Do You Use Discord? Researchers May Have Captured Your Messages and Published Them Online
Researchers at the University of Finance Minas Gerais in Brazil have compiled a database of over 2 billion Discord messages sent between 2015 to 2024. The messages were scraped from more than 3,000 public Discord servers and have reportedly been anonymized by the team. According to 404 Media, the goal of the team’s project is to allow others to use the database when researching mental health and politics. However, it would appear they broke Discord’s Developer Policy, which prohibits data scraping.
The Bottom Line: This serves as an important reminder that public Discord servers are public and can be accessed by anyone. If you used public Discord servers anytime in the past decade, your messages might be in this database. Once you get used to a messaging platform, it’s easy to forget that it isn’t secure. Instead, we recommend using secure messaging platforms like Signal or WhatsApp.
The UK’s Legal Aid Agency Suffers Cyber Breach
In the UK, if you need a lawyer and can’t afford one, you get one through the Legal Aid Agency. That agency has had a breach, and the agency says that user data from 2010–2024 onward may have been compromised. Those who rely on the agency are often required to submit highly sensitive information as part of their request for legal aid, including the details of alleged crimes, criminal history, financial and employment information, and personal details like their current address. Read more at the AP.
The Bottom Line: If you have relied on the UK’s Legal Aid Agency, then you should review what information you’ve shared with them and take steps to protect yourself if that information were to go up for sale on the dark web. Steps may range from freezing your credit to changing your address, depending on the specific details of your case.
The Secure Messaging App Signal Has Found a Clever Way to Defeat Windows Screen Recording Feature
Microsoft has introduced a Windows 11 feature called Recall that will capture a screenshot on Windows machines every three seconds, then use GenAI to summarize the screenshot so that users can search their past activities in more detail. The resulting data trove of past activity represents a massive privacy and security vulnerability, as any malware in the system would not have to install its own keystroke reader or an activity recorder; it would just have to access records stored by Recall.
The secure messaging app Signal has found a clever workaround to keep your Signal messages out of Recall’s archive, though: they’re using the built-in tool to hide copyrighted material. When you try to take a screenshot of a Disney film or the new Andor Star Wars TV show, the screenshot will end up blank. This is because of a system that protects copyrighted content, and Signal will use that same system to hide your messages in the Signal app from the Recall screen recording feature.
The Bottom Line: You can disable Recall on Windows, and we recommend doing so. Hopefully, others like password managers and banking apps will follow Signal’s rather clever leadership to protect their content as well.
NordVPN 2-in-1 Deal: Save 76% & Get Free eSIM Data
You wouldn’t leave your front door unlocked, right? Your online data is just as crucial and just as vulnerable as your physical possessions. NordVPN is here to help keep your browsing private and your data safe. Sign up today and get 76% off plus up to 10GB free eSIM data from Saily.
Good News! Messaging App Telegram Cleans House, Shuts Down Criminal Marketplaces
Two of the largest criminal marketplaces to have ever existed have been shut down, and that’s just the start of Telegram’s house-cleaning spree. The messaging app hosted both the Huoine Guarantee and Xinbi Guarantee networks, where black market goods and services could be bought and sold, principally through the cryptocurrency Tether. Huoine Guarantee had an estimated 900,000 users in January of 2025, and facilitated an estimated $25 billion in transactions. Risky Biz has the full story.
The Bottom Line: The disruption to the criminal ecosystem and marketplace is good news and may temporarily result in fewer scams. However, with so much money at stake, the networks are sure to find a new messaging system.
Did a Scene from Stranger Things Really Leak, or Is That a Scam?
Scammers have been targeting Gen Z using episodes of their favorite shows as bait, warns security firm Kaspersky. The scams run a wide range, but follow a simple pattern: post a link that claims to offer early or exclusive access to a popular show’s latest content, but instead of a video, the user will get malware. These scams might be found in Google’s promoted search results, or on Facebook or other social media, but wherever you find them, don’t fall for them. Forbes has the full story.
The Bottom Line: Usually, a scam like this would require you to manually install something on your device—the website can’t install it; you have to. But the website can try to trick you into installing the malware by pretending it’s a video player, or an encoder for their special video format, or something similar. You can protect yourself in a few ways: an adblocker may prevent these malicious posts from ever showing up, so you never get a chance to click them. A DNS cloaking service like NextDNS may prevent the page from loading if you do click a link. Finally, a malware scanner like Malwarebytes might intercept the malware before it’s installed, or help you mitigate an infection. In the end, nothing is better than knowing about the scam in advance and spotting it before you click on anything.
Age Verification May Soon Be Required to Download Apps in Texas
According to Reuters, Texas could be the second state to require app stores to verify user ages before allowing them to download apps or make purchases. The bill, which only requires Governor Abbott’s signature to pass, would require parental consent for users under 18 to install apps. This move appears to be an effort to ban or, at least, limit social media apps for minors, although a separate bill targeting social media specifically has also passed the Texas House of Representatives. Apple and Google both oppose the bill, since it would mean sharing age data with all apps, regardless of intent.
The Bottom Line: If you are in Texas, you may soon be required to verify your age to use the App Store.
Flock Traffic Cameras Used by ICE
Last week, we mentioned the controversial traffic camera company Flock, whose networks of cameras can be installed by a municipality or police force to track the movements of vehicles by their license plate, make, and color. Flock also allows customers to share access to their databases with other municipalities and law enforcement agencies, all without requiring court authorization or a warrant. 404 Media reports that the network is frequently accessed by US Immigration and Customs Enforcement (ICE), who do not police traffic violations.
The Bottom Line: The Electronic Frontiers Foundation maintains the Atlas of Surveillance, a volunteer-supported map of regions known to employ public surveillance technologies, including Flock traffic cameras. You can check to see if those cameras are used in your area, or contribute your own data if their map is incomplete in your area.
Protect All Your Devices with 80% Off
Don’t leave your devices exposed to threats. Get real-time protection against malware, hackers, and spyware with an Award-Winning antivirus. Fully compatible with Windows, Mac, Android, and iOS. Take control of your security and enjoy peace of mind - get 80% off here.
A Star Wars Fan Site Was a Front for the CIA
There’s nothing immediately practical about this story, but it’s historically interesting. In the 2010s, the CIA built a bunch of innocuous websites to communicate with their agents. One of these was a Star Wars fan website where agents could enter a password in the search bar to open a secret console for messaging with their case officer. You can still use the Internet Archive’s Wayback Machine to view the website. 404 Media has the full story, with screenshots and links.
Stalkerware Apps Shut Down Following Data Breach
Three “Stalkerware” apps, Cocospy, Spyic, and Spyzie, have been shut down. Stalkerware apps are apps that can be loaded on a phone to spy on the phone’s owner. Legal versions are sold as parental control apps for parents to keep an eye on their children, but the same apps also enable domestic abuse and stalking. They’re not usually found on Apple’s app store, and instead must be installed manually from a third-party app store. On iPhones, most stalkerware apps don’t install on your device. Instead, they usually work by logging in to your Apple Account and accessing the iPhone’s device backups stored in iCloud.
According to TechCrunch, a security researcher discovered that these three apps shared a security flaw that allowed their data to be accessed by anyone and, at the same time, exposed the email addresses of everyone who had signed up to use the apps. The researcher was able to scrape over 3 million emails and uploaded them to Have I Been Pwned. Once this data breach was revealed to the apps, all three have now stopped working, their websites have disappeared, and their cloud storage has been wiped.
The Bottom Line: Cocospy, Spyic, and Spyzie apps mainly affect Android users, so if you have an Android device, you can dial **001** in the phone app and hit the call button. If one of those apps is installed on your device, a “systems” panel will pop up that will include the option to remove the spyware. If you are using an iPhone and you are concerned about stalkerware, you can go into the Settings app > General > iPhone Storage > Hidden Apps to find any apps that are hidden, and also check under Settings > Apple Account and look at the bottom to see a list of devices that are logged in to your Apple ID and remove any devices you don’t recognize.
