EP 251.5 Deep Dive,. The IT Privacy and Security Weekly Update, with a side of Fries, for the Week Ending July 15th., 2025

Significant Data Breaches and Vulnerabilities

McDonald's AI-driven hiring platform, Olivia (by Paradox.ai), exposed 64 million applicant records due to weak security, including a password as simple as "123456."

In Sweden, security personnel inadvertently revealed Prime Minister Ulf Kristersson’s whereabouts by sharing fitness routes on Strava.

Qantas suffered a breach affecting 5.7 million customers, with personal details like addresses and phone numbers exposed via a third-party platform compromised by the Scattered Spider group. These cases demonstrate the risks of inadequate security in automated systems and third-party integrations.

Skepticism Around Jack Dorsey’s Bitchat App

Jack Dorsey’s Bitchat, a decentralized messaging app using Bluetooth and end-to-end encryption, faces skepticism due to its lack of external security audits. Researchers identified flaws, such as a broken identity verification system enabling impersonation. Dorsey’s warnings on GitHub advise against using the app until properly vetted, raising concerns about premature launches of privacy-focused tools.

“Contagious Interview” AI-Powered Scam

The “Contagious Interview” scam, linked to North Korean hackers, targets job-seekers on platforms like LinkedIn. Posing as recruiters from fake companies (e.g., BlockNovas LLC), hackers use AI-generated personas and fake profiles to trick victims into installing malware disguised as interview tools. This malware, including BeaverTail and InvisibleFerret, steals passwords and cryptocurrency data, showing the potent combination of AI and social engineering in cybercrime.

Quantum Computing Threat to Encryption

Quantum computing’s rise threatens current encryption methods like RSA and ECC, posing risks to data security in industries like finance and healthcare. Experts recommend adopting post-quantum cryptography (PQC) by inventorying encryption-reliant systems, requiring vendors to provide PQC migration plans, and updating firmware to quantum-resistant signatures to protect against future decryption threats.

OpenAI’s Challenge to Productivity Software

OpenAI is poised to disrupt Microsoft 365 and Google Workspace with an AI-powered productivity suite. Leveraging generative AI, it offers collaborative writing, editing, brainstorming, and graphics assistance, potentially at a lower cost than Microsoft’s Copilot. This move signals a shift toward AI-driven productivity tools, challenging established market leaders.

xAI API Key Leak

A DOGE employee, Marko Elez, accidentally exposed an xAI API key on GitHub, granting access to over 52 AI models, including grok-4-0709. Elez’s role in DOGE, with access to sensitive U.S. government data, amplifies the risk. The unrevoked key and prior DOGE leaks suggest systemic security negligence, endangering AI models and government data.

Cybersecurity Takeaways

These incidents emphasize the need for robust cybersecurity in automated systems, thorough vetting of third-party platforms, caution with digital footprints (e.g., fitness apps), and external security reviews for new apps. Vigilance against AI-driven scams is critical, with users urged to verify sources and software.

Broader Cyber Threat Trends

The reliance on vulnerable third-party platforms, sophisticated AI-powered social engineering, internal security lapses, and the looming quantum computing threat demonstrate the need for proactive, future-proof cybersecurity strategies to safeguard sensitive data and systems.