#FactCheck - Misleading Video Allegedly Depicting Trampling of Indian Tri-colour in Kerala or Tamil Nadu Circulates on Social Media

Smart Wearable devices are designed to track several activities in defined parameters and are increasingly becoming a part of everyday life. According to Markets and Markets Report, the global wearable tech market is projected to reach a staggering USD 256.4 billion by 2026. One of the main areas of use of wearable devices is health, including biomedical research, health care, personal health practices and tracking, technology development, and engineering. These wearable devices often include digital health technologies such as consumer smartwatches that monitor an individual's heart rate and step count, and other body-worn sensors like those that continuously monitor blood glucose concentration. 

Wearable devices used by the general population are getting increasingly popular. Health devices like fitness trackers and smartwatches enable continuous monitoring of personal health. Privacy is an emerging concern due to the real-time collection of sensitive data. Vulnerabilities due to unauthorised access or discrimination in case of information being revealed without consent are the primary concerns with these devices. While these concerns are present a lot of related misinformation is emerging due to the same. 

While wearable devices typically come with terms of use that outline how data is collected and used, and there are regulations in place such as EU Law GDPR, such regulations largely govern the regulatory compliances on the handling of personal data, however, the implementation and compliances by the manufacturer is a one another aspect which might present the question on privacy protection. In addition, beyond the challenge of regulatory compliance, the rise of myths and misinformation surrounding wearable tech presents a separate issue. 

Common Misconceptions About Privacy with Wearable Tech

• With the rapid development and growth of wearable technology their use has been subject to countless rumours which fuel misinformation narratives in the minds of general public. Addressing these misconceptions and privacy concerns requires targeted strategies.
• A prevalent misconception is that they are constantly spying on users. While wearable devices collect users’ data in real time, their vulnerability to unauthorised access is similar to that of a non-wearable device.  The issue is of consent when it comes to wearable technology because it gives the ability to record.  If permissions are not asked when a person is being recorded then the data is accessible to external entities.
• There is a common myth that wearable tech is surveillance tool. This is entirely a conjecture. These devices collect the user data with their prior consent and have been created to provide them with real-time information, most commonly physical health information. Since users choose the information shared, the idea of wearable tech serving as a surveillance tool is unfounded.
• Another misconception about wearable tech is that it can diagnose medical conditions. These devices collect real-time health data, such as heart rate or activity levels, they are not designed for medical diagnosis. The data collected may not always be accurate or reliable for clinical use to be interpreted by a healthcare professional. This is mainly because the makers of these devices are not held to the safety and liability standards that medical providers are.
• A prevalent misconception is that wearable tech can cure health issues, which is simply untrue. Wearable tech devices are essentially tracking the health parameters that a user sets. It in no way is a cure for any health issue that one suffers from. A user can manage their health based on the parameters they set on the device such as the number of steps that they walk, check on the heart rate and other metrics for their mental satisfaction but they are not a cure to treat diseases. Wearable tech acts as alerts, notifying users of important health metrics and encouraging proactive health management.

Addressing Privacy and Health Concerns in Wearable Tech

Wearable technology raises concerns for privacy and health due to the colossal amount of personal data collected. To address these, strong data protection measures are essential, ensuring that sensitive health information is securely stored and shared only with consent. Providing users with control over their data is one of the ways to build user trust. It includes enabling them to opt in, access, or delete the data in question. Regulators should establish clear guidelines, ensuring wearables ensure the compliances with data protection regulations like HIPPA, GDPR or DPDP Act, whichever is applicable as per the jurisdiction. Furthermore, global standards for data encryption, device security, and user privacy should be implemented to mitigate risks. Transparency in data usage and consistent updates to software security are also crucial for protecting users' privacy and health while promoting the responsible use of wearable tech.

CyberPeace Insights

• Making informed decisions about wearable tech starts with thorough research. Start by reading reviews and comparing products to assess their features, compatibility, and security standards. 
• Investigate the manufacturer’s reputation for data protection and device longevity. Understanding device capabilities is crucial. One should evaluate whether the wearable meets their needs, such as fitness tracking, health monitoring, or communication features. Consider software security and updates, and data accuracy when comparing options.  Opt for devices that offer two-factor authentication for an additional layer of security.
• Check the permissions requested by the accompanying app; only grant access to data that is necessary for the device's functionality. Always read the terms of use to understand your rights and responsibilities regarding the use of the device. Review and customize data-sharing settings for better control to prevent unauthorised access.
• Staying updated on the tech is equally important. A user should follow the advancements in wearable technology be it regular security updates, or regulatory changes that may affect privacy and usability. This ensures getting tech that aligns with user lifestyle while meeting privacy and security expectations.

Conclusion

Privacy and Misinformation are key concerns that emerge due to the use of wearable tech designed to offer benefits such as health monitoring, fitness tracking, and personal convenience. It requires a combination of informed decision-making by users and stringent regulatory oversight to overcome the issues that emerge due to misinformation about these devices. Users must ensure they understand the capabilities and limitations of their devices, from data accuracy to privacy risks. Additionally, manufacturers and regulators need to prioritise transparency, data protection, and compliance with global standards like GDPR or DPDP to build trust. As wearable tech continues to evolve, a balanced approach to innovation and privacy will be essential in fostering its responsible and beneficial use for all.

References

1. https://thehealthcaretechnologyreport.com/privacy-data-security-concerns-rise-as-healthcare-wearables-gain-popularity/ 
2. https://journals.plos.org/digitalhealth/article?id=10.1371/journal.pdig.0000104
3. https://www.marketsandmarkets.com/Market-Reports/wearable-electronics-market-983.html?gclid=Cj0KCQjwgMqSBhDCARIsAIIVN1V0sqrk6SpYSga3rcDtWcwh8npZ08L0_s4X91gh7yPAa6QmsctB-lMaAlpqEALw_wcB 
4. https://www.cambridge.org/core/journals/legal-information-management/article/health-data-on-the-go-navigating-privacy-concerns-with-wearable-technologies/05DAF11EFA807051362BB39260C4814C

‍

Disclaimer:

The information is based on claims made by threat actors and does not imply confirmation of the breach, by CyberPeace. CyberPeace includes this detail solely to provide factual transparency and does not condone any unlawful activities. This information is shared only for research purposes and to spread awareness. CyberPeace encourages individuals and organizations to adopt proactive cybersecurity measures to protect against potential threats.

🚨 Data Breach Alert ⚠️: 

Recently The Research Wing of CyberPeace and Autobot Infosec have come across a claim on a threat actor’s dark web website alleging a data breach involving 637k+ records from Federal Bank. According to the threat actor’s claim, the data allegedly includes sensitive details such as-

• 🧑‍Customer Name
• 🆔Customer ID
• 🏠 Customer Address
• 🎂 Date of Birth
• 🔢 Age
• 🚻 Gender
• 📞Mobile Number
• 🪪 PAN Number
• 🚘 Driving License Number
• 🛂 Passport Number
• 🔑 UID Number
• 🗳️ Voter ID Information

The alleged data was initially discovered on a dark web website, where the threat actors allegedly claimed to be offering the breached information for sale. Following their announcement of the breach, a portion of the data was reportedly published on December 27, 2024. A few days later, the full dataset was allegedly released on the same forum.

About the Threat Actor Group:

Bashe, a ransomware group that emerged in 2024, is claimed to have evolved from the LockBit ransomware group, previously operating under the names APT73 and Eraleig. The group employs data encryption combined with extortion tactics, threatening to release sensitive information if ransom demands are unmet. Their operations primarily target critical industries, including technology, healthcare, and finance, demonstrating a strategic focus on high-value sectors.

Breakdown of the Alleged Post by the Threat Actor:

• Target: Allegedly involves Customer’s Data of Federal Bank.
• Data Volume: Claimed breach includes 637,894 records.
• Data Fields: Threat actor claims the data contains sensitive information, including Customer name, Customer ID, Date of Birth, PAN Number, Age, Gender, Father Name, Spouse Name, Driving Licence, Passport Number, UID Number, Voter ID, District, Zip Code, Home Address, Mailing Address, State etc.

Analysis:

The analysis of the alleged data breach highlights the states purportedly most impacted, along with insights into the affected age groups, gender distribution, and other key insights associated with the compromised data. This evaluation aims to provide a clearer understanding of the claimed breach's scope and its potential demographic and geographic impact.

Top States Impacted: 

As per the alleged breached data, Tamil Nadu has the highest number of affected customers, accounting for a significant 34.49% of the total breach. Karnataka follows closely with 26.89%, indicating a substantial number of individuals affected in the state. In contrast states such as Uttar Pradesh, Haryana, Delhi, and Rajasthan report minimal impact, with each state having less than 1% of affected customers. Gujarat records 3.70% of the breach, with a sharp drop in affected numbers from other states, highlighting a significant disparity in the extent of the breach across regions.

Impacted Age Range Statistics:

The alleged data breach has predominantly impacted customers in the 31-40 years age group, which constitutes the largest segment at 35.80% of the affected individuals. Following this, the 21-30 years age group also shows significant impact, comprising 27.72% of those affected. The 41-50 years age group accounts for 20.55% of the impacted population, while individuals aged 50 and above represent 12.68%. In contrast, the 0-20 years age group is the least affected, with only 3.24% of customers falling into this category.

Gender Wise Statistics:

The alleged data breach has predominantly impacted male customers, who constitute the majority at 74.05% of the affected individuals. Female customers account for 23.18%, while a smaller segment, categorized as "Others," constitutes 2.77%.

The alleged dataset from the threat actors indicated that a significant portion of customers' personal identification data was compromised. This includes sensitive information such as driving licenses, passport numbers, UID numbers, voter IDs, and PAN numbers.

Significance of the Allegations:

Though the claims have not been independently verified at our end it underscores the rising risks of cyberattacks and data breaches, especially in the financial and banking sectors. If true, the exposure of such sensitive information could lead to financial fraud, identity theft, and severe reputational damage for individuals and organizations alike.

CyberPeace Advisory:

CyberPeace emphasizes the importance of vigilance and proactive measures to address cybersecurity risks:

• Monitor Your Accounts: Keep a close eye on financial and email accounts for any suspicious activity.
• Update Passwords: Change your passwords immediately and enable Multi Factor Authentication(MFA) wherever possible.
• Beware of Phishing Attacks: Threat actors may exploit the leaked data to craft targeted phishing scams. Do not click on unsolicited links or share sensitive details over email or phone.
• For Organizations: Strengthen data protection mechanisms, regularly audit security infrastructure, and respond swiftly to emerging threats.
• Report: For more assistance or to report cyber incidents, visit https://cybercrime.gov.in or contact our helpline team at helpline@cyberpeace.net.

We advise affected parties and the broader public to stay alert and take necessary precautions. CyberPeace remains committed to raising awareness about cybersecurity threats and advocating for better protection mechanisms. We urge all stakeholders to investigate the claims and ensure appropriate steps are taken to protect the impacted data, if the breach is confirmed. Our Research Wing is actively observing the situation and we aim to collaborate with the stakeholders and relevant agencies to mitigate the impact.

Stay Vigilant! Stay CyberPeaceful.

‍

Executive Summary: 

A viral post on X (formerly Twitter) gained much attention, creating a false narrative of recent damage caused by the earthquake in Tibet. Our findings confirmed that the clip was not filmed in Tibet, instead it came from an earthquake that occurred in Japan in the past. The origin of the claim is traced in this report. More to this, analysis and verified findings regarding the evidence have been put in place for further clarification of the misinformation around the video.

Claim:

The viral video shows collapsed infrastructure and significant destruction, with the caption or claims suggesting it is evidence of a recent earthquake in Tibet. Similar claims can be found here and here

‍

‍

‍

Fact Check:

The widely circulated clip, initially claimed to depict the aftermath of the most recent earthquake in Tibet, has been rigorously analyzed and proven to be misattributed. A reverse image search based on the Keyframes of the claimed video revealed that the footage originated from a devastating earthquake in Japan in the past. According to an article published by a Japanese news website, the incident occurred in February 2024. The video was authenticated by news agencies, as it accurately depicted the scenes of destruction reported during that event.

‍

Moreover, the same video was already uploaded on a YouTube channel, which proves that the video was not recent. The architecture, the signboards written in Japanese script, and the vehicles appearing in the video also prove that the footage belongs to Japan, not Tibet. The video shows news from Japan that occurred in the past, proving the video was  shared with different context to spread false information.

‍

‍

The video was uploaded on February 2nd, 2024.

‍

Snap from viral video

‍

Snap from Youtube video

‍

Conclusion: 

The video viral about the earthquake recently experienced by Tibet is, therefore, wrong as it appears to be old footage from Japan, a previous earthquake experienced by this nation. Thus, the need for information verification, such that doing this helps the spreading of true information to avoid giving false data.

• Claim: A viral video claims to show recent earthquake destruction in Tibet.
• Claimed On: X (Formerly Known As Twitter)
• Fact Check: False and Misleading