Recall Microsoft Recall? 📞 | Adidas cyber attack - another third party breach
#188 - The Microsoft screenshot app is back - with a vengeance | Again, a retailer gets breached and again traces it to a third party
Microsoft’s “Recall” is a software that takes a screenshot every 3 seconds and lets AI search for it.
Microsoft tried to launch it last year, but faced a huge backlash from the security and privacy community. They are back again.
One year ago - almost to the date - I wrote about Microsoft Recall for the first time.
"You had to live—did live, from habit that became instinct—in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized." - Winston Smith in George Orwell’s 1984.
There’s something inherently creepy about your computer taking a screenshot every 3 seconds, storing it and allowing an AI model to retrieve it.
Microsoft understands that. It even has a page on the security features of Recall to soothe your nerves. The urge to mine a treasure trove of data from user screenshots, training AI and moving ahead in the AI race seems to be very hard to resist.
Here are some of the features that Microsoft has built into Recall:
Data stored locally. (Though there is a line that says: Any future options for the user to share data will require fully informed explicit action by the user.)
Other users of same machine, IT administrators and even Microsoft cannot access the data. (There is no mention of AI learning from it, though)
There is a feature called ‘Sensitive Information Filtering’ which can recognize sensitive information and not save snapshots containing sensitive information
Others are not convinced though. Signal said that they would be disabling screenshots in their Signal for Windows app. Signal’s official blog is justifiably critical of this feature. This is what Signal says:
“Take a screenshot every few seconds” legitimately sounds like a suggestion from a low-parameter LLM that was given a prompt like “How do I add an arbitrary AI feature to my operating system as quickly as possible in order to make investors happy?”
Take Action:
Recall is not enabled by default for corporate desktops. However, you can enable it in your settings. DO NOT do that.
If you are Microsoft - just kill Recall. There is no justification to screenshot my activities every few seconds. I do not want the so-called added convenience.
Adidas gets breached; traces it to third party
Third party attack vectors have grown significantly over last year. The Verizon DBIR 2025 data highlights the significant increase in data breaches
Adidas reported a data breach. It was traced to third parties again.
This is another attack on the string of attacks on retailers. The M&S breach cost them nearly half their annual profit. Their systems are still offline. This was attributed to a third party breach as well.
Take Action:
TPRM (Third Party Risk Management) is a program that an organization establishes to manage risks from third parties. Setup and implement a good TPRM program. If you have a large number of third parties, use a tool based system. (Look up Auriga TPRM - a great tool that the firm I work with has built)
If you are a retailer, know that there are targeted attacks happening. Double down on protecting two attack vectors — the third party breach & the web application.
I could not agree more on the Recall feature. Terrible idea. At least for now it is only in use on Copilot+ PCs - hopefully it will never get beyond those.