Over the weekend, hackers gained access to the X account of the beloved character Elmo and used it to post offensive racist and anti-Semitic threats, along with profane remarks about Jeffrey Epstein. On Monday, Sesame Workshop was actively working to reclaim full control of its Red Character account.
“Unknown hackers have compromised Elmo’s X account, posting derogatory messages, including anti-Semitic and racist content. We are striving to regain complete control of our account,” a spokesman for Sesame Workshop stated on Monday. Sesame Workshop is the nonprofit organization that produces Sesame Street and Elmo.
The account was breached over the weekend, and instead of its usual positive posts, Elmo’s 650,000 followers were confronted with anti-Semitic threats and racist commentary. The account also included profane references to convicted sex trafficker Epstein, revealing additional details about him to the US government, amidst the ongoing debate over the FBI’s findings that Epstein committed suicide. Although these tweets were swiftly deleted, Elmo’s account still hosts a link to a Telegram channel that celebrates the hacking.
X, owned by billionaire Elon Musk, has not yet responded to requests for comment.
Recently, Elmo’s social media accounts have focused on mental health awareness. Last year, the eternally three-and-a-half-year-old red monster prompted responses from Joe Biden and Chance the Rapper with a simple check-in: “Elmo is just checking in! What is everyone doing?”
X has faced ongoing challenges in safeguarding high-profile accounts, which can cause significant harm with a single tweet. Last year, various British MPs and international entities experienced similar breaches, with their accounts being used to mock cryptocurrency.
A mobile phone line serves as a vital channel for data, calls, and text communication. It also serves as a verification tool for various accounts, ranging from banking to messaging platforms.
However, if your line is compromised through a SIM swap or simjacking incident, the repercussions can be far more severe than just losing access to mobile data or calls. Unfortunately, this type of hack occurs discreetly in the background.
If you suspect this has happened, swift action is crucial. Here’s how to respond.
How to Identify It
Stay alert for notifications from your mobile provider that are typically sent via SMS. These may include alerts about activities from other locations, as well as notifications for requests to change settings, such as new phone number activations on a different device.
Be cautious of scams. Fraudsters may attempt to deceive you with fake notifications. If you receive a message instructing you to contact them, verify the legitimacy of the number provided, or use the official website or your account statement to confirm.
If you experience unexplained loss of services—such as calls, texts, or mobile data—this could signal a SIM swap attack.
Loss of access to various accounts linked to your phone number, including banking and social media, may suggest that hackers are attempting to change passwords or steal those accounts.
Regularly review your statements for unexpected charges, which could indicate hacking activity.
What to Do if You’ve Been SIM Swapped
Use a different phone to contact your service provider using the customer service number listed on their website. Provide your account number and any relevant information, including any passwords you have set. Explain the situation, and your provider will initiate the recovery process and investigate the incident.
Request your provider to block any unauthorized billing activity.
Immediately contact your bank and any other financial institutions to prevent unauthorized access to your accounts. Hackers often target financial resources first.
Notify friends and family that someone may be impersonating you using your number to commit fraud.
For accounts utilizing two-factor authentication, check which ones are linked to your phone number. If possible, change the method of authentication and set a new, strong password.
Review messaging apps like WhatsApp and others that use your phone number as your user ID.
What to Do When You Regain Access to Your Phone Account or Set Up a New One
Activate all available security measures on your provider account. This includes using strong passwords, enabling two-step verification, setting a SIM PIN on your device, and adding a customer service password and SIM forwarding PIN, if available.
Inquire with your provider about how the breach occurred and, if possible, what personal information may have been exploited. Consider using fictitious answers to security questions that cannot easily be guessed, and store this information securely with a password manager.
Set spending caps on your phone account to minimize the risk of future fraud.
Once you regain full control, reactivate two-factor authentication for your accounts and take all measures possible to secure them.
Implement additional security measures on messaging services like WhatsApp and Signal to make it difficult for others to register new devices using your account.
Contact your financial services provider to reactivate your accounts, while remaining vigilant for potential fraud and unexpected transactions.
Review your social media and other public accounts to identify any information that could be exploited for identity theft or further hacking attempts.
Email accounts have evolved beyond a traditional communication method; they are now central to the digital experience, as users access countless services ranging from shopping to social media. Therefore, forgetting a password or having your email compromised can lead to significant issues.
If you find yourself in such a situation, follow these steps to regain access to your email and secure other linked accounts.
What to do as soon as you discover your account has been compromised
Attempt to change your password from a device where you are still logged in.
Utilize familiar devices that you often use to access your email, such as your home computer or Wi-Fi-connected phones. It’s advisable to use the same browser if you have multiple installations.
Follow the account recovery process provided by your email service: Google or Microsoft. If possible, leverage your account or phone to access.
Even partial answers to recovery questions can be helpful, so provide as much information as you can, including any old passwords you may recall. Both Google and Microsoft offer guidance for this process. It may take up to 24 hours for account verification for recovery.
If all else fails, create a new email account to facilitate swift migration of your logins across various platforms and services.
Once you regain access to your account or create a new one, take the following steps
Create a unique, strong password for your email account. It should contain a minimum of 12 characters, with a mix of letters, numbers, and special symbols. Consider using Random Word Combinations or memorable lyrics and quotes, avoiding simple or easy-to-guess combinations. Use a password manager to keep track of it and other vital information.
Enable two-step verification using an app for generating codes instead of SMS text messages. Ensure you store the backup code securely.
Consider using a PassKey for authentication, which leverages devices or biometrics instead of traditional passwords, making it harder to compromise.
If you encounter issues logging in, set up a recovery email address and phone number to assist in regaining access.
It’s advisable to establish as many security questions as your account permits and answer them comprehensively. Make a note of your answers in a secure location.
circleA live jazz band plays Mario Kart, Full Orchestra Sonic plays. But there's an entire subgenre of video game music artists, who are happy to describe their sound as even nerdier. “Nerdcore has been around for 25 years – it's hip hop with nerdy themes, mostly about video games,” says Nick Box, 41, from Blackpool. Box has been in all sorts of “weird, silly bands,” including an electronic horror punk band. Hot Pink Sewer“All I did was dress up as a disabled person and play some backing tracks.” Cliff Grichard And it's weirder than you might think.
“The setting is a ZX Spectrum run by an AI clone of '90s TV presenter Noel Edmonds,” he explains. “The show starts with a Spectrum loading screen, followed by a pixelated Edmonds telling the audience that he's responsible for every celebrity death, political decision and catastrophe of the last 40 years. I run around screaming about stupid celebrities and end up fucking Mr Blobby onstage.”
According to Box, they were a nerdcore rap band based in Sunderland in the 2000s. B Type are his main inspiration and are “probably the biggest nerdy rap band in the UK right now”.
“We weren't the cool kids”… Mega run. Photo: Megaran
“In the early 2000s, there was a music explosion that mixed video game soundscapes with punk rock, hip hop and rap,” says Steve Brunton, aka BType, 39. “Final Fantasy VII was the first game that got people hooked on music, which led to remixes and covers.”
BType have covered Pokémon, Final Fantasy, Mortal Kombat and Cannon Fodder. “Each track is a love letter to the original,” he adds. The band performs with modified Game Boys and live beatboxers. “I'd describe our sound as the Beastie Boys working for Nintendo,” he says. Their shows draw “a wide variety of fans, from metal fans to nerds and geeks who you can tell from their T-shirts. When we started it was a huge untapped reservoir. Now, because everyone plays video games, a lot of people self-identify as fans.”
“What we really need to talk about is Megaran“He's a former English teacher from the US who became popular rapping about Final Fantasy VII and Mega Man and will be opening for Wheatus on their UK tour. He's a really great guy,” he advises.
“Hip hop's second golden age came in the early '90s, when Snoop Dogg, Nas and Wu-Tang Clan were releasing their seminal records,” Philadelphia-born Raheem Jarboe, aka Mega Ran, 45, told me over Zoom from Los Angeles International Airport, where we were waiting for a delayed flight to London. “Some of us were like, 'Let's just write songs,' but we weren't the cool kids, so we just wrote about our lives playing video games.”
Mega Run released his first album in 2006. He quit teaching in 2011 when he received a job offer from Capcom to write music for Mortal Kombat, Street Fighter and Teenage Mutant Ninja Turtles: Shredder's Revenge. “The songs are still nerdy, but the lines are blurring. If you listen to a Kanye West song, you hear a reference to a video game. Before, you didn't think anyone would notice a reference to Marvel Comics. Now Marvel is one of the biggest franchises in the world.”
BxLxOxBxBxY. Photo: Connor Standfield
“Mega Run supported Wheatus on their UK tour in June this year, taking to the stage with the band and rapping during their set of Teenage Dirtbag. “It touches on Nintendo Power, AOL, Yahoo and all the stuff we did when we were kids in the early 2000s,” he says.
Have you heard of Mr B? [The Gentleman Rhymer] “They're British nerdcore artists, and instead of insulting each other, they're praising each other and battling each other. 'You're so cool, your fashion accessories are amazing.' Talk to them, they're fun.”
“It would be nice, especially if we get some positive press,” said the 49-year-old, from Brighton. Paul Alborough Also known as Professor Elemental. “Ten years ago, Michael Gove Mentioned He liked my music and it was in the Guardian. I had to contact him and tell him that if he came to my show, I would have the audience beat him with sticks.”
Alborough describes his character, Professor Elemental, as “a mad, optimistic but woefully incompetent eccentric British explorer and inventor”. He has been performing for over a decade and can be seen at Glastonbury this year in a rainbow suit and pith helmet, with chimpanzees and lions as backing dancers.
Like Mega Ran, Professor Elemental has written songs for Sega and Nintendo, and if you want him to write a personal song it will cost you £500 a song.
So what does he think of his nerdcore contemporaries? “Sometimes I hear people rapping about, say, Mr Blobby, and I think, 'I can't stand this newfangled rap, it's not proper hip-hop'. But then I remember what I do…”
Weirder than you'd think… Cliff Grichard. Photo: Cliff Grichard
The Mr. Blobby-themed rap leads us to Dan Buckley, 39, the leader of a Mr. Blobby-themed grindcore band. Underline.
“I'm really interested in the blend of music, comedy, surrealism and a good, healthy dose of weirdness,” Buckley says of his two decades in the industry.
Be aware that cybercriminals may have access to your personal information. However, there are several ways to tell.
‘White Hacker’ Ash Chatrier, a cyber whiz who works with people to identify their vulnerabilities to cyber attacks, explains how to tell if a hacker might be accessing your account and how to We’ve shared tips on what to do if you suspect someone is accessing your account.
“To respond to suspicious account activity, you should contact your service provider and have your password reset to a strong, ideally random set of letters, numbers, and characters,” says Threat Intelligence Researcher at F-Secure. said Shatrieh, who works. told the Daily Mail.
“In some cases, a device (such as a PC) can be compromised by malware that steals information. In that case, it’s important to run an antivirus scan on your computer,” he added.
If you think you’ve been hacked or want to make sure your data is safe, keep an eye out for the following warning signs, according to Shatry.
Social media
Social media algorithms are tailored to your interests, so if you see content in your feed that you wouldn’t normally see, it could be a sign that someone else is messing with your account.
Be aware of changes in the content you see on social media. Sudden changes, such as an influx of posts in an unfamiliar language or suggestions from uninvolved accounts, can indicate suspicious activity,” Shatry said.
“Social media algorithms are tailored to user preferences, and unexpected changes could mean unauthorized access,” he added.
small bank transactions
If a hacker has access to your online banking account, he or she may test the waters with a few small transactions before going after the big kahuna.
Chatrier offered his two cents.
“Regularly check your bank and credit card statements for fraudulent transactions. Hackers may initiate small transactions as a test before attempting larger ones. There is,” he explained.
“Remain vigilant and report any suspicious transactions, even the seemingly small ones, to your bank immediately. If you have tried to max out your card, call your bank to cancel your card,” says Cyber. Wiz added.
Ash Shatrieh shared expert tips to help you determine if you’re a target of a hacker. F-Secure
Message without notification
If you’re seeing emails or other types of messages for various accounts, but you’re not receiving regular notifications, it could mean those notifications are being sent elsewhere. There is a gender.
“Be careful if you notice the existence of new unread emails without receiving a corresponding notification, causing delays in delivery,” he warned.
“This could indicate that the hacker has set up rules that allow them to bypass or hide emails from your inbox, allowing the hacker to selectively publish certain messages while others “This suggests that they may be hiding messages,” he added.
Chatrier said he is keeping an eye out for signs that his email could be compromised.
“Check your inbox settings to see if there are any rules that forward emails to addresses you don’t know,” he says.
yellow email banner
If you see yellow, don’t calm down.
If you access Gmail from a desktop computer, you can see if someone has logged into your account from a new location.
If you’re in California and you’re logging in from Idaho even though you’ve never been there, you may have a hacker.
“We regularly check the activity logs provided by the service to monitor login timestamps and IP addresses,” he said.
“For example, in Gmail, you may see a yellow banner at the bottom in unfamiliar places. Investigate unusual activity and cancel unknown sessions (requiring you to sign out on all devices you’re logged in to. ), quickly protect your account by resetting your login credentials. Please note that if your device is compromised, your account may be compromised.”
Account suspension
If your account has been suspended and you don’t know why, hackers may be the culprit.
“Beware of unexpected account terminations. “If you receive a notification about account suspension or termination, it may indicate malicious activity,” he said.
“Please contact your service provider immediately to investigate and resolve the issue.
He added that if you suddenly log out, this could also be a red flag.
If you see signs of unauthorized login attempts or if your account is logged out, someone else may be in control.
“If you notice that you are repeatedly logged out without initiating the logout, investigate for suspicious login attempts,” he said.
“Check your list of active sessions, trusted devices, and logged-in devices, revoke access if you see anything suspicious, change your password, and ensure multi-factor authentication is configured and working properly. please.”
Comcast has confirmed that hackers who exploited a security vulnerability rated critical gained access to sensitive information of approximately 36 million Xfinity customers.
The vulnerability, known as CitrixBleed, was discovered in Citrix networking devices commonly used by large enterprises and has been widely exploited by hackers since late August. Citrix made the patch available in early October, but many organizations did not apply the patch in time. Hackers used the CitrixBleed vulnerability to hack high-profile victims including aerospace giant Boeing, Industrial and Commercial Bank of China, and international law firm Allen & Overy.
Comcast’s cable TV and Internet division, Xfinity, has become the latest victim of CitrixBleed, the company has confirmed. Notice to customers on monday.
The US telecommunications giant said hackers who exploited a CitrixBleed vulnerability accessed its internal systems from October 16th to October 19th, but the company did not detect any “malicious activity” until October 25th. Stated.
By Nov. 16, Xfinity had determined that “information may have been obtained” by the hackers, and in December that it had determined that this included customer data, including usernames and “hashed” passwords. concluded that they were scrambled and stored in an unreadable manner. To humans. It is not immediately clear how the password was scrambled or what algorithm was used, as some weak hashing algorithms can be cracked.
The company said the hackers may have also accessed the names, contact information, dates of birth, last four digits of Social Security numbers, and security questions and answers for an unspecified number of customers.
Comcast said it “continues to analyze our data and will provide additional notifications as appropriate,” suggesting other types of data may have been accessed as well.
The notice did not say how many Xfinity customers would be affected, and Comcast spokesperson Joel Shadle declined to comment when asked by TechCrunch.in Filings with the Maine Attorney General, Comcast confirmed that approximately 35.8 million customers were affected by this breach.Comcast Latest earnings report The company has more than 32 million broadband customers, suggesting this breach affected most, if not all, Xfinity customers.
Whether Xfinity received a ransom demand, how the incident affected the company’s operators, and whether the incident was reported to the U.S. Securities and Exchange Commission, as required by the regulator’s new data breach reporting rules. It is still unclear whether it was submitted. A Comcast spokesperson declined to comment.
Xfinity says it requires customers to reset their passwords and recommends the use of two-factor or multi-factor authentication (which the company does not require by default) for all customer accounts.
According to vx-underground, the hackers claim to have stolen 70,000 customer photos taken from cameras embedded in ATMs, as well as the personal data of 300,000 customers. Name, surname, email address, phone number, current occupation, address, etc.
No one has publicly claimed hacking. A month later, what actually happened to Coin Cloud remains a mystery, even to the company’s new owners.
Do you have more information about the Coin Cloud hack? We’d love to hear from you. Lorenzo Franceschi-Bicchierai can be reached securely on Signal (+1 917 257 1382), Telegram, Keybase and Wire @lorenzofb, or email lorenzo@techcrunch.com. He can also be reached at TechCrunch via SecureDrop.
Mr. Bernard, who serves as CEO, Bitcoin ATMThe company, which rebranded itself after purchasing some of Coin Cloud’s assets in bankruptcy proceedings, told TechCrunch that his company launched an investigation following vx-underground’s tweet, but is unsure when the breach occurred or who identified it. He said he was unable to conclude whether he was responsible. He himself described the incident as a “mystery”.
“Coin Cloud has been hacked multiple times in the past when it was still a commercial company, so the data breach happened a while ago,” Bernard said. “I think the data is being held to ransom right now. It’s impossible to say. [when] There is little control throughout the software development process, with multiple international contractors having access to source code containing secrets. [database]” Bernard said in an email.
“Based on the information we have been shown, it does not appear that any services maintained by Coin Cloud have been recently compromised,” Barnard added. “Therefore, it is reasonable to think that this is data that was already stolen when Coincloud was hacked previously. It is an assumption, but a reasonable one. It’s impossible to say exactly what was compromised; so many vendors and internal employees had access to it that the same thing may have happened at different times over the years. ”
Barnard said that if someone were to obtain the source code containing the database’s administrator credentials, the hacker “would have access to all the files.” [Know Your Customer] Customer information. ”
Know Your Customer (KYC) is a check performed by technology and financial companies to verify a person’s identity to prevent fraud and money laundering. KYC checks often rely on customers submitting scans of their identification documents.
A former Coin Cloud employee told TechCrunch on condition of anonymity that Coin Cloud was “an absolute disaster to work for.”
“We didn’t have a security team,” the former employee said, adding that Coincloud had been hacked at least once in the last year and believed the company stored much of its data in plain text, meaning it wasn’t encrypted. He added that
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
