Last Week’s Quote was: “Mind is the cause, and what we term matter, or the visible, is effect,” was by Ernest Holmes.  Congrats to Jon, our winner.  Well done!

This Week’s Quote:  “Some things have to be believed to be seen.”  By ???

THE RULES:  No searching up the answer, must be posted at the bottom of the blog post, in the comments section.

The Prize:  First person to post the correct answer gets their next domain or hosting renewal on us.

Google Got Your Health Info Without You Knowing, and Here’s What Happened

On April 9, 2024, Blue Shield of California disclosed a potential HIPAA data breach involving Google. From April 2021 to January 2024, a misconfigured Google Analytics tool on its website may have shared users’ protected health information with Google Ads.

The exposed data could include patient names, insurance details, ZIP codes, and “Find a Doctor” search activity. Although the leak did not involve banking and social security information, it may still affect many users. Blue Shield said it “severed” the link in January and began notifying affected members. However, it admits that the full extent of the exposure is unclear “due to the complexity and scope.”

“There was no bad actor involved,” the company claims. Google allegedly did not misuse or further share the data. Ian Gray, director at Flashpoint, notes that even unintended disclosures like this raise concerns. “HIPAA still requires consent for using protected health data in advertising.”

The breach isn’t yet listed on the government’s official data breach registry. However, due to its scale, it could become one of the biggest HIPAA-related violations in years.

Read: https://reclaimthenet.org/blue-shield-of-california-reports-potential-hipaa-data-breach-sharing-data-with-google

Massive Hertz Data Leak Revealed, and It’s Worse Than You Think

On April 14, 2025, Hertz confirmed that customer data was stolen during last year’s Cleo file transfer software attacks. The breach affects Hertz, Dollar, and Thrifty rental car customers across the US.

Exposed data includes names, birth dates, contact info, credit card and driver’s license numbers, and even Medicare and Social Security details for some. These were tied to accident-related claims and compensation cases.

The data was stolen via Cleo products used by Hertz “for limited purposes.” The cybercrime gang Cl0p took credit for the wider Cleo hacks, which impacted around 70 companies. Cleo had patched earlier bugs, but attackers found workarounds.

Hertz claims no misuse of the stolen data has been confirmed. Still, the company urges vigilance and is offering two years of identity and dark web monitoring through Kroll.

“Hertz takes the privacy and security of personal information seriously,” the company said. Security experts remain skeptical, especially since so few affected companies have spoken out about Cl0p’s widespread attack.

Read: https://www.theregister.com/2025/04/15/hertz_cleo_customer_data/

Nate CEO Charged After AI Shopping App Found to Rely on Human Labor

According to the US Department of Justice’s Southern District of New York, Albert Saniger, founder and former CEO of Nate, was charged with defrauding investors. Nate, launched in 2018, marketed itself as an AI-powered shopping app that enabled one-click purchases from any e-commerce site. The DOJ alleges that the app’s automation rate was “effectively 0%,” with transactions completed manually by hundreds of contractors in a Philippine call center. Saniger allegedly misrepresented this reliance on human labor, claiming AI handled transactions “without human intervention,” except in rare edge cases.

Nate raised over $50 million from investors, including Coatue and Forerunner Ventures, and closed a $38 million Series A in 2021 led by Renegade Partners. Despite acquiring some AI technology and hiring data scientists, the core service remained manual. This discrepancy was first exposed by The Information in 2022. By January 2023, Nate had run out of money and sold its assets, leaving investors with “near total” losses. Saniger, who stepped down as CEO in 2023, is now listed as a managing partner at Buttercore Partners, which has not commented.

Read: https://techcrunch.com/2025/04/10/fintech-founder-charged-with-fraud-after-ai-shopping-app-found-to-be-powered-by-humans-in-the-philippines/

Chinese Hackers Are Hiding in Plain Sight Using Free Tools in Alarming Global Attacks

Sysdig researchers have uncovered a stealthy cyber campaign by China-backed threat actor UNC5174. In late January, the group was caught using open-source tools and custom malware to quietly breach targets in the US, UK, Canada, and Asia-Pacific.

UNC5174, believed to be a Chinese government contractor, used the open-source tool VShell and its proprietary malware, “Snowlight,” in attacks on research institutes, NGOs, and critical infrastructure sectors like energy and healthcare.

These tools avoid detection by staying in memory instead of being written to disk. “This seems to hold especially true for this particular threat actor,” said Alessandra Rizzo, a threat detection engineer at Sysdig. “They’ve been under the radar for the last year.”

Sysdig warns that UNC5174’s tactics show deep technical knowledge and intent to expand. The group’s use of encrypted WebSockets and living-off-the-land techniques makes tracing harder.

“They’ve done a very good job hiding their activity,” said Sysdig strategist Crystal Morin. The company has released detection tools to help defenders catch ongoing attacks.

Read: https://www.darkreading.com/cyberattacks-data-breaches/china-threat-actor-unc5174-open-source-stealthy-attacks

Leaked Emails and Admin Secrets Could Signal the Fall of 4chan

On April 15 and 16, 2025, 4chan faced a possible hack after outages and a defaced homepage message reading “U GOT HACKED XD.” The breach allegedly exposed admin emails and backend data on the controversial anonymous image board known for hosting extremist content.

Screenshots posted on rival site Soyjak.party claim hackers accessed 4chan’s internal systems, leaked admin lists, and even doxed users. Flashpoint analyst Ian Gray warned, “The content leaked, if genuine, would remove some of the anonymity from 4chan administrators, moderators, and janitors.”

4chan’s legacy software may have made it an easy target. UC Riverside professor Emiliano De Cristofaro noted, “It might be hard or at least painfully slow and costly for 4chan to recover from this.”

The platform’s anonymity, once its main draw, could now be its downfall. With users possibly exposed and source code stolen, questions loom over 4chan’s future.

If verified, the leak could aid law enforcement investigations and mark the end of 4chan as we know it.

Read: https://www.wired.com/story/2025-4chan-hack-admin-leak/


Reader Feedback

Via Dan Kanemitsu on last week’s “Shopify says ‘Use AI or Else’ Item:”

I work as translator in the Japanese anime/manga/game industry, and the use of generative AI has been getting a lot of attention. I’ve been watching the development of generative AI technology very closely. Overall, the reaction to generative AI regarding creative activities has been quite negative within the industry in Japan, but some are embracing it as an productivity enhancement tool. The audience is mostly negative against it for now. Some people are using to create new material and some audiences love it, but Japan’s largest online platform for 2D art (pixiv) now requires people to reveal if they use AI in their art.

Many the construction of the models inside the AI programs involved theft of intellectual property of the artists.

This is just my personal opinion, but I would add another category to you division regarding businesses and AI. I think some businesses and creators will broadly sell themselves as being non-AI centric.

Just as “handcrafted” is still is a very strong selling point even after decades of industrialization, I believe that will be the case for some industries. AI maybe incorporated into certain phases of the production pipeline, but overall the LACK of AI will be a selling point for some businesses in my opinion. When people hire me as a translator, they want to make sure that my translations are my translations.

When 3D CGI animation became the mainstay of US animation, people felt that hand drawn animation would die out. It’s been over quarter of a century, and Japanese hand drawn animation is still very very popular. The market maybe specialized, but I do think “non-AI” content will remain viable for sometime. Even when general AI comes into being and we have AI counterparts in our lives, the fact that you can (1) derive scarcity and value from that scarcity, and (2) establish authenticity via its creative process are going to be the major reasons why non-AI creations will continue exist and thrive for some time.

Even before AI came into being, content was exploding with better creative tools and sharing technology. And through out this process, the worth of celebrity creators have gone up, not down.

I’ve talked about it more here:
https://dankanemitsu.wordpress.com/2022/10/14/deus-ex-art-machina-ai-art-and-its-implications-on-japanese-otaku-art/

I’ve also written about the major limitation of AI with regards to translating fiction, but that debate can be reserved for a different day…

Elsewhere online: