Secrets of Privacy | Make Yourself a Harder Target

There is a new scam going on in this home inspection industry - Large corporations are buying up all the small home inspection companies - They don’t care about making money off inspecting homes, they want the data Why? This is where it gets borderline criminal Home inspections are supposed to be confidential, but what they’re doing is buying all the companies to own the data Then they are going to sell that data to insurance companies and lenders Now with this new information the insurance company finds out, they're going to start charging you $3,000 (or whatever) extra a year to insure that house Here’s what I’ve found Large corporations and private equity firms are aggressively consolidating the home inspection industry primarily by buying inspection software platforms like Spectora, HomeGauge and larger inspection companies A home inspection report contains highly detailed property specific information like roof age and condition, electrical and plumbing issues, foundation problems, HVAC status, environmental hazards This is extremely valuable for: - Insurance companies (risk assessment and underwriting). - Lenders (property valuation and loan risk). - Home warranty providers, contractors, and data brokers Home inspections are supposed to be confidential between the buyer, inspector, and sometimes the real estate parties. However, many inspection software companies’ terms of service allow data aggregation and sharing That’s the loophole they found. That’s the scam

Today Instagram had this massive exploit where hackers were just stealing rare handles left and right. Hundreds of accounts gone. People losing handles they’ve owned since 2010, some worth hundreds of thousands. I own a few rare ones so I was actually stressed watching this happen in real time, which I haven’t been in years. Obama White House account got hit. These aren’t some random new accounts, these are verified, locked down accounts and they still got compromised. The thing is the exploit is so simple it’s almost funny. Attacker goes to Forgot Password, says their account is hacked, turns on a VPN to match the target’s location (which now you can find on the about section of the page). Instagram’s AI support flow asks them to verify with a selfie. They grab a photo from the target’s profile, run it through an AI video generator to make an animation of the person’s face moving around, upload that to Meta’s AI as proof. And Meta’s AI just accepts it because it can’t tell the difference between a real selfie and an AI-generated video of someone’s face . Once verified they change the email to theirs. Password reset link goes to their email. They own it now. 2FA gets bypassed somehow in the process but honestly I don’t know exactly how, just that it did. Point is even locked down accounts went down. Then you try to recover your account and you’re talking to a chatbot that has zero ability to help. You can’t escalate to a human. You’re just stuck. Your asset is gone and there’s no one to call. The whole thing just highlighted how stupid it is to automate account security without any human in the loop. One AI fooling another AI while there’s literally no person anywhere to catch it. Meta took hours to even acknowledge it while accounts were getting stolen every minute. Now thankfully it’s patched but I don’t think it will be the last one. Stay safe!