Privacy
Stalking, Spying, and Consent: Privacy This Week
From police abusing license plate data to Meta tracking its own employees and a new tool for AI consent – your daily privacy briefing.
LastPass Breached via Klue Supply-Chain Attack: Customer Data Stolen, Vaults Intact
On June 12, 2026, Klue detected an intrusion that compromised OAuth tokens held for many customers, including LastPass. The threat actor used those tokens to access LastPass customer data within LastPass’s Salesforce environment, stealing names, email addresses, phone numbers, physical addresses, and support case data. Password vaults and core infrastructure were not compromised. The Icarus group claimed responsibility and threatened to publish the data unless a ransom was paid; as of publication, no leak has been confirmed. LastPass disabled employee access to Klue, rotated exposed tokens, notified law enforcement, and warned customers about an ongoing phishing campaign using three observed sender domains. The breach also affected HackerOne, Recorded Future, Tanium, Jamf, Sprout Social, Gong, and Insurity. LastPass had roughly 33 million users and nearly 1.6 million paying customers as of 2024.
LastPass Breached via Klue Supply-Chain Attack:… | DeafNews →
Google Pixel Develops ‘Audio Memory’ to Continuously Listen and Transcribe Conversations
Google is building a feature called Audio Memory for Pixel phones, codenamed blueflax, visible in version C4 of the Android System Intelligence app for the Pixel 10. It is designed to keep track of what you hear throughout your day – from music to important conversations – by running as a background service that continuously listens, transcribes, and generates notes. The service will use Private Compute Core to process data on-device. Music recognition will work with a local database; if a song is not recognized, a short digital fingerprint may be sent to Google. Background conversations and audio are never sent to Google. Settings will let users control which apps Audio Memory can use. A more limited possibility is that it captures audio only during phone calls. The feature may or may not ship; the onboarding interface includes bullets for music recognition, music on device, and conversation capabilities.
Google Pixel preps ‘Audio Memory’ to track ‘important conversations’ →
Cate Blanchett Launches Human Consent Registry to Protect Likeness from AI Scraping
This week, Cate Blanchett’s non-profit RSL Media released the Human Consent Registry, a tool for people in the US and EU to control how their identity is used by AI systems. Users create an account, provide biographical info and identity markers, then choose an AI use consent level: Prohibited (red), Permitted with Terms (yellow), or Permitted (green). A Human Consent ID is issued, which AI systems can check before including a person’s likeness in training data. The tool covers name, image, likeness, voice, movement and other personal attributes. There is no enforcement mechanism to compel AI firms to comply, and users turn over personal data to a third party. The registry builds on the RSL standard, an open protocol for AI usage rights that has gained traction among digital publishers. RSL Media plans follow-up registries for Work, Characters, and Marks.
Police Officers Abused License Plate Databases to Stalk Ex-Partners, Investigation Finds
A Florida police officer used Flock’s license plate lookup to stalk his ex-girlfriend and her family over several months in 2024. A Missouri officer created 542 test searches over 10 months to monitor his wife’s car and a second vehicle. The Joplin Police Department became aware of the possible violation in December 2025, immediately investigated, placed the officer on administrative leave, and later confirmed the officer is no longer employed by the city. The timeline of Missouri searches was compiled by the group Deflock Joplin using HaveIBeenFlocked, a database built from leaked Flock data. Last month, independent journalists discovered Flock had exposed personal information and police search queries through multiple search engines. Flock told 404 Media in June it was aware of 15 incidents of abuse among its 140,000 monthly active users, calling them rare, and noted it provides an Audit Assistance tool to flag unintended use.
Cops Are Already Using License Plate Readers to Stalk People →
Meta Halts Keystroke Tracking for AI Training After Internal Leak Exposes Employee Data
Meta paused its Model Capability Initiative (MCI) program, which tracked employee keystrokes and mouse movements for AI training, after an alleged internal leak. A screenshot obtained by Business Insider showed that employees’ private conversations, performance data, and transcriptions were accessible across the company. The incident was classified as SEV 2 on a severity scale where 0 is most severe. A security notice reviewed by Wired stated that employee data across 45,000 hive tables were exposed, including full prompts, transcriptions, private conversations, and people and performance data. A Meta spokesperson said the program was designed with privacy safeguards and that they have no indication of improper access, but they are pausing it while investigating. Employees could not opt out on company laptops. Following a 10% workforce layoff, CTO Andrew Bosworth said morale was near the worst it’s ever been. An online petition with 1,600 signatures as of June 3 questioned the lack of completed privacy reviews and noted that executives received selective opt-out.
Meta hits pause on tracking employee keystrokes to train AI after internal leak →