When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
· Hot!
Back in March earlier this year, a new redesigned Microsoft Account sign-in was released with the intention to make it "more modern, simple, and secure." Microsoft also probably hopes that the revamp will help win some hearts since many dislike the Microsoft Account (MSA) quite a bit as they are forced to use the service during Windows 11 installation.
Microsoft often highlights the benefits of an MSA as it points out the unified access users get across devices and services like Windows, Office, OneDrive, and Xbox, which can help in synchronization of files and settings for convenience.
A Microsoft Account also stores the BitLocker encryption key which is crucial thing that all users who have encryption need to store securely.
Back in May this year, we covered reports of users losing their data as a consequence of BitLocker key loss, and this is a real danger for many, given that Microsoft now enables automatic BitLocker encryption on Windows 11 24H2, that most users won't even be aware of.
So in the case of loss of access to a Microsoft Account, an affected user can suddenly find that they have lost all their data and there may be no way to recover it according to Microsoft's terms.
Such account lock-outs can happen as a Reddit user deus03690 found out. The frustrated user claims that Microsoft apparently "randomly" locked their account when they were dealing with multiple data drives. They explain:
"Microsoft randomly locked my account after I moved 30 years' worth of irreplaceable photos and work to OneDrive. I was consolidating data from multiple old drives before a major move—drives I had to discard due to space and relocation constraints. The plan was simple: upload to OneDrive, then transfer to a new drive later.
Instead, Microsoft suspended my account without warning, reason, or any legitimate recourse. I've submitted the compliance form 18 times—eighteen—and each time I get an automated response that leads nowhere. No human contact. No actual help. Just canned emails and radio silence."
The user has good reason to be annoyed and frustrated at this, Microsoft's own official guidance about the Account lock says: "If you tried to sign in to your account and received a message that it's been locked, it's because activity associated with your account might violate our Terms of Use."
The Terms of Use for MSA explain how Microsoft deals with a closed account. It states:
If your Microsoft account is closed (whether by you or us), a few things happen. First, your right to use the Microsoft account to access the Services stops immediately.
Second, we’ll delete Data or Your Content associated with your Microsoft account or will otherwise disassociate it from you and your Microsoft account (unless we are required by law to keep it, return it, or transfer it to you or a third party identified by you). You should have a regular backup plan as Microsoft won’t be able to retrieve Your Content or Data once your account is closed.
Third, you may lose access to products you’ve acquired.
Thus, this shows how users can be pretty much helpless if they get locked out of MSA or lose access to it if they (unknowingly) end up violating Microsoft's terms. It also shows how over-reliance on cloud services on Windows 11, something which LibreOffice recently pointed out, can lead to additional data nightmares like losing all of your data due to forced BitLocker encryption that you may not even be aware of was there in the first place.
The solution? Consider keeping your important data backed up locally on internal or external HDDs and SSDs or NAS solution, as only cloud storage is probably not the best decision.
Cameron Faulkneris an editor covering deals and commerce. He joined in 2018, and served as commerce editor at Polygon until May 2025.
Some Switch 2 owners have received the error code 2134-4508, which results in their consoles being permanently banned from accessing any of its online services, as spotted by IGN. It’s not a ban hammer from sucking at Mario Kart World, thankfully for me, but one that’s targeting consoles that have used a Mig – a microSD card-equipped Switch cartridge that can be filled with copies of games.
Running games on the Mig requires you to download them from others who have dumped files off of cartridges, or dump the games yourself with something like the Mig Dumper, then load them onto a microSD card. Whether you’ve used one to play pirated games, or to play copies of games that you own, Nintendo’s stance on the matter is broad: It considers both to be violations of its user agreements.
The makers of the Mig cartridge have taken reasonable efforts to distance itself from what a majority of buyers will likely do with it, which is play pirated games. The cartridge’s product page notes that it “serves as a backup and development device solely supporting gaming using personal game backups. [...] To maintain the Mig Flash warranty during online play, it’s essential to utilize self-dumped backups with authentic Certificate, UID, and Card Set ID.”
Nintendo isn’t bricking the consoles of offenders, at least, not immediately. YouTube creator Scattered Brain posted a video about their banned Switch 2 in which they tried to find a way around the ban. Attempting to visit the eShop wasn’t possible, nor was unlinking an account from the console, since both activities require the internet. They were able to unlink Virtual Game Cards from their Switch 2 from Nintendo’s account management site and load them onto a Switch OLED, suggesting that the ban is limited to the hardware and not the account. However, a factory reset essentially bricked their Switch 2, as it no longer allowed signing into any Nintendo Account. This is something that Nintendo reserves the right to do per its updated account services user agreement and privacy policy.
No one, but especially Mig users, should be surprised about this ban. Nintendo has a rich history of aggressively pursuing those who pirate its games, as well as those who build emulators that can run pirated copies of games originally made for its platforms. Considering that the Switch 2 is the fastest-selling console of all time, Nintendo’s clearly throwing everything it’s got at making sure gamers are playing by its rules.
Healthcare exchanges in Nevada, Maine, Massachusetts and Rhode Island shared users’ sensitive health data with companies like Google and LinkedIn
Illustration by Gabriel Hongsdusit, CalMatters
State-run health care websites around the country, meant to provide a simple way to shop for insurance, have been quietly sending visitors’ sensitive health information to Google and social media companies, The Markup and CalMatters found.
The data, including prescription drug names and dosages, was sent by web trackers on state exchanges set up under the Affordable Care Act to help Americans purchase health coverage.
The exchange websites ask users to answer a series of questions, including about their health histories, to find them the most relevant information on plans. But in some cases, when visitors responded to sensitive questions, the invisible trackers sent that information to platforms like Google, LinkedIn, and Snapchat.
The Markup and CalMatters audited the websites of all 19 states that independently operate their own online health exchange. While most of the sites contained advertising trackers of some kind, The Markup and CalMatters found that four states exposed visitors’ sensitive health information.
Nevada’s exchange, Nevada Health Link, asks visitors about what prescriptions they use, including the names and dosages of the drugs, to help them find their best options for health insurance. When visitors start typing, it suggests specific medications, including antidepressants, birth control and hormone therapies.
As visitors answered the questions, their responses were sent to LinkedIn and Snapchat, according to tests conducted by The Markup and CalMatters in April and May.
When an individual indicated that they took Fluoxetine, commonly known as Prozac, on Nevada Health Link, the information was sent to LinkedIn.
On the other side of the country, Maine’s exchange, CoverME.gov, sent information on drug prescriptions and dosages to Google through an analytics tool. It also sent the names of doctors and hospitals that people had previously visited.
Rhode Island’s exchange, HealthSource RI, sent prescription information, dosages, and doctors’ names to Google.
Massachusetts Health Connector, another exchange, told LinkedIn whether visitors said they were pregnant, blind, or disabled.
After being contacted by The Markup and CalMatters, Nevada’s health exchange stopped sending visitors’ data to Snapchat and Massachusetts stopped sending data to LinkedIn. Additionally, The Markup and CalMatters found that Nevada stopped sending data to LinkedIn in early May, as we were testing.
The Markup and CalMatters discovered the sharing after finding that California’s exchange, Covered California, told LinkedIn when a visitor indicated they were blind, pregnant, or a victim of domestic violence.
Experts said state health exchanges’ use of advertising trackers was troubling if not entirely surprising. Such tools can help organizations to reach visitors and tailor ads for them. Google Analytics allows website operators to better understand who is coming to their site and to optimize ad campaigns. The LinkedIn and Snap trackers, like a similar offering from Meta, help companies target their social media ads.
Nevada uses the trackers to help target marketing at uninsured residents, according to Russell Cook, Executive Director of the state agency that operates Nevada’s exchange, Silver State Health Insurance Exchange.
But health care services need to be especially careful with those tools, said John Haskell, a data privacy attorney who has previously worked as an investigator for the Department of Health and Human Services.
“It doesn’t surprise me that organizations that have these massive tech stacks that rely on third party-resources don’t have a full understanding of what the configuration is, what the data flows are, and then once they go to somebody, what that data is being used for,” Haskell said. “It’s something that needs to be addressed.”
How was state exchange data tied to users’ identities?
After The Markup and CalMatters reported on Covered California’s sharing of health data with LinkedIn, the exchange removed its trackers and said it would review its data practices. The news triggered a class-action lawsuit and questions from federal lawmakers.
The Markup and CalMatters then examined websites operated by 18 states other than California, as well as Washington, D.C., to see what information they shared as users navigated them. The sites were established under the Affordable Care Act, which requires states to offer health insurance either through their own exchanges or one operated by the federal government.
To test them, we first ran the sites through Blacklight, a tool we developed to reveal web trackers. We then reviewed network traffic on the sites to see what data the trackers received when visitors filled out forms.
The results showed that 18 used some sort of tracker. Some were filled with them. Nevada, for example, used nearly 50. By contrast, Blacklight found no tracker of any kind on Washington, D.C.’s exchange. Popular websites use on average seven trackers, according to Blacklight scans of the 100,000 most trafficked sites on the web.
Five state health exchanges shared sensitive data
Sensitive data shared and number of ad trackers found on each of the 20 state- or district-run health exchange websites
Chart: Tomas Apodaca, The Markup
·
Source:
Markup analysis
Many of the sites used trackers in relatively innocuous ways, like counting page views.
The four exchanges we found sharing sensitive health data sent varied responses to questions about the tracking.
Cook said in a statement that trackers placed by his Nevada agency were “inadvertently obtaining information regarding the name and dosage of prescription drugs” and sending it to LinkedIn and Snapchat.
Cook acknowledged such data was “wholly irrelevant to our marketing efforts” and said it had disabled tracking software pending an audit.
Jason Lefferts, a spokesperson for Massachusetts Health Connector, said in a statement that “personally identifiable information is not part of the tool’s structure and no personally identifiable information, not even the IP addresses of users of the tool, has ever been shared with any party in any way via this tool.” But LinkedIn’s tracker documentation makes clear that it correlates the information it receives with specific LinkedIn accounts so companies can use the data for features like retargeting website visitors. The company’s documentation also states it later obscures this information and eventually deletes it.
Spokespeople for the Rhode Island and Maine health exchanges said that they pay a vendor, Consumers’ Checkbook, to run a separate site that allows visitors to explore what plans are available to them through their states’ exchanges. It was from these sites that sensitive information was shared to Google. Consumers’ Checkbook’s sites are at different web addresses than the exchange sites, but are prominently linked to on the exchange sites and display identical branding like the state health exchange’s logo, making it unlikely that an average visitor would realize they were no longer on a state-run domain.
Christina Spaight O’Reilly, a spokesperson for HealthSource RI, said the company uses Google Analytics to study trends but not to serve ads, and “disables Google Signals Data Collection, ensuring that no data is shared with Google Ads for audience creation or ad personalization, and no session data is linked to Google’s advertising cookies or identifiers.” HealthSource RI’s terms of use mention the use of Google Analytics, she noted. A spokesperson for CoverME.gov made similar points, saying that the agency “does not collect or retain any data entered into the tool.”
When an individual selected a doctor on HealthSource RI, the doctor’s name was sent to Google Analytics.
Consumers’ Checkbook declined to comment beyond the exchanges’ statements.
All of the exchanges said that individually identifiable health information, like names and addresses, wasn’t sent to third parties. But the point of the trackers is to enhance information sent about a user with data the platforms already have on that user, and every tracker found by The Markup and CalMatters logged details about individual visitors, such as their operating system, browser, device, and times of visit.
In response to requests for comment, the tech companies whose trackers we examined uniformly said they do not want organizations sending them potentially sensitive health data, and that doing so is against their terms of use.
Steve Ganem, Director of Product Management for Google Analytics, said that “by default any data sent to Google Analytics does not identify individuals, and we have strict policies against collecting Private Health Information or advertising based on sensitive information.” A spokesperson for LinkedIn, Brionna Ruff, said that advertisers are not allowed “to target ads based on sensitive data categories,” such as health issues. A spokesperson for Snapchat owner Snap said the same, noting that sending purchases of supplies like prescriptions would run afoul of the company’s rules about sensitive data.
A Google Analytics information page specifically discusses how organizations that use the company’s tools should comply with the Health Insurance Portability and Accountability Act, which protects health data. The page notes that “Google makes no representations that Google Analytics satisfies HIPAA requirements.”
“It is important to ensure that your implementation of Google Analytics and the data collected about visitors to your properties satisfies all applicable legal requirements,” the page reads.
More incidents
State exchanges aren’t the only health sites that have sent medical information to social media companies.
In 2022, The Markup revealed that dozens of hospital websites shared information with Facebook’s parent company, Meta, through a tool called the Meta Pixel. The hospitals faced scrutiny from Congress and legal action. Another Markup investigation found trackers logging information about online drugstore visitors purchasing HIV tests and Plan B.
In 2023, a New York hospital agreed to pay a $300,000 fine for violations of the Health Insurance Portability and Accountability Act, or HIPAA.
In response to a series of incidents, the Department of Health and Human Services said in 2023 that use of social media trackers to log health information could violate HIPAA, although recent court decisions have narrowed how the law can be applied against companies that use those trackers.
Some plaintiffs have used state laws, like those in California, to argue that they should be compensated for having their health data sent to third parties without consent. Others have argued that this kind of tracking runs afoul of wiretapping or even racketeering laws.
“Organizations aren’t investing enough time and resources into properly vetting everything,” said Haskell, who advises clients to be very careful about the information they track on their sites. “When organizations are saying, ‘we didn’t understand that there’s a certain configuration of this tool that we’re using,’ well, I can’t really not put that on you.”
Ukraine’s capital city Kyiv on Tuesday was hit with a barrage of Russian drones and missiles, killing at least 10 people in an overnight assault that marked the deadliest attack on the capital in almost a year.
Moscow has been ramping up its aerial assaults on Ukrainian cities, using novel tactics to elude Ukraine’s defenses as the country faces a shortage of air defense missiles.
Even as Russia makes slow gains on the battlefield in Ukraine, Russian analysts fear the escalating Israel-Iran conflict will severely weaken Iran, one of Moscow’s key allies, The Washington Post reported. Others are more optimistic, arguing that the fighting in the Middle East could distract Kyiv’s Western allies from the war and boost oil prices, helping Russia’s finances.
Log in
reply
