Apple is splitting its App Store division in half, according to a report from Bloomberg. While one group of employees will run the App Store, the other will manage its approach to alternative marketplaces that have started opening up in the European Union.

As part of the change, App Store vice president Matt Fischer will leave the company after more than a decade in the role. “This has been on my mind for some time, and as we are also reorganizing the team to better manage new challenges and opportunities, now is the right moment to pass the baton to two outstanding leaders on my team,” Fischer writes in an email to employees seen by Bloomberg.

Now, Apple senior director Carson Oliver will reportedly oversee the App Store division, while Ann Thai, a product director at the company, will head up the group that tackles alternative distribution. App Store chief Phil Schiller will oversee both divisions. The Verge reached out to Apple with a request for comment but didn’t immediately hear back.

Lego’s Mario Kart collection includes new buildable versions of characters like Yoshi, Donkey Kong, and Toad; baby versions of Mario, Luigi, and Princess Peach; and several kart designs, from motorcycles to flying pirate ships.

There are also green and red shells that can actually be fired from the karts. The new sets are compatible with existing interactive Lego Super Mario figures, with Mario, Luigi, and Princess Peach playing sound effects like horns or the squeal of a drifting kart’s tires from the Mario Kart games.

The Mario Kart collection includes a 133-piece blue Yoshi on a Yoshi-themed motorcycle, a 174-piece version of Mario’s iconic red kart with Toad in pit crew attire, a 387-piece Donkey Kong at the wheel of a barrel, a 321-piece baby Mario and Luigi battling to pop each other’s balloons, a 390-piece version of Toad’s garage, and an 823-piece Grand Prix that comes with a starting gate and three karts.

Pricing ranges from $14.99 for the Yoshi Bike set, the smallest of the six, to $79.99 for the Baby Peach and Grand Prix set, which comes with four buildable characters, including baby Peach. Collectors probably won’t want to make any New Year’s resolutions about being fiscally responsible starting on January 1st.

National Public Data (NPD), a background check company, admitted it exposed sensitive info like phone numbers, addresses and Social Security numbers to hackers. 

While the company hasn’t shared how big the breach is, it supposedly involves 2.7 billion records, likely including some data on almost every American.

It gets even worse. A new report revealed that another NPD data broker, which shares access to the same consumer records, published user passwords to its back-end database.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

What you need to know

KrebsOnSecurity reported that a sister NPD property, called recordscheck.net, was hosting an archive that included the usernames and passwords of the site’s administrator.

A review of the now-removed archive reveals that it contained the source code, along with plain text usernames and passwords, for various components of recordscheck.net. This site bears a striking resemblance to nationalpublicdata.com, with matching login pages.

The exposed archive, titled “members.zip,” suggests that all RecordsCheck users were initially given the same six-character password and advised to change it, though many didn’t.

According to KrebsOnSecurity, which referenced breach tracking service Constella Intelligence, the passwords found in the source code archive match those exposed in earlier data breaches. This suggests that millions of users may be affected in this case as well.

We reached out for a comment from RecordsCheck but did not hear back before our deadline.

Another NPD data broker published user passwords to its back-end database. (Kurt “CyberGuy” Knutsson)

PHARMA GIANT’S DATA BREACH EXPOSES PATIENTS’ SENSITIVE INFORMATION

National Public Data’s response

Salvatore “Sal” Verini, the founder of NPD and a retired sheriff’s deputy from Florida, told KrebsOnSecurity that the exposed archive, a .zip file containing recordscheck.net credentials, has been removed from the company’s website. Verini also mentioned that the site is scheduled to shut down “in the next week or so.”

“Regarding the zip, it has been removed, but it was an old version of the site with non-working code and passwords,” Verini said. He declined to offer additional information, stating that the issue is under active investigation and he cannot comment further.

Identity theft protection is essential to fight data breaches. (Kurt “CyberGuy” Knutsson)

WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM

Reminder to invest in identity theft protection

News of the NPD data breach surfaced after a California man filed a lawsuit against the company, as reported by Bloomberg. He discovered the breach through his identity theft protection service, which flagged his data in the leaked database. Since then, many people online have reported receiving similar alerts from their protection services, allowing them to take action before it was too late.

In 2024, an identity theft protection service is practically a must-have. If you’ve been keeping up with CyberGuy articles, you’ve probably seen frequent reports on data breaches, whether it’s the AT&T breach, Dell breach or the Advance Auto Parts leak.

One of the best parts of using identity theft protection is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.

4 additional tips to protect yourself from data breaches

Identity theft protection is the first thing I recommend to everyone, but there are also steps you can take to protect yourself.

1. Be careful with passwords: The recordscheck.net leak exposed passwords, and as I discussed, many users didn’t change the auto-assigned passwords. That’s a big mistake. Always create strong passwords for your accounts and devices and avoid using the same password for multiple online accounts.

Consider using a password manager to securely store and generate complex passwords. It will help you to create unique and difficult-to-crack passwords that a hacker could never guess. Second, it also keeps track of all your passwords in one place and fills passwords in for you when you’re logging into an account so that you never have to remember them yourself. Get more details about my best expert-reviewed Password Managers of 2024 here.

2. Remove your personal information from the Internet: While no service can completely erase your data from the Internet, using a data removal service is a smart move, especially in light of recent data breaches like the NPD incident. These services aren’t cheap, but neither is your privacy.

CLICK HERE FOR MORE US NEWS

They handle the heavy lifting by continuously monitoring and systematically removing your personal information from countless websites. This gives peace of mind and is one of the most effective ways to safeguard your data online. Check out my top picks for data removal services here.

3. Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts.

4. Routinely check your credit reports: Obtain a free copy of your credit report from each of the three credit reporting agencies mentioned earlier. Review the reports carefully for any suspicious or unauthorized activity. If you find any inaccuracies or signs of fraud, report them to the credit reporting agency immediately.

4.3 MILLION AMERICANS EXPOSED IN MASSIVE HEALTH SAVINGS ACCOUNT DATA BREACH

Kurt’s key takeaway

The NPD data breach and the security incident involving its sister website highlight the irresponsibility of these companies in handling sensitive public information. There is an urgent need for governments to step in and impose serious legal consequences, not just a slap on the wrist. Fines should be involved. Anyone dealing with sensitive data must ensure that the data is encrypted and take measures to prevent it from falling into the wrong hands.

Do you believe current regulations are sufficient for handling data breaches or do they need to be more stringent? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.