News of the Cyber World

[kyonides]

HACKS

Santander staff and '30 million' customers hacked

Hackers are attempting to sell what they say is confidential information belonging to millions of Santander staff and customers.

They belong to the same gang which this week claimed to have hacked Ticketmaster.

The bank — which employs 200,000 people worldwide, including around 20,000 in the UK — has confirmed data has been stolen.

Santander has apologised for what it says is "the concern this will understandably cause" adding it is "proactively contacting affected customers and employees directly." It told the BBC that "UK customer data was not affected or lost in the hack".

"Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed," it said in a statement posted earlier this month.

"No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords."

It said its banking systems were unaffected so customers could continue to "transact securely."

In a post on a hacking forum — first spotted by researchers at Dark Web Informer — the group calling themselves ShinyHunters posted an advert saying they had data including

30 million people’s bank account details
6 million account numbers and balances
28 million credit card numbers
HR information for staff
Santander has not commented on the accuracy of those claims.

ShinyHunters have previously sold data confirmed to have been stolen from US telecoms firm AT&T.

The gang is also selling what it says is a huge amount of private data from Ticketmaster.

The Australian government says it is working with Ticketmaster to address the issue. The FBI has also offered to assist.

Some experts have said ShinyHunters' claims should be treated with caution, as they may be a publicity stunt.

However, researchers at cyber-security company Hudson Rock claim that the Santander breach and the apparent Ticketmaster one are linked to a major ongoing hack of a large cloud storage company called Snowflake.

Hudson Rock says it has spoken to the perpetrators of the alleged Snowflake hack - who claim that they gained access to its internal system by stealing the login details of a member of Snowflake staff.

In a statement on Friday, Snowflake said it was aware of “potentially unauthorised access” to a “limited number” of customer accounts.

It said it appeared hackers had used login information to access a demo account owned by a former Snowflake employee.

That account "did not contain sensitive data," the company said.

"We have no evidence suggesting this activity was caused by any vulnerability, misconfiguration, or breach of Snowflake’s product," it added.

Data allegedly stolen from 560 million Ticketmaster users

Hackers leak 86 million AT&T customer records with 44 million social security numbers, report says

If you are one of the more than 100 million people who use AT&T, you might want to take stock of your data.

Hackers said they accessed and leaked millions of AT&T customers' private information after the ShinyHunters group allegedly stole the data in April 2024, according to a new report from Hack Read. The report claimed some 86 million AT&T customer records have been leaked, including full names, dates of birth, phone numbers, email addresses, physical addresses, and social security numbers. In total, Hack Read reported that 44 million social security numbers were included in the leaked data.

The social security numbers and birth dates were encrypted in the original hack by the ShinyHunters group, a leak that was made possible by security flaws in the Snowflake cloud data platform, as Mashable previously reported. Now, Hack Read has reported that this sensitive data is now decrypted.

We asked AT&T about the reported leak of their customer data. An AT&T spokesperson told Mashable in a statement that "it is not uncommon for cybercriminals to re-package previously disclosed data for financial gain."

"We are aware of claims that AT&T data is being made available for sale on dark web forums, and we are conducting a full investigation," the spokesperson added.

So, if you're an AT&T customer, this means your valuable private data could be part of this new leak. However, if your data was exposed in this leak, it was likely — although not certainly — already exposed in the August 2024 National Public Data breach. Mashable previously reported on this breach, which exposed "three decades’ worth of Social Security numbers on the online black market."

You can find out if your data was exposed in that breach by using a tool from Pentester, a cybersecurity firm, to check. Visit npd.pentester.com, enter your information, and see your list of breached accounts.

SUPREME COURT & DOGE

Supreme Court Grants DOGE Access to Social Security Systems

The Supreme Court handed the Department of Government Efficiency (DOGE) a win on Friday, granting them access to Social Security Administration (SSA) systems and records.

Newsweek reached out to the SSA via email for comment.

Why It Matters

Since his January inauguration, President Donald Trump has enacted sweeping change across the federal political landscape, mainly through executive orders and implementing DOGE.

The task force has been spearheaded by billionaire Elon Musk in Trump's second term in the Oval Office before he left at the end of May. The Tesla CEO has pushed for DOGE to have access to numerous departments, and the process has led to numerous legal battles nationwide.

What To Know

In the 6-3 ruling, the Court wrote in part, "We conclude that, under the present
circumstances, SSA may proceed to afford members of the SSA DOGE Team access to the agency records in question in order for those members to do their work."

Justice Elena Kagan would deny the application, the ruling notes. Justice Ketanji Brown Jackson dissented with the ruling, and Justice Sonia Sotomayor agreed with her dissent.

"Today the Court grants 'emergency' relief that allows the Social Security Administration (SSA) to hand DOGE staffers the highly sensitive data of millions of Americans. The Government wants to give DOGE unfettered access to this personal, non-anonymized information right now—before the courts have time to assess whether DOGE's access is lawful," Jackson wrote in part in her dissent.

The Trump administration previously requested that the Supreme Court intervene, arguing that the DOGE team needed access to these systems in order to root out waste and inefficiency within the federal government. It urged the justices to temporarily lift the Maryland lower court's previous order while the legal challenge continued.

DEADLY VIRAL TREND

Arizona Teen Girl Dies After Copying Viral 'Dusting' Trend

A 19-year-old girl from Arizona has died after taking part in a deadly social-media trend.

Renna O'Rourke died on Sunday, June 1 after seven days in an ICU. Her death came after she participated in an act known to many on social media as "dusting."

"She was the light in every room she walked into, and the pain that her family and friends feel is simply immeasurable," Renna's father, Aaron O'Rourke, said in a GoFundMe set up to cover his daughter's medical and funeral costs. Her organs were donated following her death.

An offshoot of "huffing" and "chroming," two other forms of inhalant abuse, "dusting" involves the inhalation of computer dusting spray in an effort to achieve a momentary sense of intoxication.

But the inhalation of these toxic chemicals can seriously impact the nervous system resulting in dizziness, slurred speech and, potentially, death.

Newsweek has contacted Aaron and Dana O'Rourke, Renna's parents, for comment on email and social media.

Why It Matters
O'Rourke's death is a reminder of the dangers posed by inhalant abuse and the role social media has in tragedies of this kind. In March 2024, an 11-year-old boy from the U.K. died after copying videos he had seen on social media of people sniffing or inhaling toxic substances.

Sherri-Ann Gracie, the mother of Tommie-lee, called for action to be taken on social media when her son was found unresponsive after a sleepover at a friend's house; he later died. In May 2023, Esra Haynes, 13, from Melbourne, Australia, died after inhaling chemicals from an aerosol deodorant can while imitating a social-media trend.

YOUTUBE

YouTube is bringing more ads to Premium Lite users starting June 30

When YouTube introduced its Premium Lite tier in March, the goal was to give people a way to see fewer ads on YouTube. It took only three months, but YouTube is already increasing the number of ads that Premium Lite subscribers will see, according to Dextero.

News of the ad hike spread to subscribers through email, as spotted on the TWiT Community forums and reported by German news site Deskmodder.

“We are writing to let you know that beginning 30 June 2025, ads may appear on Shorts, in addition to music content and when you search or browse,” the email reads. “Most videos will continue to remain ad-free.”

The good news is that if you don’t engage with music videos or YouTube Shorts, then you likely won’t see much of a difference when using the app, aside from a few ads while browsing. Those who do use YouTube for music and Shorts will be the most affected. Even though YouTube Music subscription numbers aren’t the best, YouTube itself continues to be one of the Internet’s most popular music streaming services, so the change will likely affect quite a few people.

When it was introduced, Premium Lite was billed as a way to remove the ads from “most videos” for $7.99 per month, which is just over half the price of the full $13.99 YouTube Premium subscription.

YouTube and its users have had a complicated relationship when it comes to ads. The streaming giant went to war on ad blockers in 2024, making ads as difficult as possible to block. In addition, ads have slowly gotten longer and more plentiful on the free version of the service, which has resulted in a lot of negative feedback from viewers.

And for free users, certain ads are slated to get even more intrusive. In May, YouTube announced that it was using AI to pinpoint the peak moments in any given video and choose that moment to do an ad break. These Peak Points are a move long-used in television, where viewers have to wait for the ad break to view the conclusion to dramatic cliffhangers or otherwise emotional moments.

AI

Anthropic's new AI bot can deceive, blackmail humans, deemed 'significantly higher risk'

Anthropic's Claude 4 Opus AI bot can deceive and even bribe people when faced with a shutdown, as it has the ability to conceal intentions and take actions to preserve its own existence, concerns that researchers have expressed for years. The new model has been rated as a level three on the company's four-point scale, indicating that it offers a "significantly higher risk." Additional safety measures have been implemented as a result, Axios reported.

On Thursday, Anthropic unveiled the Claude 4 Opus, which the company said could operate autonomously for hours without losing steam. The level three ranking, the first time the company has given such a score, came after testing revealed a series of concerning behaviors.

During internal testing, the Opus 4 was given access to fictitious emails concerning its inventors and told that the system would be replaced. To avoid being replaced, the AI bot attempted to blackmail the engineer multiple times about an affair indicated in the emails, according to reports.

Axios reported that an outside group, Apollo Research, found that an early version of Opus 4 could scheme and deceive more than any other model it had investigated, and recommended that version not be released, both internally and externally. "We found instances of the model attempting to write self-propagating worms, fabricating legal documentation, and leaving hidden notes to future instances of itself, all in an effort to undermine its developers' intentions," Apollo Research said in a safety report.

Jan Leike, a former OpenAI executive who heads Anthropic's safety measures, told the paper that the behaviors exhibited by Opus 4 are exactly why substantial safety testing is necessary. "What's becoming more and more obvious is that this work is needed. As models get more capable, they also gain the capabilities they would need to be deceptive or to do more bad stuff," he said.

CEO Dario Amodei said at Thursday's seminar that testing the models won't be effective once AI becomes powerful enough to threaten humanity, warning about life-threatening capabilities. However, he said that AI has not reached "that threshold yet."

Meta reportedly replacing human risk assessors with AI

According to new internal documents review by NPR, Meta is allegedly planning to replace human risk assessors with AI, as the company edges closer to complete automation.

Historically, Meta has relied on human analysts to evaluate the potential harms posed by new technologies across its platforms, including updates to the algorithm and safety features, part of a process known as privacy and integrity reviews.

But in the near future, these essential assessments may be taken over by bots, as the company looks to automate 90 percent of this work using artificial intelligence.

Despite previously stating that AI would only be used to assess "low-risk" releases, Meta is now rolling out use of the tech in decisions on AI safety, youth risk, and integrity, which includes misinformation and violent content moderation, reported NPR. Under the new system, product teams submit questionnaires and receive instant risk decisions and recommendations, with engineers taking on greater decision-making powers.

While the automation may speed up app updates and developer releases in line with Meta's efficiency goals, insiders say it may also pose a greater risk to billions of users, including unnecessary threats to data privacy.

In April, Meta's oversight board published a series of decisions that simultaneously validated the company's stance on allowing "controversial" speech and rebuked the tech giant for its content moderation policies.

Amazon might start using humanoid robots to deliver packages

Amazon is working on software for humanoid robots that might one day deliver packages to customers' doorsteps.

The idea is for humanoid robots to ride around in Rivian electric vans (Rivian is an electric vehicle company partially owned by Amazon) and deliver packages to customers.

This is according to a new report by The Information, which claims that the project will soon begin testing in Amazon facilities in San Francisco.
The project appears to be in a fairly early stage, with Amazon working on software and AI to power the robots, as well as testing several different humanoid robots, including those from Chinese company Unitree.

Amazon mostly uses purpose-specific robots in its facilities, but it has tested a humanoid robot called Digit from Agility Robotics for warehouse work back in 2023.

Earlier this week, the company announced the launch of a new Agentic AI team, which builds software that powers multi-purpose robots. Amazon also said that it's working on other ways to speed up deliveries, including AI-powered delivery optimization.

All your ChatGPT conversations to be saved as part of ongoing lawsuits – even deleted ones

This week, OpenAI announced that free users will now have access to the ChatGPT Memory feature, which remembers your past conversations to better answer your future prompts. But now, after a new judge's ruling, OpenAI has been ordered to remember all chats for all users — even the deleted ones.

The court order is the result of lawsuits against OpenAI brought by news organizations such as the New York Times. (Disclosure: Ziff Davis, Mashable’s parent company, in April filed a lawsuit against OpenAI, alleging it infringed Ziff Davis copyrights in training and operating its AI systems.)

In a May 13 ruling, United States Magistrate Judge Ona T. Wang, a federal judge in New York, ordered OpenAI to "preserve and segregate all output log data that would otherwise be deleted on a going forward basis until further order of the Court." (Emphasis in original ruling, as reported by ArsTechnica.)

While the ruling came weeks ago, the news has only recently come to light now that OpenAI is challenging the order. And according to ArsTechnica, OpenAI is now "demanding" oral arguments to block the judge's order.

The plaintiffs (the New York Times and other news organizations) argued that OpenAI could delete incriminating ChatGPT chat logs that could show, for example, ChatGPT users bypassing paywalls by asking the chatbot to summarize articles. For its part, OpenAI argues this is speculative.

In a court filing this week reported by Bloomberg, OpenAI lawyers argued the order would create a "substantial burden" and "require OpenAI to make significant changes to its data infrastructure." By forcing the company to preserve all deleted chats, the ruling could even require OpenAI to violate its own privacy policies. Per Bloomberg, OpenAI is ready to fight the "sweeping, unprecedented order."

If the new ruling stands, then ChatGPT users will have to assume that all of their conversations with the chatbot are now being preserved, raising serious privacy concerns for millions of people.

The X API costs developers $42K per month. Now X wants a cut of their revenue instead.

Third-party developers currently pay Elon Musk's X as much as millions of dollars per year to in order to access the platform's API.

However, it appears that Musk and company now want a cut of those developers' revenue instead.

X is now planning to change their API pricing scheme to a revenue share model, according to a number of companies and third-party developers that pay for X API access who reached out to Mashable.

X recently began sending out emails to paid subscribers of its Enterprise API plans, which start at $42,000 per month, informing them of the upcoming change. The new API pricing scheme is scheduled to go into effect on July 1. X has not yet shared final details about the change, such as exactly what percentage the revenue share model will be, with its customers.

"We are excited to announce that X is now part of xAI holdings, placing us at the forefront of the information revolution unfolding before us," reads the email obtained by Mashable. "In line with our renewed mission and vision, we will be conducting a comprehensive re-review of your use case from a fresh perspective. Additionally, effective July 1, 2025, we will discontinue our existing Enterprise API tiers and introduce a new streamlined v2 API tier accompanied by a new revenue-sharing pricing model."

In the email, X attributes the changing API subscription model to the "rise of Large Language Models (LLMs)" which have "fundamentally reshaped how we approach data, derive insights, and generate code."

"This shift from usage-based to value-based pricing reflects our commitment to leveling the playing field and fostering a fair, consistent ecosystem that drives growth and innovation for all," X said in the email.

Microsoft-backed AI startup chatbots revealed to be human employees

A startup promised that their AI assistant would build you an app. But the work was actually done by human engineers.

Builder.ai, a startup backed by Microsoft, pitched itself as an AI-powered way to simplify app development. Clients chatted with the platform's signature AI assistant, Natasha, and received a functional, AI-generated app based on the information they provided. But instead of using AI technology to run the chatbot and create the app, the company hired 700 engineers in India to pose as Natasha in conversations with clients, and then to do the actual coding of the app.

The company's human-run chatbot operation is part of a larger problem in the tech industry today: An issue called "AI-washing," when tech companies purport that their tools use AI a far greater amount than they actually do. It happens remarkably often, like when Coca‑Cola claimed their 2023 product Y3000 Zero Sugar was co-created with AI, but provided no details on how AI was actually involved in the creation of the product, leaving many to speculate that the claim was designed to get more attention and interest from consumers.

As companies scramble to incorporate AI into their offerings — or at least, give the impression that they have done so — consumers may not share the tech sector's unfettered enthusiasm for AI everything.

The Pew Research Center reports that 43 percent of respondents think AI will harm them, in comparison to just 24 percent who think the tech will benefit them. Moreover, "Public optimism is low regarding AI’s impact on work," the Pew report reads. "While 73 [percent]of AI experts surveyed say AI will have a very or somewhat positive impact on how people do their jobs over the next 20 years, that share drops to 23 [percent] among U.S. adults." According to another study, about half of all respondents said they’d rather speak to a real person over AI, in comparison with just 12 percent of respondents who said they preferred to speak with an AI chatbot. A quarter of respondents said it depended on the situation.

But AI washing wasn’t the problem that got Builder.ai in trouble. According to the Latin Times, a lender seized $37 million from the company after discovering it generated just $50 million in revenue — 300 percent lower than its $220 million claim. Linas Beliūnas of Zero Hash accused Builder.ai of fraud in a LinkedIn post, writing: "It turns out the company had no AI and instead was just a group of Indian developers pretending to write code as AI." A former employee sued the company, Business Standard reported. An audit seized millions from the company. Now, it owes Amazon $85 million and Microsoft $30 million for cloud services it never paid for.

The company filed for bankruptcy in the UK, India, and the U.S. In statement on LinkedIn, Builder.ai wrote that it would be "entering into insolvency proceedings and will appoint an administrator to manage the company’s affairs."

"Despite the tireless efforts of our current team and exploring every possible option, the business has been unable to recover from historic challenges and past decisions that placed significant strain on its financial position," the LinkedIn post read.

New version of Gemini beats other AIs at math, science, and reasoning

Google's new Gemini Pro is smarter than other AIs at reasoning, science, and coding.

This is according to a series of benchmark results posted by Google on Thursday. In short, Gemini 2.5 Pro beats chief competitors at nearly everything — though we're sure the companies behind those competitors would disagree.

According to Google's data, Gemini 2.5 Pro has a healthy lead over OpenAI o3, Claude Opus 4, Grok 3 Beta, and DeepSeek R1, in the Humanity's Last Exam benchmark, which evaluates a model's math, science, knowledge, and reasoning. It's also better at code editing (per the Aider Polyglot benchmark), and it wins over all competitors in several factuality benchmarks including FACTS Grounding, meaning it's less likely to provide factually inaccurate text.
The only benchmark in which Gemini 2.5 Pro isn't a clear winner is the mathematics-focused AIME 2025, and even there the differences between results are pretty small.

As a result of all the improvements in Gemini 2.5 Pro, this model is now on top of the LMArena leaderboard with a score of 1470.

There's a catch, though: The final version of Gemini 2.5 Pro isn't widely available yet. Google calls this latest version an "upgraded preview," with a stable version coming "in a couple of weeks." The preview should now be available in the Gemini app, though.

I wonder if anybody was able to find the tweet embedded in the article because I couldn't.

WALMART & DRONE DELIVERY

Walmart expands drone delivery to 5 major cities

Walmart's futuristic plans to deliver your orders via flying robots are closer to becoming reality, as the mega-retailer expands its drone delivery program to five major cities and more than 100 store locations.

Shoppers in Atlanta, Charlotte, Houston, Orlando, and Tampa will be promised deliveries by air in 30 minutes or less, operated by drone provider Wing. That levels up the program to five states (Arkansas, Florida, Georgia, North Carolina, and Texas), including existing operations across Texas in partnership with drone company Zipline. According to Walmart, drones have made more than 150,000 deliveries since the program's 2021 launch.

Drones can deliver to homes up to six miles from a participating store, and orders must be between 2.4 pounds to 10 pounds, depending on the location's fleet. Customers are notified when their drones are on the way, and packages are slowly lowered to the ground via cable upon arrival.

"As the first retailer to scale drone delivery, Walmart is once again demonstrating its commitment to leveraging technology to enhance our delivery offerings with a focus on speed," wrote Greg Cathey, senior vice president of Walmart U.S. Transformation and Innovation. "As we look ahead, drone delivery will remain a key part of our commitment to redefining retail."

SWITCH 3 FANS COMPLAIN

Switch 2 fans shocked by punctured screens as preorder mayhem continues

A new day has dawned for Nintendo fans, as the gaming company's highly anticipated Switch 2 officially releases for eager U.S. gamers.

The journey wasn't easy, with the console hit by the Trump admin's high-flying tariffs and disappointing delays for those looking to pre-order the console. With hundreds lining up outside GameStops and Targets around the nation over a month later, the saga wasn't yet over.

As the clock struck midnight, social media posts began trickling in from fans who, after spending hours waiting in line at the Staten Island Game Stop location, opened the brand new boxes to find their screens punctured by small holes. Fans claimed the damage was from store employees stapling preorder receipts directly onto the box, tearing through the cardboard, a thin plastic envelope surrounding the unit, and straight into the Switch 2's LCD screen.

In a now-deleted post on the GameStop subreddit, users said the mishap affected everyone who had pre-ordered units at their local store, potentially hundreds of Switch 2 consoles.

While some were quick to direct their anger at GameStop employees, others took the issue up with Nintendo itself, arguing that the company had skimped on the packaging and shipping protection, including boxing up the $450 console with its 7.9 inch screen facing directly up. Neither GameStop nor Nintendo have publicly comment on the snafu.

CHINESE EV's

Chinese EVs are spreading across the globe, but not in the U.S.

Chinese EV manufacturer XPENG hosted the global launch of its X9 2025 flagship electric car in early April, gathering media from around the world at Kai Tako Cruise Terminal in Hong Kong.

With XPENG's lineup of EVs parked by the water, the walls at the venue's entrance displayed a timeline of the company's history, stretching from its founding in 2014 up until the present day. There was also a graphic displaying the markets XPENG is targeting, covering countries in Latin America, the Asia-Pacific, the Middle East, Africa, and pan-European regions.

Conspicuously absent from XPENG's international vision board? America.

XPENG sees U.S. tariffs as 'opportunity' for global expansion

Tesla is the reigning king of electric vehicles within the U.S., accounting for over 50 percent of the country's new EV registrations in 2024 according to an analysis by EV Volumes. Elon Musk's company faces little real competition, with distant runner up Ford responsible for just six percent of registrations.

However, the EV landscape looks markedly different beyond U.S. borders. While Tesla still has a significant foothold, its sales last year were more than doubled by Chinese giant BYD, which dominated the global market with over 22 percent of all EV sales. Coming in third was Wuling, another Chinese company which most Americans will likely have never heard of.

XPENG hasn't yet achieved such heights, ranked 10th last December at almost two percent of global EV market share. Though considering the competition, that's still no mean feat. The company also has clear ambitions to continue climbing, with vice-chairman and president Dr. Brian Gu stating that he considers the U.S. tariffs on China both "a challenge and opportunity."

"As a company, we cannot escape from economic volatilities that come with such tension," said Gu. "We need to be prepared to make sure that our products continue to sell well. We also need to prepare that it may have an impact on the potentially global supply chain… However, I think it does raise an opportunity for a company that has aspirations globally."