Pornhub Extortion: AI Deepfakes Artwork

Silent Mode Cafe

Welcome to Silent Mode Cafe, the podcast where we translate the digital realm into plain English. From data privacy and basic internet security to smart home gadgets and the latest AI developments, we serve up tech insights with a side of caffeine.

Show More

Silent Mode Cafe

Pornhub Extortion: AI Deepfakes

December 28, 2025 • Silent Mode Cafe

0:00 | 23:01

Send us Fan Mail

https://bit.ly/3YR8v48

Holiday shopping, hot headlines, and a new wave of AI-powered scams collide in a fast, practical briefing designed to make you harder to hack. We open with urgent “patch now” updates for Chrome and iOS that close real-world exploits, then dig into how an e‑commerce giant’s breach arms criminals with eerily convincing delivery and refund lures. From names and addresses to order histories, the data may not include your card number, but it gives attackers everything they need to sound legitimate.

We also tackle a confirmed extortion attempt tied to adult-site premium users, treating the topic with the care it deserves. Beyond the shock, we outline concrete steps: rotate reused passwords, enable two-factor authentication, and expect credential stuffing across your email, banking, and social accounts. Shame is part of the playbook—documentation, trusted contacts, and formal reports help break the isolation that extortion thrives on.

AI deception takes center stage as live face swap tools show up in romance scams and schools fight explicit deepfakes used to bully students. Rather than turn everyone into investigators, we share three simple “reality checks” that stop most fraud cold. Use a channel check to move conversations to a different medium, a liveness check with small unscripted actions, and a reasonableness check whenever urgency or secrecy appears. Pair those with smart routines—navigate from official apps, freeze credit where possible, keep auto-updates on, and rely on a password manager—and you’ve raised the cost for attackers without living in fear.

If you found this guide useful, follow the show, share it with someone who shops online, and leave a quick review so others can find it. Got a question or a scam story we should unpack next? Send it our way and we’ll break it down with clear steps you can use.

Support the show

Welcome And Goals For The Show

SPEAKER_00 0:00

All right, all right. Vivek, we're back. We're back. Hey everyone, welcome back to Silent Mode Cafe.

SPEAKER_01 0:07

I'm Vivek. It's been a while. It has been a while, Vivek. I'm Salah. We're uh we're here. Should we tell them why we're here? We're here because we like to talk about security, guys. And this podcast is really focused on privacy and security headlines, and we translate them in plain English. We're going to give you a few easy moves to stay safer without living in a panic. I know you guys are panicking right now.

SPEAKER_00 0:35

Right before the holidays. Or we are nearly in the holiday season.

SPEAKER_01 0:38

We are.

Rapid Headlines: Breaches And Updates

SPEAKER_00 0:39

Yeah. So today we have some uh we've got some news. There's been a huge e-commerce data breach.

SPEAKER_01 0:44

Speaking of uh the holidays. E-commerce.

SPEAKER_00 0:46

Yes. That still matters to anyone who shops online, a company uh called Kupang out of South Korea. Okay. Uh and even a more sensitive piece of information involving an extortion claim for uh involving Pornhub customer data. Uh and then a patch now moment for Chrome and iPhones and a new wave of AI-powered scams, which we've been talking about. It just the wave just kept keeps on getting bigger and bigger and wider and all the other stuff. I'm not a surfer, so I'm kind of, you know.

SPEAKER_01 1:18

Okay.

SPEAKER_00 1:19

Trying my best. But it's a big wave, is all I'm saying. Okay.

SPEAKER_01 1:22

All right. Yeah. So that's it. Well then let's Yeah, let's go ahead and get through it. Look, there there before we get deep into it, Vivek, let's uh rip through some of these headlines. Uh and then we'll pick a few to dive deeper, right? Sure. Kupang, you just mentioned there's a class action after the breach. 33 million customers. South Korea launches additional probes around Koupang Leak, which is there, we'll see what that's about. There's the Shiny Hunter's claim that it stole Pornhub premium customer data. I'm gonna leave that one alone and let you discuss that one vivid.

SPEAKER_00 2:00

Why do all hot potato items come to it?

SPEAKER_01 2:03

But we will discuss We've got the hands for it.

SPEAKER_00 2:06

This is not an A-rated show. Just letting you know.

SPEAKER_01 2:10

Okay, all right. Well, speaking of uh hands, Wired uh reports Pornhub confirmed the extortion. So definitely it has been confirmed. Apple released iOS and iPad 26.2 security updates on December 12th. So hopefully you guys are updated. They also released iOS, excuse me, 18.7.3 notes mentioning a webkit issue that may have been used in a highly targeted attack. Now, I've heard a lot of noise around this. We we probably won't dive into the details today, but I believe it has to do with airplay. Bleeping Computer says University of Phoenix breach impacted three and a half million people. So the Klopp ransomware is linked to that.

SPEAKER_00 2:59

There's 2.5 million people in the University of Phoenix.

SPEAKER_01 3:01

Yes, I'm I was one of them, man. 700 credit breach impacts. 700 credit uh lost 5.8 auto dealership customers data. Oh my god. Dude, as Ascool, I don't even know who Asschool is.

SPEAKER_00 3:18

It's a security group.

SPEAKER_01 3:19

Well, they that's right. So I was thinking they were there were an organization. They confirmed the theft of 740k customer records in a ransomware attack. The French are in the news, man. Their poster service, La Poste. I don't know, or in English translated as the post. The post. Was it?

SPEAKER_00 3:38

It sounds more fancy in French, I guess.

SPEAKER_01 3:42

Their websites were brought down from what looks to be a denial of service attack right before the Christmas rush. People will not be able to ship things in France. So if you're in France, CITA might deliver things a little late this year. Um that's being used to hack people as we speak. You and I could be under attack without knowing it. Scammers are using the really cool function of, I don't know if you guys, everyone should have fun with this one. There's this app called AI face swap. Um, and it's a face swapping tool that you could get a picture of someone and face swap yourself and then do whatever you want, and it will have the face of the other person. But in this case, it was used in romance camps, including live video calls.

SPEAKER_00 4:42

So please don't give uh money to Brad Pitt when he calls you. Yeah. Friendly advice.

SPEAKER_01 4:48

And don't get undressed for Brad Pitt. Please don't. Poor Brad Pitt. Um no. Schools are dealing with deepfake cyberbullying now. So similar to face swapping, but this one, they're using AI-generated explicit images of students, and they're using them for cyberbullying. It's gone to the next level. You and I should stop predicting the things that are coming because we predicted something to this effect.

SPEAKER_00 5:14

Yes, we did.

SPEAKER_01 5:16

Park domains are sending visitors to scams and malware. So that is that is really bad. Um okay.

SPEAKER_00 5:26

We talked about it in an earlier episode where they were essentially replacing the QR code in parking lots with their own fake websites.

SPEAKER_01 5:33

So and it's getting worse apparently. It's getting worse.

SPEAKER_00 5:36

All right, so let's look at the top four

Patch Now: Chrome And iOS Risks

SPEAKER_00 5:39

times. So patch week, please patch now, a week. That's what it's been called, because both Google and Apple have updates both on Chrome for Google and iPhone iPad updates for Apple.

SPEAKER_01 5:51

So this is one of those topics that are incredibly boring, but they absolutely matter the most, right? When when these guys send updates, you really have to pay attention to. Give me some more detail on this.

SPEAKER_00 6:04

Well, essentially what happens is for things like in the case of Chrome, what happened was they found an exploit in the wild, quote unquote. What that usually means is it's a bug bounty hunter who found an issue with Chrome, and then Google thought that yes, they should really patch it. And you know, this is essentially what they say when they find such security issues in the wild in the wild. So these aren't theoretical. These are not theoretical. They're real, most likely through a bug bounty program. Gotcha. And a bug bounty program for listeners is companies such as Google and Apple pay you a decent amount of money if you find issues with their products and report it, and they find that yes, it is an issue that does need to get resolved. So it it's it's a legit program that companies offer because companies don't have all the resources and bandwidth to figure out all the security holes in their software, so they do that. The next one is on iOS with something similar, although it wasn't in the wild. I think Apple came up with security notes this month, and then Apple said, please update to the latest versions of iOS or iPad OS, depending on what you're using, so that it addresses some of the security issues. We consistently see these every week or every two weeks. If it's not Google or Apple, it's Microsoft, so the Trifecta.

SPEAKER_01 7:16

All the devices we use. Tell me, why why does this stuff matter? Why why does it matter?

SPEAKER_00 7:20

The stuff matters because if you don't patch it, then you're running on a piece of software where your computer or your device could get compromised.

SPEAKER_01 7:28

So it's like securing your front door but leaving a your window cracked, right?

SPEAKER_00 7:33

Yeah, or securing your front door but leaving the back door open.

SPEAKER_01 7:36

Well, what what can we do? Tell me.

SPEAKER_00 7:38

Usually there are updates that happen automatically when these are pushed, at least for Apple or Google or Microsoft. The recommended course of action is keep updates on. So when the computer or your iOS device is sleeping at night, it updates automatically. As long as there's enough power on your device. If you are like me who doesn't like that happening, then just do it manually. But you have to continue doing it. I don't like it because I like to be in control of my patch updates. Again, it's a personal preference.

SPEAKER_01 8:09

It's a personal preference. So for Chrome, update your Chrome, your Chrome probably automatically updates.

SPEAKER_00 8:14

Automatically updates, yeah.

SPEAKER_01 8:16

Look, one easy fix for your for that, just reboot your entire your entire laptop, you know, or or computer, right? Or or device. But definitely turn off and turn Chrome back on. And then for your iPhone, iPad, always, like Vivek just said, just make sure you your device is you constantly update daily, right? Don't don't be a Vivek. Vivic likes to be in control of his destiny. Just let your phone do do the update on its own and then restart your phone. After any update, security update, typically your phone will restart, but restart.

SPEAKER_00 8:49

Your device restarts, right, for the last time. All right, all right.

SPEAKER_01 8:52

I'm I'm rushing through that one, Vivek, because I need to get to the next topic. Of course. The hot potato topic. The hot potato topic. So Pornhub extortion, stolen premium user data. What what what's going on?

SPEAKER_00 9:04

So this one is sensitive. We'll handle it respectfully, also because, you know, since uh Salah and I are still teenagers in the back of our neandertholic minds, we start cracking jokes stupidly.

SPEAKER_01 9:17

I'm a five-year-old. So this one is in your hands.

SPEAKER_00 9:20

So okay. Fair enough. See? What did I tell you? Neandertholic teenage minds. So what happened? Reuters apparently uh reported that the hacking group Shiny Hunters claimed to stop steal data tied to Pornhub premium customers and threatened to publish it. Interesting. So Reuters said it could partially authenticate a sample, whatever that means.

SPEAKER_01 9:45

I see. So he was able to get a hold of some of the records, I guess.

SPEAKER_00 9:48

Yes. But then how are they gonna tie it back to whether they were real customers or not? What are they gonna do? Call them? Hey!

SPEAKER_01 9:54

Well, look, um, this is not just the password that got leaked, right?

SPEAKER_00 9:59

This was apparently uh Pornhub got compromised and their premium customer data got leaked out. That's what happened, right?

SPEAKER_01 10:07

So this is gonna turn you it used to embarrass some people, uh some possibly coercion. Yeah, and usually it's happened before on adult related. Definitely targeted scams, right? Yeah.

SPEAKER_00 10:19

It's happened before on adult-related sites. I think there was another site I'm forgetting right now. I think it might have been seeking arrangements about seven years back or five years back. I see. Where it happened, they leaked the entire data out, and then people got divorced because that information came out. So it's pretty, pretty horrifying sometimes.

SPEAKER_01 10:37

That's bad. So if someone did get

Pornhub Extortion: What It Means

SPEAKER_01 10:39

was part of that happen, should what what are some things that they could do that they should be doing anyway, bit?

SPEAKER_00 10:44

Well, I mean, if your data is out in the public, there isn't much you can do, frankly speaking.

SPEAKER_01 10:49

Yeah. So but but even if you've never used the site, I turn on the.

SPEAKER_00 10:54

Then the recommendation is always go through a VPN. Yeah. So that at least it covers some of your tracks, not all, but some. And we have a separate segment on VPNs. Uh put them on your laptop or your phone. Adds a level of anonymization. I use the VPNs anyway when I'm abroad. So yeah. Yeah, yeah. The other is, of course, a couple of other things.

unknown 11:14

Okay.

SPEAKER_00 11:15

Turn on two-factor authentication. Got it. Use a password manager.

SPEAKER_01 11:19

Yeah. The same things we ask. If you're if you're doing these, you're probably okay.

SPEAKER_00 11:26

Yes. And change your passwords. Yeah. The usual stuff.

SPEAKER_01 11:30

Yeah. And look, if you might be affected, we're not saying you're affected, but if you might be affected, change your passwords on any account that reuse that specific password. Keep in mind when uh a bad actor gets a hold of a password and they have your email address, which in this case they have both, they're going to try that username password combination on everything. They're gonna try to log into email, they're gonna try to log into bank accounts, they're gonna try to log into Facebook, they're gonna try to log into everything. So be very careful with that, right?

SPEAKER_00 12:08

Yes, please be careful.

SPEAKER_01 12:09

Yeah. So the third topic, and that's your side is a good thing. No, no, go for it. Coupang. Go ahead, so another boring one, but this reminds us that big brands don't mean security. Right? So this is not a big US brand uh or Western brand. We we have reported on these, I think it was the last episode. We even talked about what was it? Uh Boomingdales or one of the big ones. They also got hacked. So similar, right? Here there was 33 million customers, including their names, email, and addresses and order history. Why this matters, guys, is that even without your credit card number, the fact that they have the address and order history can can be tailored for very, very convincing scams, especially in today's world of AI. Like think fake delivery, fake refunds, uh, please confirm your address. Like you ordered something, they know you ordered it. They might say, hey, the bag that you ordered or whatever it is that you ordered is running late, but before we ship it, please confirm your address. And then the second you respond, they've got you. So what you could do there is don't trust anything coming from. I think Coupang is needs to do quite a bit here to deal with this because folks, if you if you are if you have an impacted and you get anything related to your shipment or anything to that effect from Coupang, go directly to the real app or to their official website. I always say freeze your credit unless you know you're going to use your credit. So you could do this through many of the credit scoring companies out there, or you could have a service that freezes your credit across all of them. I personally use LifeLock for it, and I just keep I constantly keep my credit frozen as a result.

SPEAKER_00 14:04

Yeah. So do I. I think it's a great service.

SPEAKER_01 14:07

What else do we do? What's the next topic that it's a good idea?

SPEAKER_00 14:09

Uh AI, our favorite topic. But it's personal with what Salah was alluding to earlier. Face swap romance scans. If Brad Pitt asks you for cash, he doesn't need your cash. A deep fake harm at schools, which is more serious, which is more alarming because it involves kids. So unfortunately, this is a new normal uh and it's not being paranoid, it's about being prepared. So what happened? Wired, again, reported a highly realistic AI face swapping tool being used in romance camps, including live video calls that look convincing. So, and then, of course, the Associated Press at the same time reported schools are increasingly increasingly dealing with deep fake cyberbullying. So students use AI to generate explicit fake images of classmates. That's so funny.

SPEAKER_01 14:58

It's amazing. It's amazing

Coupang Breach: Targeted Scam Risks

SPEAKER_01 15:00

that this stuff is happening. You know, I was talking to a guy, um, he he comes from um a deep fake um security company, and they're really more on the authentication, the user authentication side.

SPEAKER_00 15:14

Right.

SPEAKER_01 15:14

But now their tech is almost fully focused on AI authentication. And during the conversation I had with them, they did in the middle of the call, they did a live face swap with one of the other people on the call just to prove the point. And it was shockingly good. Shockingly good. You know what? I'm gonna bring him onto this call um and we're we're gonna get him on the next call. That sounds scary. It's scary, uh, and it just goes to show how easy it is and how prevalent this tech is. And and as we've always said, AI is just gonna lower the barrier for scammers. I mean, now the a Humpty Dumpty type of a scammer who just works his way through the low-hanging fruit now has access to be incredibly sophisticated because of AI, which is and they usually always target scammers, always target the older. So let's go deeper on the AI face swap. The deep stuff.

SPEAKER_00 16:13

So I think there are some practical tips for adults and parents. Okay. For dating and romance, move to a verification step. So scammers hate like wave your hand over your head and say today's date, you know, simple liveliness checks, please. I think a lot of those apps have it. Never send money or gift cards to someone you haven't met, which we've been talking about, especially for urgencies involved. And then for families, please make a plan with kids. If something weird happens, they won't be in trouble for telling you. So you we you know you need to make a plan with your kids. It's always important. Goodness. So those are some tips, right? Add additional verification. Don't send money to people you don't know, including Brad Pitt. And for families with kids, please make plans. And don't and and don't blame the kids, you know? At the end of the day, you need to make a plan. That's right.

SPEAKER_01 17:01

So so let's go to the next one. Let's do a deep dive on how to reality check people in the AI world. And I feel like I know, Vivek, you're gonna look at this and you're gonna say, we do this, you do this almost every podcast, but I think it's worthwhile. So let's dive a little deeper on the AI face swap.

SPEAKER_00 17:20

Sure. So here's the vibe: you don't need to become a detective, you just need one or two reliable reality checks. So the first is a channel check. If they found you on Instagram, suggest move moving to a different channel. You choose phone call, FaceTime, or another platforms. Scammers often resist. So someone slides into your DMs, you say, Hey, I'd like to talk to you on another channel. That's one. The other is liveness check. So ask for uh tiny natural action. Can you turn your head left and right and show your hands? So deep fake tools struggle with liveness checks.

SPEAKER_01 17:54

For now.

SPEAKER_00 17:54

And scammers hate interruptions, right? Because for them it's a volume play, right?

SPEAKER_01 17:59

Gotcha. They have a script.

SPEAKER_00 18:02

And a script, right? So yeah. And the other and the third is uh reasonableness check, which means any rush to secrecy, money, or urgency is your cue to slow down. Reasonableness.

SPEAKER_01 18:15

Reasonableness. So in other words, don't don't fall victim to the emergency.

SPEAKER_00 18:21

Yes.

SPEAKER_01 18:21

Right. There's gonna be a rush to just quickly get so like you said, they're typically scripted, so throw them off their script. Say, hey, let's switch to Facebook or FaceTime, excuse me. Let's switch like, hey, do me a favor, scratch your head, look left or right. Right. And at the end of the day, don't give Red Pit your money. All right. All right, so um let's do um let's do some QA. Yeah, let's do a QA.

SPEAKER_00 18:51

So let's uh let's do a QA. Okay. So I got a text saying my package is delayed and I need to pay a small fee. It looked legit. What do I do, Salah?

SPEAKER_01 19:01

Like we were saying, this is very holiday type

AI Face Swaps And School Deepfakes

SPEAKER_01 19:05

bait, very classic. First of all, don't click. Second of all, go straight to the retailers app, like we had mentioned in that previous known hack. And if you're still not sure, copy that tracking number into the official site manually. So if you get a link with a tracking number, don't click on that link. Copy that tracking number, go to the post office, FedEx, CPS, whatever it may be, not through the link. Open another tab or open a screen, open a web browser, whatever whatever device you're using, put that in manually. And if it's it comes up as nothing, then you know it was a scam.

SPEAKER_00 19:40

The second one is my friend says they saw me on a video call with someone I've never met. Can that be fake?

SPEAKER_01 19:47

As we just mentioned, sadly, I think that that person said to us before this episode, yeah, actually, as we just said, if something like that happens, document what you can. The document Documentation, folks, is also important for you if it does turn into a legal issue, like you gave money away, um, they got a hold of your credit, right? Whatever it may be, if you had documented that is very, very uh useful. The other part of that is tell the trusted people that the clip may be manipulated, right? And that's important as well. And set your social accounts to more private. Look, I know it's fun to have your social open to the whole world, but for those of us who know we're never going to be huge influencers with the millions of followers, limit your privacy, limit who can see your your data, like your posts, limit who can search you, limit who can add you. All that is incredibly important. Um, and do me a favor, just stop wishing people happy birthday on social media. Yeah, like if you love someone, just call them. Text them.

SPEAKER_00 20:56

That's such a gen X answer, man. I'm sure you'll be just annoyed, like the millennials that you're not.

SPEAKER_01 21:01

Oh my god, man. Well, the problem is that just counting how many putting out one of the most important pieces of data for someone to hack you, which is your data birthday, right? So no, don't say that. On your social media, on your social media, now they know your username. Now they know your date of birth. Now they know your email address. Now they know your habits. Like, holy cow, fucks. Uh, stop sharing.

SPEAKER_00 21:23

So no more happy birthdays.

SPEAKER_01 21:25

No more happy birthdays. It's the death of happy birthday. I was about to say something that might offend people. What religion is that you're not supposed to say?

SPEAKER_00 21:33

All right. Onwards. Onwards. If this episode had a theme, as always, it's update your stuff, slow down for urgent messages, and add one verification step before trust.

SPEAKER_01 21:44

Yeah, and look, security is never perfect. And matter of fact, even if you do everything we had asked you to do, you're it's still not perfect. Um, you you just need to make it more difficult and harder to be targeted, you know? Like, don't give away your date of birth. All right, folks, I got news for you. If you're listening to this, then go to whichever app, go to the notes. We have a our own chat GPT, Silent Mode Privacy. You can only access it through the link. So please go to uh the notes. It's also in whichever social media you're using right now, you'll be able to get to it. So go to silentmodecafe.com to check out more more of our episodes. Our link for our chat, our own chat GPT is also on there. And you can ask it any question you want. You can say, hey, let me help me understand how is have I been hacked, or how do I secure my home network, or is my data out there? And it will walk you through to find out. And with that, we thank you for joining us. Thank you for joining us.

SPEAKER_00 22:51

Salomer Cafe, yes. Happy birthday on the 25th, do you know who?

SPEAKER_01 22:57

All right, all right. With that one, we'll let you go. All right, all right, that.