Silent Mode Cafe
Welcome to Silent Mode Cafe, the podcast where we translate the digital realm into plain English. From data privacy and basic internet security to smart home gadgets and the latest AI developments, we serve up tech insights with a side of caffeine.
Silent Mode Cafe
Rushed AI And Old Passwords Cost Millions
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
https://bit.ly/3YR8v48
The headlines weren’t subtle: a massive AFLAC breach with health and SSN data, AI chatbots showing cracks under pressure, and “old” LastPass vaults fueling new crypto theft. We pulled these threads together to show what’s hype, what’s harm, and what you can fix before it’s too late.
We start with the AFLAC incident affecting an estimated 22.6 million people, unpacking why medical and disability insurance records are uniquely sensitive and how delayed disclosure shortens your response window. Then we zoom out to the AI front line, where Eurostar’s chatbot flaws spotlight a broader pattern—rushed rollouts, weak guardrails, and interface layers that turn helpful features into attack surfaces. You’ll hear how to interact with AI tools more safely and what teams should implement to reduce prompt injection and data leakage.
Accountability is shifting, too. South Korea’s consumer agency pushed SK Telecom toward direct compensation, a sign that regulators worldwide are moving beyond fines to tangible relief for victims. If you’re eligible for breach settlements, deadlines matter; we flag the landmark admin case and explain how to find and file claims before the window closes. And we revisit the LastPass breach that refuses to fade, linking stolen vault data to at least $35M in crypto losses. The cure is practical and proven: rotate passwords, enable multi-factor authentication, and consider hardware keys for financial and crypto accounts to cut off the most common attack paths.
We wrap with listener questions on airport biometrics, public surveillance, and safer browsing on public Wi‑Fi, keeping the guidance simple: reduce linkability, avoid oversharing, patch often, and treat security like routine maintenance. If this conversation helped, follow the show, share it with a friend who needs a nudge toward MFA, and leave a quick review so others can find these weekly, no‑jargon security updates.
Welcome And Weekly Mission
SPEAKER_01Hey everybody.
SPEAKER_00Uh happy holidays and welcome back to Sound Mode Cafe. I'm Vivek. Hey Vivek. How are you, man? I'm Salah. We've got your weekly breakdown of some privacy news and cybersecurity stories that matter to you without any jargon, without any fear-mongering. This is literally just the news taking place. And then we try to add some practical takeaways that you can actually use.
SPEAKER_01So as always, we're covering the biggest data breaches, watched AI tech rollouts, and some deadlines you really don't want to miss before 2025
Rapid-Fire Breach Headlines
SPEAKER_01closes out.
SPEAKER_00All right, Vivek, let me lock out and knock out the long list, and then uh we've got a couple that we'll dive in, and then as always, we're taking a couple of um questions at the end. So look, our long list for privacy and security headlines this week is AFLAC has disclosed a huge cybersecurity attack. 22.6 million people. That's gotta be like their entire base, right? Yeah, it's huge. Eurostar chatbot has security uh flaws uh that could have exposed users to some data threats reported by uh tech radar.
SPEAKER_01That's the railway thing, right? Eurostar? European.
SPEAKER_00I think so, right? Yeah, yeah. They must have a chat bot, apparently, as we all do these days. SK Telecom has been forced to compensate hacking victims after a big data breach in South Korea. That's I think we touched on that last week. No, that was a different that was Kupang. That was Kupang, man. Which is the next one, very similar. Kupang's breach impacts was smaller than feared that we had mentioned last week. So their stocks had jumped after some clarification, according to Barents. That's interesting. We should dive in, see what was smaller than they thought. And then LastPass, old breach still causing some crypto theft. Um stolen volts leading to 35 million in dollars, by the way. 35 million dollars in losses um reported by the hacker news. Isn't that crazy?
SPEAKER_01Yeah, I mean, they get into LastPass, steal your password, and then get your crypto.
SPEAKER_00Man, I'm gonna skip the next couple. Biometric entry exit program starts in U.S. citizens for non-citizens. So that's raising a lot of privacy questions for the U.S. collecting biometrics at entry. For non-citizens? For non-citizens.
SPEAKER_01I thought they did already at immigration. They take your photographs.
SPEAKER_00I am pretty sure. Look, every country I go into outside of the US, they all do biometrics. So I'm not sure why the issue is in the US. And UK fines last pass over its 2022 breach. So all these breaches you hear about look like they might come with a bit of uh with a bit of hammer from some some of these governments. Go to UK. Um and then password manager fine and regulatory actions continue globally. I don't even know what that's about.
SPEAKER_01That was uh That's like similar to what LastPass being forced to pay for breaches.
SPEAKER_00Look, the AFLAC one is pretty interesting, Viv.
AFLAC Breach Deep Dive And Impact
SPEAKER_00Why don't you tell us about AFLAC?
SPEAKER_01Yeah, um so apparently the big social buzz is that the AFLAC cyber attack impacted 22.6 million subscribers or insurance customers. They're talking about leaked health data and social security data, which I think is is extensive because AFLAC is in the uh in the post uh what do you call it? They're really good at the when you take uh insurance because you have a medical condition and then they pay you monthly, right? Yeah. A lot of companies have, you know, provide that, which is like post-that's right, disability insurance. So what I'm really concerned about is both the health data has been leaked because they're not gonna give you insurance till they have your health information. And of course, with that is the social security data. And they confirmed a big breach this past summer, and they're only telling us now, towards the end of the year.
SPEAKER_00Well, why dive deeper? Why does this matter? So I probably have it through work, but why does this matter?
SPEAKER_01I think it's more sensitive when your healthcare data gets leaked. Social security you can log, but what about your healthcare information? And how can they use that in the future against you? Yeah. And that's a bit of an unknown.
SPEAKER_00Yeah.
SPEAKER_01So that's where my sensitivity stems from.
SPEAKER_00So how do people give me a tip? Like how how do people figure out if something has been ha has happened with their data? Is there any way they can find out?
SPEAKER_01Sure. Check uh check your mail, email for the official breach notices. Okay. If you haven't already, so we've always talked about Lifelock. And run regular identity checks with free tools, or if you've subscribed to a Lifelock, they have it. They they run it for you if you have a subscription for that. Yeah.
SPEAKER_00Yeah, I mean the usual steps, right? Yeah, I guess your social would show up with LifeLock, right? Or or Experian or any of the other any of the others, yeah.
SPEAKER_01Experian alerts or Lifelock.
AI Chatbot Risks At Eurostar
SPEAKER_01Do you want to discuss Eurostar and their chat
How To Check If You’re Affected
SPEAKER_01bot?
SPEAKER_00Yeah, so this is definitely all over AI safety discussions on tech forums. And what happened was researchers found flaws in a major train company's AI chatbot, which is Eurostar's AI chatbot, that can allow attackers to inject malicious content. Now, the good news there is that customer data wasn't accessed, uh, but it highlights a trend that we're seeing too, where AI features that are rushed without proper safeguards. And I feel like the easier it is to create these chatbots, the more we're gonna see these, I believe. Yeah.
SPEAKER_01Yeah, it's also becoming challenging, right? Remember that about a couple of weeks back we talked about someone using Claude to be a DAS tool for a website that was actually trying to hack the website.
SPEAKER_00Yeah. So yeah. But AI, look, folks, AI itself is inherently not unsafe. So AI is safe to use, but weak implementation of AI, the front end, the one that you interact with, could have some unexpected risks, such as this. So when companies start utilizing AI tools, personal information behind the scene still needs protection. Um That's right. So when using AI features online, folks always avoid sharing any sensitive information, like passwords or identities or things that are specific to you personally, right? Um, and this goes beyond just the data being shared. My dog is our feature guest this week. Yes. Yeah. So that that's it with that news. Um I'm I'm imagining there'll be more to come on that. Yeah.
SPEAKER_01Talking about SK Telecom and is being ordered to compensate users after breach. We had a similar situation with ATT a couple of months back where they were forced to compensate users after a breach.
Accountability And SK Telecom Payouts
SPEAKER_01It's regional but meaningful. Uh South Korean privacy advocates are, you know, they're talking compensation. So a lot of them are following in a good way what the US is trying to do to try and push companies to be good to compensate users for breaches. So what happened? South Korea's consumer agency is requiring SK Telecom to compensate dozens of hacking victims, a result of a major data breach that leaked millions of users' information earlier in 2025, the end of CEA. So and why does it matter? It's what we just talked about. No, it shows regulators are increasingly holding companies accountable.
SPEAKER_00I love that.
SPEAKER_01Right? Which is great. Not just through fines, but personal compensation. So what's the tip? Outside the US, please check your local consumer protection agencies. You might have similar claims or resources available. Yeah, and this is a nice tip to have, but I think this is still an evolving situation with regulation and regul uh, you know, consumer agencies coming up to age to start finding larger companies for breaches.
SPEAKER_00Look, you can um you can always use our chatbot that is linked, which whatever whatever um medium you're using to listen or watch this episode, there should be a link to our own chat bot. You could ask
Claim Deadlines And Consumer Remedies
SPEAKER_00the questions on what you could do and it could help you. The next one, uh, Vivek, is it looks like from that landmark admin breach, the the uh if you were affected in the landmark breach, right, involving that insurance-related personal data, the deadline to file a claim has passed or is immediately imminent. So you could look up if you if you have been impacted and you missed the deadline, you might lose out on some of that compensation. So if you have been impacted, hurry up and and look yourself up and see what paperwork you need to fill up to ensure you get compensation for that breach. If you do think you're affected immediately today, jump again. You can use our chat bot to find out where. I believe the sun is the one that reported on it. So you could search the sun landmark admin breach compensation, see if you could get any links to follow up with that.
SPEAKER_01So, should we go into the deep dive of LastPass?
LastPass Fallout And Crypto Theft
SPEAKER_00Old breaches that still matter, Vivit. Which old breaches still matter? Tell me.
SPEAKER_01So this week LastPass revealed, or their revelation was a wake-up call.
SPEAKER_00Yeah.
SPEAKER_01Breach consequences can linger for years. Research has found that encrypted vault data stolen in 2022, LastPass breach has been used to steal $35 million in cryptocurrency.
SPEAKER_00I think that's who has clip anyone who has cryptocurrency was probably impacted to an extent here.
SPEAKER_01Yeah, and they didn't change their passwords. That's the sad.
SPEAKER_00So all you have to do is uh change your password funds. Whatever cryptocurrency app you're using, specifically LastPass, change your passwords. I would make it rotate your old passwords, right? Enable multi-factor. So that way, even if someone has your password, you're still gonna get some sort of a push notification, whether it's email, your phone, or you're actually using um a one-password type of an app.
SPEAKER_01Yeah. We've always talked very highly about multi-factor authentication. And in this case, I completely agree with you. Using hardware keys is another thing, especially for crypto-related accounts.
SPEAKER_00Yeah, for financial accounts, Go was whatever your financial institution can support. Hardware crypto keys, they they're a bit cumbersome, but they're incredibly important, right?
SPEAKER_01It also depends how much what kind of relationship you have with a financial institution. So if you are really a valued customer with a lot of money in their accounts, they usually should be a hardware key.
SPEAKER_00I see. That's right. Yeah, that's right. I know a few of them that do offer that. All right, QA. Oh, that was good. Yeah, let's jump into QA.
SPEAKER_01Okay, so this week we got this question this week, which is should I worry about biometric ID collection at airports? Salah, you and I have been a victim of that. What do you say?
SPEAKER_00What do you think, Sasha? Should we should we worry about that? Look, the new U.S. entry and exit program collects biometric data from citizens. I personally don't see that as a big issue. It's meant to speed and secure travel. It's I guess it still involves sensitive personal information, right? Avoid oversharing unrelated personal data on your travel apps and ask what protection your carrier uses. But my personal opinion on this is your personal biometric data, such as images, is already out there. And you can't walk into an airport without all your personal data being collected from a biometric.
SPEAKER_01I think the bigger concern was they're also doing it with non-citizens. And I thought they were already doing it for everyone, citizens or non-citizens.
Strong Auth: MFA And Hardware Keys
SPEAKER_01I guess they just made it public for non-citizens. Yeah.
SPEAKER_00Look, I think the question that to ask, and and this is all published on every country's airport data about security and privacy. It's all published. It's all public. Are you really going to avoid going to Spain as an example if if you find out that they're collecting your biodata? I don't know. I think this is a gray, gray area because how much do you want them to collect to ensure your security? Is is collecting biodata? I mean, how how long have countries been collecting your thumbprints when you enter a new country and say, please put your thumbprint here? Or right now it's all it's all digital. I clearly recall multiple times actually doing the ink thumbprint entering a new country. Um I never thought much of it, but if this does concern you, maybe you just avoid some of that travel, quite frankly, because I I don't believe that's going to change anytime soon.
SPEAKER_01But then your traffic stop locally is capturing your face. Because if you're caught speeding, you get a ticket in the mail.
SPEAKER_00Well, I think the hottest. Not the hottest, probably one of the most viral videos
Q&A: Airport Biometrics And Public Surveillance
SPEAKER_00across all social media is why are you recording me in public or why are you taking pictures of me? And folks, your data, you are being captured almost the second you walk out of your house, depending on what city you live in, where you what your neighborhood is. Public cameras are constantly recording you. And that is why every government says there is no privacy in the public. You have to expect to be recorded in some format. Pictures, voice, video, it's all happening.
SPEAKER_01Yeah. If it's not your neighbor's house capturing you, by the time you hit a cross street, it's the city's camera catching.
SPEAKER_00And all your why all your devices as you walk past any Wi-Fi device, they're chattering, it's attempting to connect, right? You you're leaving a digital footprint everywhere you go, whether you know it or not.
SPEAKER_01Yeah.
SPEAKER_00Really interesting. So speaking of digital footprint, Vivek, and trying to reduce my digital footprint, uh, the next question is if you yeah.
SPEAKER_01If you want extra privacy, and especially if you work out of a Starbucks or a public Wi-Fi or at the airport, please use it.
SPEAKER_00I I absolutely. Yeah. I think I think you actually wrote a blog on this that we have on our website. Yeah. Please use VPN. That also recommends different types. And again, if you want to know which apps you should use in terms of VPNs, password managers, it's et cetera, check out the link, the shortly link for uh silent mode privacy and ask it those questions. It'll it'll walk you through exactly what you should or should not be using. All right, let's do a quick practical action checklist for us, Vivek.
SPEAKER_01Okay, um, I go one item, you go the other item. How about that?
SPEAKER_00All right, all right, let's do it that way. Go for it.
SPEAKER_01So, first one, check if you're affected by the AFLAC breach. Please take identity protection steps, like we suggested, lock your SSN if you're using LifeLock or Experian. There are a bunch of tools out there, but please do check if you're affected by AFLAC's breach.
SPEAKER_00And as always, patch and update all your software. This is specific to the AI and chat interfaces, can be weak spots, right? So update to make sure that you have the latest patch that if there is a vulnerability associated, that you get the latest patch to get rid of it. Always.
SPEAKER_01And then file any breach settlement claims before the deadlines expire. You really don't want some of that settlement money going back to lawyers. So please, if you are part of a settlement, please file the claims before it times out.
SPEAKER_00You know, the other angle on that is if you're sick of hearing about your data being stolen
Q&A: VPNs And Safer Public Wi‑Fi
SPEAKER_00and leaked constantly, make sure that you file for these claims because the more that people, consumers like us, are getting involved and filing for these claims, the more it's going to send a message back to organizations that, hey, people are watching us, they're not just brushing this under the carpet. So it's very important. Look, also rotate all your passwords. Rotating passwords isn't too difficult. I know many of us have hundreds of accounts, so we have hundreds of passwords sometimes. Just use a password manager and use that to enable multi-factor authentication. And you have, by doing so, you have probably alleviated 80 to 90 percent of all hacks against you by just having strong password with multi-factor. I don't want to say with multi-factor, right?
unknownYes.
SPEAKER_01Then last but not the least, stay informed. Old breaches can resurface years later.
SPEAKER_00Yeah. What's a good way to do that? Maybe listen to a great podcast at Constantine.
SPEAKER_01There's a great podcast called Science.
SPEAKER_00There's a great podcast, one of the only podcasts of a couple of geeks sitting there talking about breaches, what you could do, how they impact
Action Checklist And Closing
SPEAKER_00you.
SPEAKER_01Yeah.
SPEAKER_00And with that, folks, tune in next time. We'll be here with another update. We're going to miss Vivek. He is going on vacation for a couple of weeks, I believe. So the next on the next update, maybe we'll throw that in as well. But thank you all for joining us today. And we'll see you next time. Thank you.
SPEAKER_01Thank you. Bye.