Several months after a hacking group claimed to be selling nearly 3 billion records stolen from a prominent data broker, much of the information appears to have been leaked on a forum. According to Bleeping Computer, the data dump includes 2.7 billion records of personal info for people in the US, such as names, Social Security Numbers, potential aliases and all physical addresses they are known to have lived at.
The data, which is unencrypted, is believed to have been obtained from a broker called National Public Data. It's said that the business assembles profiles for individuals by scraping information from public sources and then sells the data for the likes of background checks and looking up criminal records. (A proposed class-action suit was filed against National Public Data over the breach earlier this month.)
In April, hacking collective USDoD attempted to sell 2.9 billion records it claimed was stolen from the company and included personal data on everyone in the US, UK and Canada. The group was looking for $3.5 million for the whole 4TB database, but since then chunks of the data have been leaked by various entities.
Previous leaks included phone numbers and email addresses, but those reportedly weren't included in the latest and most comprehensive dump. As such, you won't be able to check whether your information has been included in this particular leak by punching your email address into Have I Been Pwned?
The data includes multiple records for many people, with one for each address they are known to have lived at. The dump comprises two text files that amount to a total of 277GB. It's not really possible for any independent body to confirm that the data includes records for every person in the US, but as Bleeping Computer points out, the breach is likely to include information on anyone who is living in the country.
The publication states that several people confirmed the information that the dump has on them and their family members (including some dead relatives) is accurate, but in other cases some SSNs were associated with the wrong individuals. Bleeping Computer posits that the information may have been stolen from an old backup as it doesn't include the current home address for the people whose details its reporters checked against the data.
In any case, it's worth taking some steps to protect yourself against any negative repercussions from the leak, such as fraud and identity theft. Be extra vigilant against scammers and phishing attacks that look to obtain access to your online accounts.
Keep an eye on credit reports to see if there has been any fraudulent activity on your accounts and inform credit bureaus Experian, Equifax and TransUnion if so. You can ask the bureaus to put a freeze on your credit files to stop anyone else opening a bank account, taking out a loan or obtaining a credit card under your name.
You can sign up for services that offer identity fraud protection and remove your personal information from the public web to reduce the chances that you'll be negatively impacted. However, such services often charge a fee.
Be sure to use two-factor authentication wherever possible (preferably with you obtaining codes from an authenticator app rather than SMS). And, as always, we highly recommend having a password manager, never reusing the same login credentials for different services and regularly changing the password on your most sensitive accounts.
This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/hackers-may-have-leaked-the-social-security-numbers-of-every-american-150834276.html?src=rss
Scams are all over the internet, and AI is making matters worse (no, Taylor Swift didn't giveaway Le Creuset pans, and Tom Hanks didn't promote a dental plan). Now, companies such as Match Group, Meta and Coinbase are launching Tech Against Scams, a new coalition focused on collaboration to prevent online fraud and financial schemes. They will "collaborate on ways to take action against the tools used by scammers, educate and protect consumers and disrupt rapidly evolving financial scams."
Meta, Coinbase and Match Group — which owns Hinge and Tinder — first joined forces on this issue last summer but are now teaming up with additional digital, social media and crypto companies, along with the Global Anti-Scam Organization. A major focus of this coalition is pig butchering scams, a type of fraud in which a scammer tricks someone into giving them more and more money through trusting digital relationships, both romantic and platonic in nature.
Tech Against Scams will also rely on the different reaches of the internet each member inhabits to get a fuller picture of threats and best practices. "Tech companies across industries collaborating with each other is essential for preventing criminal activity, and ultimately helps online platforms stay ahead of, and develop effective solutions for, various types of financial crimes," Yoel Roth, Match Group's VP of Trust and Safety, said in a statement. "As we work to make it harder for scammers to defraud people, we will also continue investing in new technologies to help disrupt fraud and scams faster, and get people the support and resources they need."
This article originally appeared on Engadget at https://www.engadget.com/match-group-meta-coinbase-and-more-form-anti-scam-coalition-145346680.html?src=rss
Many web browser companies offer VPNs these days, including Google, Mozilla and Opera. DuckDuckGo is the latest to join the fray, with a Privacy Pro plan that includes three services. Along with a VPN, you'll get personal information removal and identity theft restoration services for $10 per month or $100 per year. The subscription is only available in the US for now. The Privacy Pro features are built directly into the DuckDuckGo browser, so you won't need to install separate apps.
DuckDuckGo says it won't keep VPN logs in order to help maintain user privacy. As such, it says it has "no way to tie what you do while connected to the DuckDuckGo VPN to you as an individual — or to anything else you do on DuckDuckGo, like searching." DuckDuckGo is using the open-source WireGuard protocol to encrypt your traffic and route it through VPN servers. As it stands, the company has VPN servers across the US, Europe and Canada. It plans to add more over time.
DuckDuckGo
One subscription will cover up to five desktop and mobile devices. Rather than using an account, you'll have a random ID that you'll need to keep safe. If you wish, you can add an email address for easier authorization across devices. Still, you won't need to hand over any personally identifiable information to DuckDuckGo — the company is using Stripe, Google Play and the Apple App Store to handle payments.
DuckDuckGo's focus on protecting user privacy extends to the personal information removal tool, which removes details such as your full name, home address and birthday from people search sites and data broker services. The details you provide during the setup process stay on your device and requests to remove your personal information start directly from your desktop (for now, you need a Windows or Mac computer to set up and manage the personal information removal tool).
DuckDuckGo says this is a first for a service of its ilk, as your details aren't stored on remote servers. To help it build the tool, DuckDuckGo bought data removal service Removaly in 2022. The personal information removal service will regularly re-scan people search sites and data brokers to see if your info pops up again, and deal with it accordingly.
As for the identity theft restoration service, DuckDuckGo will connect you with an advisor from Iris, its partner, if your identity is stolen. The advisor will help with restoring any stolen accounts and financial losses, as well as fixing your credit report. Moreover, they can help you cancel and replace important documents such as your driver’s license, bank cards and passport. Iris can also provide you with a cash advance if you're far from home and stuck due to identity theft.
Again, you won't have to provide any of your personal information up front. You'll only need to provide an advisor with those details if you need help after having your identity stolen.
Expanding privacy protections through these services is a logical way for DuckDuckGo to try and boost its bottom line. Privacy Pro seems reasonably priced compared to some of the alternatives too — Mozilla's personal information removal service alone costs $9 per month.
This article originally appeared on Engadget at https://www.engadget.com/duckduckgo-unveils-a-10-privacy-pro-plan-with-a-no-log-vpn-120007653.html?src=rss
Many web browser companies offer VPNs these days, including Google, Mozilla and Opera. DuckDuckGo is the latest to join the fray, with a Privacy Pro plan that includes three services. Along with a VPN, you'll get personal information removal and identity theft restoration services for $10 per month or $100 per year. The subscription is only available in the US for now. The Privacy Pro features are built directly into the DuckDuckGo browser, so you won't need to install separate apps.
DuckDuckGo says it won't keep VPN logs in order to help maintain user privacy. As such, it says it has "no way to tie what you do while connected to the DuckDuckGo VPN to you as an individual — or to anything else you do on DuckDuckGo, like searching." DuckDuckGo is using the open-source WireGuard protocol to encrypt your traffic and route it through VPN servers. As it stands, the company has VPN servers across the US, Europe and Canada. It plans to add more over time.
DuckDuckGo
One subscription will cover up to five desktop and mobile devices. Rather than using an account, you'll have a random ID that you'll need to keep safe. If you wish, you can add an email address for easier authorization across devices. Still, you won't need to hand over any personally identifiable information to DuckDuckGo — the company is using Stripe, Google Play and the Apple App Store to handle payments.
DuckDuckGo's focus on protecting user privacy extends to the personal information removal tool, which removes details such as your full name, home address and birthday from people search sites and data broker services. The details you provide during the setup process stay on your device and requests to remove your personal information start directly from your desktop (for now, you need a Windows or Mac computer to set up and manage the personal information removal tool).
DuckDuckGo says this is a first for a service of its ilk, as your details aren't stored on remote servers. To help it build the tool, DuckDuckGo bought data removal service Removaly in 2022. The personal information removal service will regularly re-scan people search sites and data brokers to see if your info pops up again, and deal with it accordingly.
As for the identity theft restoration service, DuckDuckGo will connect you with an advisor from Iris, its partner, if your identity is stolen. The advisor will help with restoring any stolen accounts and financial losses, as well as fixing your credit report. Moreover, they can help you cancel and replace important documents such as your driver’s license, bank cards and passport. Iris can also provide you with a cash advance if you're far from home and stuck due to identity theft.
Again, you won't have to provide any of your personal information up front. You'll only need to provide an advisor with those details if you need help after having your identity stolen.
Expanding privacy protections through these services is a logical way for DuckDuckGo to try and boost its bottom line. Privacy Pro seems reasonably priced compared to some of the alternatives too — Mozilla's personal information removal service alone costs $9 per month.
This article originally appeared on Engadget at https://www.engadget.com/duckduckgo-unveils-a-10-privacy-pro-plan-with-a-no-log-vpn-120007653.html?src=rss
The Securities and Exchange Commission has provided more details about how its official X account was compromised earlier this month. In a statement, the regulator confirmed that it had been the victim of a SIM swapping attack and that its X account was not secured with multi-factor authentication (MFA) at the time it was accessed.
“The SEC determined that the unauthorized party obtained control of the SEC cell phone number associated with the account in an apparent 'SIM swap' attack," it said, referring to a common scam in which attackers persuade customer service representatives to transfer phone numbers to new devices. “Once in control of the phone number, the unauthorized party reset the password for the @SECGov account.”
The hack of its X account, which was taken over in order to falsely claim that bitcoin ETFs had been approved, has raised questions about SEC’s security practices. Government-run social media accounts are typically required to have MFA enabled. The fact that one as high-profile and with potentially market-moving abilities like @SECGiv would not be using the extra layer of security has already prompted questions from Congress.
In its statement, the SEC said that it asked X’s support staff to disable MFA last July following “issues” with its account access. “Once access was reestablished, MFA remained disabled until staff reenabled it after the account was compromised on January 9,” it said. “MFA currently is enabled for all SEC social media accounts that offer it.”
While the lack of MFA likely made it much easier to take over the SEC’s account, there are still numerous questions about the exploit, including how those responsible knew which phone was associated with the X account, how the unnamed telecom carrier fell for the scam and, of course, who was behind it. The regulator said it’s investigating these questions, along with the Department of Justice, FBI, Homeland Security and its own Inspector General.
This article originally appeared on Engadget at https://www.engadget.com/the-sec-says-its-x-account-was-taken-over-with-a-sim-swap-attack-004542771.html?src=rss
Credential stuffing, or using compromised login information to take over accounts, has been around as long as we’ve used passwords to secure our accounts. But, perhaps in part because it's gotten easier for hackers to perform this type of attack, credential stuffing made headlines in recent months.
Look at the 23andMe breach affecting nearly 7 million users. While not every account was compromised via credential stuffing, it was how the hackers initially got in, and then they used a social feature called DNA Relatives to keep going. Hackers gained access to sensitive information like full names and locations, specifically targeting groups like Ashkenazi people, offering the data for sale in bulk online.
Hacking conjures an image of sophisticated, high tech break-ins, but what makes credential stuffing so lucrative is that it's surprisingly “pretty unsophisticated,” Rob Shavell, CEO of online personal information removal service DeleteMe, told Engadget. Hackers will use educated guesses to figure out your password, or just buy old passwords from leaks online to see if they work for different accounts. Tactics used by hackers include using personal information found online to guess passwords or asking a generative AI program to come up with usable variations on a password to get into an account.
Companies frequently fail to protect your data, sticking you with the burden of preventing credential stuffing accounts to the best of your ability. In fact, credential stuffing has become so prevalent, that you’ve likely already fallen victim. Nearly a quarter of all login attempts last year met the criteria for credential stuffing, according to security company Okta’s 2023 State of Secure Identity Report that surveyed more than 800 IT and security decision-makers across fields. Verizon's 2023 analysis of data breaches found that about half of breaches involved stolen credentials. Checking an email address on sites like Have I Been Pwned can show you which passwords may have been compromised, meaning if you’ve reused it on another account, it could be a matter of time until hackers try to use it to get in.
Credential stuffing works because we tend to stick to certain patterns when creating passwords, like using your mother’s maiden name or a childhood address, with small variations to make them easier to remember. “Because we’re lazy, and because we have 50 passwords now, it is the default to just pick one password and use it many places,” chief information security officer at cloud company Akamai Steve Winterfeld said. “The problem is you then are not taking appropriate risk measures.”
That level of risk varies widely. The one-off account you used to try out World of Warcraft years ago and doesn’t have any personal or financial information attached to it probably doesn’t concern you. But hackers are betting you’ve reused an email, username and password for a more lucrative account, like your bank or social media, and they will use credential stuffing to get in. “I have one username and password that I use for things that I’m okay if they’re compromised … that would not financially or brand impact me,” Winterfeld said.
Minimizing the risks you’re taking online by using strong passwords will make it a lot more manageable to start protecting yourself against credential stuffing. Changing passwords frequently, or making the switch to passkeys, can also help. There are other ways you can protect yourself, too, as companies have made it clear that they’ll do anything in their power to shirk responsibility for protecting your information.
First, understand that once a credential is leaked, it can be used to gain access to other accounts, Frank Teruel, CFO at bot prevention firm Arkose Labs, said. So, change passwords for any accounts where you may have repeated it, especially high-profile targets linked to financial or other sensitive institutions. This is where a password manager comes in handy, because some will even flag if a password has been found in a breach and suggest that you change it to a stronger option.
Taking some time to purge accounts you no longer use will greatly reduce the number of password leaks to worry about, too, Teruel said. In the meantime, make it a habit not to reuse passwords or small variations on them, and to change passwords frequently to limit risk.
This article originally appeared on Engadget at https://www.engadget.com/what-is-credential-stuffing-and-how-do-you-keep-your-accounts-safe-from-it-190044846.html?src=rss
Be honest: How many times this year have you skipped or scrolled past a much-needed update? Maybe you just wanted to log into Twitter, er, X without setting up multifactor authentication. Putting off these minor inconveniences adds up, and it could lead to an insecure tech setup just waiting to be exploited by an attacker.
So, now you're probably spending a few days sleeping in your childhood bed, and wondering when Uncle Dave will stop talking to you about buying gold stocks. There's never been a better time to take care of the less-than-riveting admin work of locking down your digital life. Here's a quick holiday checklist you and your loved ones (including Dave) can spend an hour doing during your holiday downtime to set up for a more secure year.
Update all your apps and devices
For the most current patches and options, you’ll need to start this security check up by updating all your devices and apps. The companies behind the tech have already done a lot of the work to keep you safe, but it’s your job to make sure that you’re taking full advantage of those updates. I’d recommend starting with operating system updates then apps second because there’s usually some new features reliant on the latest OS within other software. While you’re there, set up automatic updates so that you don’t have to worry about doing this manually in the future.
REUTERS / Reuters
Sign up for or update your password manager
Strong passwords are your first line of defense to keep your accounts safe, but they’re almost impossible to memorize and keep track of. Download a password manager to store this information for you, so that your passwords can be unguessable gibberish that you’ll actually use. Long term, it’s important to change these passwords every 90 days or so, and never to repeat across accounts. A password manager will help remind you of that, and even generate new password ideas for you. Unique and regularly-changing passwords help prevent attacks like credential stuffing, as we’ve seen make headlines in the recent 23andMe data breach.
Make sure you’re using MFA or, ideally, passkeys
Strong passwords are important, but it's well-known that they aren’t enough to keep unauthorized actors out of your account. Most people are familiar with using a text message code to grant access to an account. If you’re taking time out of your day to set this up, however, I would recommend using a third-party authenticator app or a hardware key for more secure options. Or, for companies that have switched to allowing passkeys at login, that’s usually your best bet.
This will be one of the more tedious parts of the checklist, so if you can’t sit down and knock out your major logins now, at least push yourself to make these changes each time you log into a website over the next couple of weeks. Being stuck with family for the holiday might not be your preferred opportunity to make this change, but there's sure to be an upcoming major snowstorm or bout seasonal depression just screaming to be harnessed for your technological well-being.
Consider a VPN, or at least a more secure browser
A strong VPN will keep your web browsing private. Whether it’s free or paid for, defaulting to using a VPN adds an extra layer of security to the work you’re doing online. Most have options to use it across different devices, or to run automatically on startup so that you can set it up once and forget about it. I would also recommend switching over to a secure browser like Tor that runs on a privacy-first platform for more sensitive online matters. Of course there’s a catch: VPNs and Tor can both slow down your browsing, or break certain website features. Updates to the services have helped over time, but even if you use it for just a portion of web browsing, some protection is better than none.
RapidEye via Getty Images
Get up to date on the latest hacks and attack vectors
Keeping up with security news will help you determine what accounts need special attention versus where you can go on autopilot. Once you know whether a breach may have occurred or a password has been leaked, you can quickly make changes to accommodate. Websites already exist to see if you’ve been in a data breach, and most companies have an obligation to tell you if they’ve been impacted. When you also stay up to date on the latest scams and attacks, you know what red flags to look out for in your own inbox to stay proactive.
Tell brokers to stop selling your data
It’s surprisingly easy to stop companies from trading your privacy for cash. On top of getting in the habit of not sharing your cookies or granting location data, you can opt out of working with the top three major data brokers. Axiom, Oracle and Epsilon all have slightly different variations of the same form to fill out so that information like your home address and relatives’ names aren’t being sold for profit. This is a good start to getting your online privacy back, however, it can be more of a headache than just one opt out form.
You have to do this frequently to make sure your information hasn’t been readded to any of the broker sites, and if your information has already been sold to marketing companies, it’s too late to undo it. There are subscription service sites that can help track and continuously delete whatever information pops up for you, but starting with just Axiom, Oracle and Epsilon will still be a free, worthwhile step toward more privacy.
Samsung
Back up everything
Get an external hard drive or connect to the cloud and keep all of your data backed up. Do this regularly, so that even if your device quits or gets ransomed by an attacker, you aren't completely screwed. I’d recommend opting for something that can be set up automatically, so that you don’t have to keep constant track of it. That could look like spending the 99 cents per month on extra iCloud storage (or Google Drive or another in-house cloud tool) so that your phone gets backed up each night while you’re asleep. Windows and Mac also both do auto updates to an external drive on desktop, so you can set it and forget it.
Alternatively, you could install backup software onto a device so that it’s taken care of by a third party, but that may be less intuitive to set up. Just don’t forget to clean up your data storage every once in a while, too, so that you’re not holding onto useless screenshots or pictures of your ex from years ago that are taking up valuable space.
Make a plan to check in on your security settings more frequently
It’s overwhelming to play catch up. Going through a list like this can seem intimidating if you haven’t worried about it before. If you set up automatic updates and backups, it’ll take some of those repeat tasks off your plate. But since you’ll already, hopefully, be setting new passwords once a quarter, you can do a quick check up on your other security measures too. See if you’ve been a victim of a breach or identity theft, keep telling data brokers to get their hands off your information and find out if new VPNs or other software has been released that could make your security setup more seamless. Making it a part of the routine is much easier than annual sprees, and can help you catch a cybersecurity problem before it becomes unmanageable.
This article originally appeared on Engadget at https://www.engadget.com/heres-everything-you-should-do-to-up-your-security-before-next-year-143009276.html?src=rss
Zelle recently made a huge change to its policy that would give victims of certain scams the chance to get their money back. The payment processor has confirmed to Engadget that it started reimbursing customers for impostor scams, such as those perpetrated by bad actors pretending to be banks, businesses and government agencies, as of June 30 this year. Its parent company Early Warning Services, LLC, said this "goes beyond legal requirements."
As Reuters noted when it reported Zelle's policy change, federal laws can only compel banks to reimburse customers if payments were made without their authorization, but not when they made the transfer themselves. The payment processor, which is run by seven US banks that include Bank of America, JP Morgan Chase and Wells Fargo, explained that it defines scams as instances wherein a customer made payment but didn't get what they were promised. It had anti-fraud policy from the time it was launched in 2017, but it only started returning money to customers who were scammed, possibly due to increasing scrutiny and pressure from authorities.
"As the operator of Zelle, we continuously review and update our operating rules and technology practices to improve the consumer experience and address the dynamic nature of fraud and scams," Early Warning Services, LLC, told Engadget. "As of June 30, 2023, our bank and credit union participants must reimburse consumers for qualifying imposter scams, like when a scammer impersonates a bank to trick a consumer into sending them money with Zelle. The change ensures consistency across our network and goes beyond legal requirements.
Zelle has driven down fraud and scam rates as a result of these prevention and mitigation efforts consistently from 2022 to 2023, with increasingly more than 99.9% of Zelle transactions are without any reported fraud or scams," it added.
A series of stories published by The New York Times in 2022 put a spotlight on the growing number of scams and fraud schemes on Zelle. The publication had interviewed customers who were tricked into sending money to scammers but were denied reimbursement, because they had authorized the transactions. Senator Elizabeth Warren also conducted an investigation last year and found that "fraud and scams [jumped] more than 250 percent from over $90 million in 2020 to a pace exceeding $255 million in 2022." In November 2022, The Timesreported that the seven banks that own Zelle were gearing up for a policy change that will reimburse scam victims.
In Zelle's "Report a Scam" information page, users can submit the scammer's details, including what they were claiming to be, their name, website and their phone number. They also have to provide the payment ID for the transfer, the date it was made and a description of what the transaction was supposed to be about. Zelle said it will report the information provided to the recipient’s bank or credit union to help prevent others from falling victim to their schemes, but it's unclear how Zelle determines whether a scam refund claim is legitimate or not.
"Zelle's platform changes are long overdue,” Senator Warren told Reuters. "The CFPB (Consumer Financial Protection Bureau) is standing with consumers, and I urge the agency to keep the pressure on Zelle to protect consumers from bad actors."
This article originally appeared on Engadget at https://www.engadget.com/zelle-may-refund-your-money-if-you-were-scammed-062826335.html?src=rss
Michigan-based healthcare nonprofit McLaren Health Care notified more than 2 million people about a data breach exposing personal information on Thursday, according to a data breach notification report. Unauthorized access to McLaren systems began on July 28 and lasted through August, but the individual impact varies from person to person.
According to a notice on the McLaren website, the company learned of the breach on August 31. An investigation into the impacted files concluded on October 10, and if you'll take a look at today's date, it took an additional month for the company to let the public know about the incident.
"Potentially affected current and former patients of McLaren are encouraged to remain vigilant against incidents of identity theft by reviewing account statements and explanations of benefits for unusual activity and to report any suspicious activity promptly to your insurance company, health care provider, or financial institution," the nonprofit said in a statement.
While McLaren hasn't released any details about the attack, such as who is behind it or possible motivations, the ALPHV/BlackCat ransomware group claimed responsibility for the attack, according to Bleeping Computer. Ransomware groups are known to do this for publicity, but the actor behind an attack usually can't be confirmed until a third-party security researcher independently verifies it.
McLaren encompasses 13 hospitals and employs 490 physicians across Michigan and Indiana, with an annual revenue of $6.6 billion. Its offering identity protection services to affected people that enroll by February 9. There's currently no evidence that data leaked in the breach has been misused, according to McLaren.
This article originally appeared on Engadget at https://www.engadget.com/data-breach-of-michigan-healthcare-giant-exposes-millions-of-records-153450209.html?src=rss
A federal jury has found FTX founder Sam Bankman-Fried guilty on all seven counts of fraud and conspiracy, which he was charged with following the downfall of his cryptocurrency exchange. According to The New York Times, he faces a maximum sentence of 110 years in federal prison. SBF, as he's now infamously known, was arrested in the Bahamas back in December 2022 after the Department of Justice took a close look at his role in the rapid collapse of FTX. The agency examined whether he transferred hundreds of millions of dollars when the exchange filed for bankruptcy. (The company claimed it was hacked after around $600 million disappeared from its funds.) The DoJ also investigated whether FTX broke the law when it moved funds to its sister company, Alameda Research.
During SBF's trial, which took place over the past month, prosecutors argued that he used FTX funds to keep Alameda Research running. The fallen entrepreneur also founded the cryptocurrency hedge fund, which was ran by his girlfriend Caroline Ellison, who was aware that he used FTX customers' money to help Alameda meet its liabilities. Bankman-Fried previously denied that he deliberately misused FTX's funds.
The Times says his lawyers tried to portray him as a math nerd who had to grapple with "forces largely outside of his control," but the jury clearly disagreed after the prosecution called Ellison and three of Bankman-Fried's former top advisers to the witness stand. Ellison and all of those advisers had pleaded guilty, with the Alameda Research chief admitting that she committed fraud at Bankman-Fried's direction. The FTX founder himself took the stand and said that he "deeply regret not taking a deeper look into" the $8 billion his hedge fund had borrowed from the cryptocurrency exchange.
Bankman-Fried was charged with committing wire fraud against FTX customers; wire fraud on Alameda Research lenders; conspiracy to commit wire fraud against both; conspiracy to commit securities and commodities fraud on FTX customers; as well as conspiracy to commit money laundering. He is scheduled to be sentenced on March 28, 2024 by US District Judge Lewis A. Kaplan, who also presided over the FTX trial.
This article originally appeared on Engadget at https://www.engadget.com/ftx-founder-sam-bankman-fried-found-guilty-on-seven-charges-of-fraud-and-conspiracy-012316105.html?src=rss