GRUNGECAKE

Category: Tech

  • More than 183 million Gmail-linked passwords exposed

    [media-credit name=”The Sun” link=”https://www.the-sun.com/tech/15402094/183million-gmail-passwords-stolen-in-massive-data-breach” width=2048 align=”center”][/media-credit]

    Security researchers have warned that approximately 183 million email login credentials, including a significant number tied to Gmail accounts, were exposed in a massive credential-dump.

    The leak appears to have resulted not from a direct breach of Gmail or Google LLC’s systems, but rather from malware-infected devices. These devices collected usernames and passwords via “infostealer” logs, which in turn ended up in a large dataset now publicly accessible. This dataset is part of a trove reportedly about 3.5 terabytes in size and drawn from multiple sources rather than one single hack.

    For Gmail users (and users of other email providers) the risk is real. Whilst Google says it is not aware of a breach of its own login systems, it emphasises that passwords appearing in external dumps still pose a threat because of reused passwords, credential-stuffing attacks and phishing schemes.

    What you can do:

  • Use the site Have ‘I Been Pwned’ to check whether your email address or password shows up in known leaks.
  • Change your password to a strong, unique one (for example, not used for other sites) if there’s any suspicion of exposure.
  • Enable multi-factor authentication (MFA) or passkeys where available.
  • Review account access logs for unfamiliar devices or apps.

    • The incident underscores a broader shift in cyber-risk: The point of compromise is increasingly the user’s device or environment rather than a central corporate database. And so the protection partly depends on users staying proactive. While there’s no indication this leak was caused by a Gmail-specific vulnerability, Gmail users should still treat their account credentials—and the recovery methods tied to them—as potential targets.

  • Apple says United States passport digital IDs are coming to Wallet ‘soon’

    [media-credit name=”Jakub Porzycki/Nurphoto/Getty Images” link=”https://techcrunch.com/2025/10/27/apple-says-u-s-passport-digital-ids-are-coming-to-wallet-soon” width=2048 align=”center”][/media-credit]

    Apple is gearing up to let United States users add their passports to Apple Wallet as a digital ID credential, according to a recent report. The feature was announced by Apple Inc. during the rollout cycle of iOS 26 and reflects the company’s push to transform the Wallet app into more than just payments and boarding passes.

    Under the new system, users will “create and add a Digital ID to Apple Wallet using a US passport”, Apple says—though the company emphasises that this digital credential is not a replacement for the physical passport, especially for international travel. More precisely: The digital ID is intended for identity checks at select domestic locations—such as Transportation Security Administration (TSA) checkpoints—rather than border crossings.

    Why does this matter?

  • It signals a shift in how official identity documents may be carried and validated: Your phone (and probably your watch) moves closer to replacing one of the bulkiest items in your bag.
  • For travellers (especially domestic ones), the possibility of ditching the physical passport at TSA is appealing.
  • On the other hand, questions remain regarding security, privacy, and fallback scenarios (such as a dead battery or a lost phone). Some users and developers voiced caution—even on sites like Hacker News.

    • When will it land? Apple hasn’t given a firm date beyond “soon”. The feature didn’t debut with iOS 26’s initial release, but it was confirmed to be coming in a future update.

    If you’re managing travel plans, digital identity, or privacy policy for clients (or yourself), this is a development worth keeping an eye on.

  • T-Mobile closes autopay loophole, sparking customer outrage over lost discounts

    [media-credit name=”WIRED” link=”https://www.wired.com/story/tmobile-data-breach-again” width=2394 align=”center”][/media-credit]

    T-Mobile is facing customer backlash after announcing it will end a loophole that allowed users to claim its $5 autopay discount by paying via credit card under certain conditions.

    Historically, T-Mobile offered a $5 per line monthly discount to subscribers who set up autopay. After officially removing credit cards as an eligible payment method for the discount in 2023, some users found a workaround: They would update their payment method to a bank-account-based autopay (which qualified), then pay early with a credit card, thus retaining the discount. T-Mobile says the loophole is now closed. As of October 24, customers who pay early using a credit card will forfeit the discount for that billing cycle.

    The carrier cites mounting credit-card processing fees as a key reason behind the change. According to data referenced by T-Mobile, swipe fees for Visa and Mastercard credit cards rose from $100 billion in 2023 to $111.2 billion in 2024, a year-over-year jump of more than 10%.

    Reactions from users have been swift and sharp. On Reddit and other forums, long-time subscribers said they feel the move undermines their trust in T-Mobile’s pricing promises.

    “Well, there goes the free phone insurance that comes with my Amex Platinum, which will now cost me $35/month”, wrote one customer.

    Another worried: “So my bill is going up $40 a month? For…. the privilege of paying them? Lmao, what a bad joke.”

    This change comes amid a broader wave of adjustments by T-Mobile—including price hikes on legacy plans and fee increases—occurring as the company transitions leadership with CEO Mike Sievert slated to step down on November 1 in favour of Srini Gopalan.

    For customers, the lesson is clear: What once seemed like a reliable discount may no longer be. For the carrier, it’s a recalibration of incentives amid tightening margins and rising costs. Whether the goodwill cost is worth the savings remains to be seen.

  • Apple removes ICE-tracking app after US government pressure

    [media-credit name=”Reuters” link=”https://www.reuters.com/sustainability/society-equity/apple-removes-ice-tracking-apps-after-pressure-by-trump-administration-2025-10-03″ width=1536 align=”center”][/media-credit]

    In early October 2025, Apple quietly removed ICEBlock—an iOS app that allowed users to crowdsource sightings of US Immigration and Customs Enforcement (ICE) agents—from its App Store, citing “safety risks” flagged by law enforcement. The takedown came after direct pressure from the US Department of Justice and Attorney General Pamela Bondi, who argued that the app posed a danger to agents performing their duties.

    Launched in April by developer Joshua Aaron, ICEBlock functioned like a reverse radar: Users could anonymously alert others within a five-mile radius when ICE officers appeared in public spaces. Reports would disappear after four hours to limit persistent tracking.

    Within months, it had amassed over a million users and become a flashpoint in the broader debate surrounding immigration enforcement, civil liberties, and technological surveillance.

    Apple says it acted after receiving law enforcement information about the risks associated with ICEBlock’s design and usage. Critics counter that the removal amounts to censorship under political duress, noting that other apps—like Waze or Google Maps—allow users to flag police or speed traps but remain untouched. Legal experts note that the act of observing or reporting government agents in public is often shielded under the First Amendment, so long as no interference occurs.

    Supporters of ICEBlock view it as a civic tool: A way for communities to respond to surprise immigration raids, monitor enforcement patterns, and protect vulnerable populations.

    Opponents argue it could escalate risk, incite violence, or facilitate obstruction. The debate raises a tougher question: When tech becomes a medium for political resistance, how should platforms navigate state pressure, civil liberties, and safety claims?

  • Daniel Ek steps down as Spotify CEO, moves to Executive Chairman Role

    [media-credit name=”Noam Galai/Getty Images for Spotify” link=”https://www.entrepreneur.com/business-news/spotify-founder-ceo-daniel-ek-stepping-down/497767″ width=1000 align=”center”][/media-credit]

    After nearly two decades at the helm of Spotify, co-founder Daniel Ek is stepping away from the CEO role and shifting into Executive Chairman starting January 1. But before you picture him disappearing, he’s been clear:

    “To be clear, I’m not leaving.”

    Ek’s intention is to hand more of the day-to-day operational reins to two long-time lieutenants: Alex Norström (co-President & Chief Business Officer) and Gustav Söderström (co-President & Chief Product & Technology Officer). They’ll become co-CEOs and report to Ek, also joining Spotify’s board.

    Spotify says this restructure isn’t a sudden pivot but a formalisation of how things have already been functioning: Over recent years, Ek had delegated much of the strategic and operational leadership to Norström and Söderström. His new role will focus on capital allocation, long-term strategy, and guiding the senior leadership team.

    This shift comes at a pivotal moment. Spotify now serves over 700 million users, up from about 678 million earlier this year. Financially, the company had its first full year of profitability in 2024, reporting €1.14 billion in net income, though it swung back to a loss of ~€86 million in Q2 of 2025, citing rising personnel and advertising costs.

    Ek himself holds about 6.2 % of Spotify, and most of his net worth is tied to that stake. The co-CEO structure is rare among large public companies—under 5 % employ it.

    What to watch: How smoothly the transition plays out, whether Spotify’s momentum holds, and how the dynamic between the new co-CEOs and Ek evolves. A founding CEO’s move to a more strategic role is less about stepping back and more about scaling his influence differently.

  • Spotify deletes 75 million spam tracks as company tightens rules around AI music

    [media-credit name=”Spotify Newsroom” width=1920 align=”center”][/media-credit]

    Spotify has made a sweeping move against spam content on its platform by removing over 75 million tracks deemed “spammy” over the past year. The decision comes amid rising concern about the misuse of AI tools to generate fraudulent or misleading audio content. Many of these tracks were ultra-short, duplicated, or clear imitations generated via AI—uploaded in bulk to exploit streaming royalties. The goal has often been to capitalise on Spotify’s revenue model: Any track longer than 30 seconds can generate payouts, meaning that these low-effort uploads siphon attention and earnings away from legitimate artists.

    In response, Spotify is introducing new safeguards. First, a music spam filter is being rolled out to detect suspicious uploads and prevent them from appearing in recommendations—or sometimes from ever being uploaded. Second, the company is tightening its rules around vocal deepfakes and impersonations: artists must give explicit permission for their voice or likeness to be used; tracks that impersonate artists without consent are disallowed.

    Third, Spotify is working with the standards organisation DDEX to create voluntary industry metadata standards for labeling AI-assisted content. While disclosures won’t yet be mandatory, the company says this step is about building trust rather than punishing responsible creators.

    Spotify emphasises that despite all this spam and potential for AI misuse, current engagement with AI-generated content on the platform remains very low. The company says it is not seeing meaningful impacts on user listening behavior or on royalty distribution to human artists.

    As AI tools for music become more accessible, Spotify’s latest policies reflect an attempt to balance openness to innovation with protection of artist integrity and listener trust. Whether they will be enough to stem growing concerns over deepfakes, fraudulent uploads, and AI impersonation remains to be seen.

  • Ye’s Instagram hacked amid launch of new meme coin

    On August 26, 2025, Ye—formerly known as Kanye West—alerted his 33.1 million followers on X (formerly Twitter) that his Instagram account had been compromised. The artist warned that hackers had manipulated his account to promote a fraudulent cryptocurrency, whilst he shared the genuine details of his new Solana-based meme coin, “YZY MONEY”.

    Ye clarified to fans: “My Instagram has been hacked and it’s following a fake coin. The official project is @YZY_MNY.” He emphasised the authenticity of the project by furnishing the correct Solana contract address.

    This marks Ye’s first legitimate venture into cryptocurrency using his own name and likeness—a notable shift from past involvement. Back in 2014, he famously sued the creators of “Coinye West”, an unauthorised meme coin that had co-opted his likeness. Earlier this year, he shared that he had declined a two million offer to endorse a faux cryptocurrency scheme that would involve claiming a hacked account shortly after promotion.

    Despite an impressive debut of nearly three billion in fully diluted value, YZY MONEY experienced a steep 81% decline in market value, resulting in substantial losses for some investors.

    Fortunately, Ye appears to have regained control of his Instagram. The suspicious account promoting the fake token no longer appears among his followers, and the illicit posts have been removed.

  • Instagram now restricts Live broadcasts to accounts with 1K+ followers and public profiles

    [media-credit name=”Instagram” width=2350 align=”center”][/media-credit]

    Instagram has quietly changed the rules for its Live streaming feature: As of early August 2025, only public accounts with at least one-thousand followers can initiate a Live broadcast. Accounts falling below that follower threshold or set to private will no longer see the option—an on‑screen message states: “Only public accounts with 1,000 followers or more will be able to create live videos.”

    Previously, the Live function was accessible to all users regardless of follower count or account visibility. This update brings Instagram more in line with platforms like TikTok, which also mandates a one-thousand‑follower minimum. In contrast, YouTube allows users with just fifty subscribers to go live, highlighting how Instagram’s new bar may shut out many emerging creators.

    Meta has not issued an official rationale, but industry coverage suggests the move aims to elevate overall content quality while reducing the cost and bandwidth required for livestream infrastructure. A more experienced, professional creator base could also increase monetisation opportunities and viewer engagement. The reaction from smaller creators and casual users has been swift and critical. Many had relied on Live for genuine, personal, and community‑driven experiences—and now feel disproportionately excluded. Critics argue that the change favors influencers with established followings, making it harder for newcomers to grow organically.

    In practical terms, users with fewer than one-thousand followers will find the Go Live button removed entirely—and if their account is private, Live is off limits regardless of follower count. Instagram hosts some two billion users, and analysts estimate this restriction affects over 1.7 billion of them—a massive segment of the platform. As a result, smaller creators may now choose to invest in follower growth quickly (also leading to concerns about follower-buying scams), explore alternative live platforms, or double down on other content formats entirely.

  • Africa, meet 7 Black astronauts

    Co-hosted by Africa.com and the Student Sponsorship Programme (SSP), the event highlights the transformative power of STEM (Science, Technology, Engineering, and Mathematics) education

    Africa.com is excited to present Africa, Meet 7 Black Astronauts. The free, virtual event features seven Black NASA astronauts. Scheduled for March 18, 2025, this inspiring event invites students, educators, and curious minds from across Africa and beyond to hear firsthand from trailblazing astronauts who have made history in space exploration.

    Co-hosted by Africa.com and the Student Sponsorship Programme (SSP), the event highlights the transformative power of STEM (Science, Technology, Engineering, and Mathematics) education and offers a rare opportunity to engage directly with some of the most accomplished astronauts of our time.

    The 7 featured astronauts:

    Dr Robert L Satcher Jr – NASA astronaut, orthopedic surgeon, and the first orthopedic surgeon in space

    Captain Winston E Scott – NASA astronaut, naval aviator, and veteran of multiple spacewalks

    Major General Charles F Bolden Jr – NASA astronaut, former NASA Administrator, and space shuttle commander

    Dr Bernard A Harris Jr – NASA astronaut, physician, and the first Black American to perform a spacewalk

    Joan E Higginbotham – NASA astronaut and aerospace engineer who flew aboard Space Shuttle Discovery

    Colonel Frederick D Gregory – NASA astronaut and the first African American to pilot and command a space shuttle mission

    Captain Robert L Curbeam Jr – Veteran NASA astronaut with three spaceflights and seven spacewalks

    Inspiring Africa’s next generation of scientists and engineers

    “As Africa advances in technology and innovation, we must invest in inspiring young minds to dream big”, said Teresa Clarke, Chair and CEO of Africa.com. “The event brings together seven pioneering Black astronauts whose careers exemplify perseverance, education, and ambition. We hope their stories will ignite the passion of Africa’s future scientists, engineers, and technology trailblazers.”

    This live-streamed event is open to all and will feature engaging discussions on the astronauts’ experiences in space, the challenges they overcame, and the critical role of STEM education in shaping the future of exploration. Attendees will also have the opportunity to submit questions, making this an interactive and inspiring experience.

    Event Details:
    Date: March 18, 2025
    Time: 3:00 PM (SAST, UTC +2)
    Registration: Join from anywhere in the world

  • Alec Muffet says the United Kingdom secretly sponges encryption advice from government websites

    [media-credit name=”Wikipedia” link=”https://en.wikipedia.org/wiki/Flag_of_the_United_Kingdom” width=2560 align=”none”][/media-credit]

    According to a report on TechCrunch, the UK government has allegedly removed encryption advice from its government websites without notifying the public. The alleged news comes weeks after “demanding backdoor access to encrypted data stored on Apple’s cloud storage service, iCloud.” A security expert, Alec Muffet, discovered the alleged changes and wrote a blog post on Wednesday to bring light to the UK’s National Cyber Security Centre (NCSC) alleged motions. To learn more about what’s happening in the United Kingdom and Apple challenging the UK’s data access order in the Investigatory Powers Tribunal (IPT), you can visit this link.

    [adace-ad id=”64618″]