This week on The Awareness Angle, we cover a busy mix of breaches, claims, and security moments that blurred the line between what happened and what people thought happened. Instagram password reset emails caused widespread confusion, ransomware groups made high-profile breach claims without releasing data, and a well-known hacking forum found itself dealing with a leak of its own.
We also look at cyber incidents with real-world impact, including attacks linked to drug smuggling at major European ports and attempted intrusions targeting national energy infrastructure. On the technology side, we discuss Microsoft’s latest Patch Tuesday, growing control over AI tools on work devices, and why some organisations want clearer choices around when those tools appear.
The episode also explores emerging questions about identity and trust, from reused passwords and long-lived leaked data to eye-scanning technology promoted as a way to prove you are human online.
The Awareness Angle is best served in full. Watch on YouTube, or listen on Spotify or your favourite podcast platform to get the complete discussion and context.
Watch or listen to the episode today - YouTube | Spotify | Apple Podcasts
Visit riskycreative.com for past episodes, our blog, and our merch.
This week's stories...
Instagram password reset emails and data leak claims
A large number of Instagram users reported receiving password reset emails they did not request. Meta confirmed it fixed an issue that allowed an external party to trigger legitimate password reset emails at scale and said there was no breach of Instagram systems. According to Meta, user accounts were not compromised, and the emails were caused by abuse of a feature rather than a hack.
At the same time, security firm Malwarebytes reported that data linked to around 17.5 million Instagram accounts was being advertised online. The dataset is said to include usernames, email addresses, phone numbers, and, in some cases, physical addresses. Meta has denied any link between the password reset emails and the data, stating that it likely came from older scraping activity rather than a new Instagram breach.
While there is no public evidence tying the two events together, the timing created widespread confusion. Unexpected security emails combined with reports of leaked data looked and felt like a breach to many users, regardless of the technical explanation.
The Awareness Angle
- Timing shapes perception - When alerts and leak claims land together, people assume the worst
- Users see impact, not root cause - Bug or breach matters less than how it feels
- Old data still circulates - Historic scraping can resurface and fuel new scams
Ports hacked to support drug smuggling, hacker jailed
A hacker has been sentenced to 7 years in prison for cyberattacks that disrupted operations at the Port of Rotterdam and the Port of Antwerp. The attacks took place between 2021 and 2023 and involved unauthorised access to container logistics systems.
Prosecutors said the access was used to manipulate the release and movement of shipping containers, enabling organised crime groups to collect drug shipments without detection. The case highlights how cyber access can directly enable real-world criminal activity rather than just data theft.
Authorities said the sentence reflects the seriousness of targeting critical infrastructure and the wider risks posed to safety, trade, and national security.
The Awareness Angle
- Cyber enables physical crime - Access to systems can unlock real-world harm
- Logins are high-value targets - Human access often matters more than malware
- Impact goes beyond IT - Disruption affects supply chains and public safety
Microsoft may allow Copilot to be uninstalled on managed devices
Microsoft is planning to give IT administrators the option to uninstall Copilot from managed Windows devices, rather than just hide or disable it. The change would apply to enterprise-managed devices and address concerns about control, data handling, and readiness.
The move gives organisations more choice over when and how AI tools appear on work devices, particularly as teams continue to work through policies, training, and acceptable use. Copilot remains positioned as a productivity feature, but many organisations are still deciding how to introduce it safely.
The Awareness Angle
- Control matters - IT teams want clear choices, not forced rollouts
- AI affects behaviour - Tools change how people work, not just systems
- Readiness comes first - Introducing AI before guidance creates risk
AI is not selling, is interest waning?
Despite heavy investment in AI-powered PCs and tools, some manufacturers are reporting weaker-than-expected demand. Executives at Dell said consumers are not buying devices for AI features, and that AI-focused messaging often creates confusion rather than clarity.
The comments suggest a gap between how vendors promote AI and how everyday users understand its value. While AI continues to be embedded across products, its presence alone does not appear to be driving purchasing decisions.
This comes as organisations continue to balance innovation with concerns about data use, trust, and whether people actually want AI involved in their daily work.
The Awareness Angle
- AI does not automatically sell - Features need clear, practical value
- Confusion slows adoption - Unclear benefits create hesitation
- Trust still matters - Data questions shape acceptance
This week's discussion points...
Everest Ransomware Claims Nissan Data Breach – Watch | Read
Spanish Energy Giant Endesa Reports Major Customer Data Breach – Watch | Read
Instagram Password Reset Emails – Watch | Read
Breachforums Data Leak – Watch | Read
Microsoft Patch Tuesday – Watch | Read
Microsoft Copilot Removal Option – Watch | Read
AI PCs Not Selling – Watch | Read
Hacker Jailed for Attacks on Rotterdam and Antwerp Ports – Watch | Read
Poland Cyber Attack on Energy Infrastructure Stopped – Watch | Read
Scam Email Knows My Password – Watch | Read
Worldcoin and Eye Scans for Human Verification – Watch | Read
And finally...Scanning your eyes to prove you are human, Sam Altman’s Orb
This one is proper Black Mirror territory, because it takes a real problem, bot spam, fake accounts, AI-generated nonsense everywhere, and answers it with something that feels way too permanent. Worldcoin’s Orb scans your iris to create a unique digital identifier, a World ID, basically a way to prove you are a real human online. In some places, they even pay you in crypto to do it.
The pitch is “we do not store your eye images, we just turn it into a cryptographic code”, but the bit that makes my skin crawl is the direction of travel. Once you normalise scanning bodies to access digital services, it is hard to un-invent that. Passwords can be changed, devices can be replaced, but biometrics are forever. If a system like this ever gets abused, breached, repurposed, or linked up with other data sources, you do not get to rotate your eyeballs and start again.
And the crypto incentive matters. Paying people to hand over biometric data is not neutral as it changes the deal. It nudges adoption through cash, not through genuine understanding or informed consent. And if the goal is to build trust online, starting with “here is some money, let a shiny sphere scan your iris” is a weird way to do it.
This story is not just about one gadget in a shopping centre. It is about what comes next. If “prove you are human” becomes a standard requirement, who controls that proof, who decides when it is needed, and who gets locked out if they do not want to play along?
The Awareness Angle
- Biometrics are permanent - If something goes wrong, you cannot reset it like a password
- Incentives change consent - Paying people to sign up shifts behaviour faster than understanding
- This will not stay niche - If it works once, it will get pushed into more places
Thanks for reading! If you’ve spotted something interesting in the world of cyber this week, a breach, a tool, or just something a bit weird, let us know at hello@riskycreative.com. We’re always learning, and your input helps shape future episodes.
Ant Davis and Luke Pettigrew write this newsletter and podcast.
The Awareness Angle Podcast and Newsletter is a Risky Creative production.
All views and opinions are our own and do not reflect those of our employers.
