thought until I was triggered by a recent discussion around the need for “responsible and ethical AI” which occurred amidst the constant blast that AI is evil personified or conversely that it is some holy grail.

To read this article in full, please click here

Read More

USN-6142-1: nghttp2 vulnerability

Read Time:12 Second

Gal Goldshtein discovered that nghttp2 incorrectly handled certain inputs. If
a user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service.

Read More

USN-6140-1: Go vulnerabilities

Read Time:1 Minute, 16 Second

It was discovered that Go did not properly manage memory under certain
circumstances. An attacker could possibly use this issue to cause a panic
resulting in a denial of service. This issue only affected golang-1.19 on
Ubuntu 22.10. (CVE-2022-41724, CVE-2023-24534, CVE-2023-24537)

It was discovered that Go did not properly validate the amount of memory
and disk files ReadForm can consume. An attacker could possibly use this
issue to cause a panic resulting in a denial of service. This issue only
affected golang-1.19 on Ubuntu 22.10. (CVE-2022-41725)

It was discovered that Go did not properly validate backticks (`) as
Javascript string delimiters, and did not escape them as expected. An
attacker could possibly use this issue to inject arbitrary Javascript code
into the Go template. This issue only affected golang-1.19 on Ubuntu 22.10.
(CVE-2023-24538)

It was discovered that Go did not properly validate the angle brackets in
CSS values. An attacker could possibly use this issue to inject arbitrary
CSS code. (CVE-2023-24539)

It was discovered that Go did not properly validate whitespace characters
in Javascript, and did not escape them as expected. An attacker could
possibly use this issue to inject arbitrary Javascript code into the Go
template. (CVE-2023-24540)

It was discovered that Go did not properly validate HTML attributes with
empty input. An attacker could possibly use this issue to inject arbitrary
HTML tags into the Go template. (CVE-2023-29400)

Read More

A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution

Read Time:30 Second

A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More