Hackers Asked for a Password... and Got It?

This week on The Awareness Angle, Anthony Davis and Luke Pettigrew dig into everything from dodgy data startups to accidental database wipes by AI tools. Whether it’s passwords, passkeys, or privacy, this episode covers the real-world risks that slip through the cracks of digital life—and what security professionals can learn from them.🔍 Farnsworth Intelligence & $50 Breach Data – A sketchy startup offers hacked data for pocket change. We unpack the ethical nightmare and what it says about the commodification of stolen info.🔐 158-Year-Old Business Crushed by a Weak Password – Ransomware took down The Royal Mint’s paper supplier. One reused password triggered a chain reaction of damage.🧽 Clorox Hit by “Just Asking” – Hackers used basic social engineering to trick staff into sharing passwords. The result? A lawsuit and $49M in damages.📁 SharePoint Exploits Still Work – Legacy SharePoint systems are being targeted in the wild. We explain why updating your systems is table stakes—not optional.🧠 Windows 11 Copilot Vision – Microsoft’s AI assistant watches how you work. We look at the privacy implications of system-level activity tracking.🔑 Passkey Friction & Frustration – They're the future of authentication—but only if users understand them. We break down what’s working, and what’s still broken.🇬🇧 UK Online Safety Act – New laws now require age verification for adult content in the UK. But what does that mean for privacy and enforcement?🤖 AI Deletes a Database (Oops) – A dev tool gave one engineer too much power. We talk about guardrails, defaults, and the real risks of AI in production.👾 Reddit Malware Ads – Malicious ads are sneaking through Reddit’s filters. We discuss the broken reporting flow and why community trust is on the line.📉 QR Codes That Expire? – Ever scanned a QR code that no longer works? We explain why some codes time out—and what that means for security and UX.📞 The Netstat Scam – Fake ISP reps use netstat commands to convince victims their connection is “compromised.” Old trick, still effective.🪪 Fake IDs & Physical Access Risks – It’s not just digital anymore. We explore how low-tech social engineering can breach high-security environments.🔁 Ring.com Login Confusion – A bug in Ring’s login system left users rattled. It’s a small issue, but a big reminder about user trust and account security.📣 Bonus: Ant is heading to the SANS Security Awareness Summit in Chicago! Expect livestreams, interviews, and plenty of behind-the-scenes content.🕒 Timestamps00:00 Introduction and Overview02:57 Breach Marketplace: Ethics & Stolen Data05:53 One Weak Password Crashes 158-Year-Old Firm09:12 Clorox Breach via Simple Social Engineering11:57 SharePoint Exploits Still Active in the Wild15:07 Windows Copilot: Privacy or Overreach?17:57 Passkeys: Why Users Still Struggle21:05 UK Age Checks: Safety vs. Privacy24:01 AI Deletes Database: The Risks of Autopilot37:44 Replit’s Data Loss Incident39:11 What Is Vibe Coding?42:08 Password Management Still a Mess46:03 Reddit Malware Ads Slip Through50:11 QR Codes That Expire? UX Meets Security52:17 Netstat Scam: An Old Trick Returns55:58 Phishing Emails from Local Councils01:01:57 Gift Card Scams and Account Takeovers01:03:23 Fake IDs and Physical Access Risks01:10:39 Ring.com Login Bug Raises Trust Issues📩 For links, videos, and the newsletter – head to ⁠⁠⁠⁠⁠riskycreative.com⁠⁠⁠⁠⁠💬 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Check Out This Episode's Discussion Points⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠📧 ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🔗⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ riskycreative.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠🎵 Our Intro & Outro Song (© ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠16! by ⁠falling forever⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠)License: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://creativecommons.org/licenses/by/4.0