The women-only app Tea now "faces two class action lawsuits filed in California" in response to a recent breach," reports NPR — even as the company is now boasting it has more than 6.2 million users.

A spokesperson for Tea told the CBC it's "working to identify any users whose personal information was involved" in a breach of 72,000 images (including 13,000 verification photos and images of government IDs) and a later breach of 1.1 million private messages. Tea said they will be offering those users "free identity protection services." The company said it removed the ID requirement in 2023, but data that was stored before February 2024, when Tea migrated to a more secure system, was accessed in the breach... [Several sites have pointed out Tea's current privacy policy is telling users selfies are "deleted immediately."]

Tea was reportedly intended to launch in Canada on Friday, according to information previously posted on the App Store, but as of this week the launch date is now in February 2026. Tea didn't respond to CBC's questions about the apparent delay. Yet even amid the current turmoil, Tea's waitlist has ballooned to 1.5 million women, all eager to join, the company posted on Wednesday. A day later, Tea posted in its Instagram stories that it had approved "well over" 800,000 women into the app that day alone.

So, why is it so popular, despite the drama and risks?
Tea tapped into a perceived weakness of ther dating apps, according to an associate health studies professor at Ontario's Western University interviewed by the CBC, who thinks users should avoid Tea, at least until its security is restored.

Tech blogger John Gruber called the incident "yet another data point for the argument that any 'private messaging' feature that doesn't use E2EE isn't actually private at all." (And later Gruber notes Tea's apparent absence at the top of the charts in Google's Play Store. "I strongly suspect that, although Google hasn't removed Tea from the Play Store, they've delisted it from discovery other than by searching for it by name or following a direct link to its listing.")

Besides anonymous discussions about specific men, Tea also allows its users to perform background and criminal record checks, according to NPR, as well as reverse image searches. But the recent breach, besides threatening the safety of its users, also "laid bare the anonymous, one-sided accusations against the men in their dating pools." The CBC points out there's a men's rights group on Reddit now urging civil lawsuits against tea as part of a plan to get the app shut down. And "Cleveland lawyer Aaron Minc, who specializes in cases involving online defamation and harassment, told The Associated Press that his firm has received hundreds of calls from people upset about what's been posted about them on Tea."

Yet in response to Tea's latest Instagram post, "The comments were almost entirely from people asking Tea to approve them, so they could join the app."

An anonymous reader quotes a report from Wired: An airline leaving all of its passengers' travel records vulnerable to hackers would make an attractive target for espionage. Less obvious, but perhaps even more useful for those spies, would be access to a premium travel service that spans 10 different airlines, left its own detailed flight information accessible to data thieves, and seems to be favored by international diplomats. That's what one team of cybersecurity researchers found in the form of Airportr, a UK-based luggage service that partners with airlines to let its largely UK- and Europe-based users pay to have their bags picked up, checked, and delivered to their destination. Researchers at the firm CyberX9 found that simple bugs in Airportr's website allowed them to access virtually all of those users' personal information, including travel plans, or even gain administrator privileges that would have allowed a hacker to redirect or steal luggage in transit. Among even the small sample of user data that the researchers reviewed and shared with WIRED they found what appear to be the personal information and travel records of multiple government officials and diplomats from the UK, Switzerland, and the US.

Airportr's CEO Randel Darby confirmed CyberX9's findings in a written statement provided to WIRED but noted that Airportr had disabled the vulnerable part of its site's backend very shortly after the researchers made the company aware of the issues last April and fixed the problems within a few day. "The data was accessed solely by the ethical hackers for the purpose of recommending improvements to Airportr's security, and our prompt response and mitigation ensured no further risk," Darby wrote in a statement. "We take our responsibilities to protect customer data very seriously." CyberX9's researchers, for their part, counter that the simplicity of the vulnerabilities they found mean that there's no guarantee other hackers didn't access Airportr's data first. They found that a relatively basic web vulnerability allowed them to change the password of any user to gain access to their account if they had just the user's email address -- and they were also able to brute-force guess email addresses with no rate limitations on the site. As a result, they could access data including all customers' names, phone numbers, home addresses, detailed travel plans and history, airline tickets, boarding passes and flight details, passport images, and signatures.

By gaining access to an administrator account, CyberX9's researchers say, a hacker could also have used the vulnerabilities it found to redirect luggage, steal luggage, or even cancel flights on airline websites by using Airportr's data to gain access to customer accounts on those sites. The researchers say they could also have used their access to send emails and text messages as Airportr, a potential phishing risk. Airportr tells WIRED that it has 92,000 users and claims on its website that it has handled more than 800,000 bags for customers. [...] The researchers found that they could monitor their browser's communications as they signed up for Airportr and created a new password, and then reuse an API key intercepted from those communications to instead change another user's password to anything they chose. The site also lacked a "rate limiting" security measure that would prevent automated guesses of email addresses to rapidly change the password of every user's account. And the researchers were also able to find email addresses of Airportr administrators that allowed them to take over their accounts and gain their privileges over the company's data and operations. "Anyone would have been able to gain or might have gained absolute super-admin access to all the operations and data of this company," says Himanshu Pathak, CyberX9's founder and CEO. "The vulnerabilities resulted in complete confidential private information exposure of all airline customers in all countries who used the service of this company, including full control over all the bookings and baggage. Because once you are the super-admin of their most sensitive systems, you have have the ability to do anything."

A Brussels court has issued an unusually broad site-blocking order targeting Internet Archive's Open Library alongside shadow libraries including Anna's Archive, Libgen, and Z-Library. The order, requested by publishing and author organizations, directs an unprecedented range of intermediaries to take action beyond traditional ISP blocks.

Search engines, DNS resolvers, advertisers, domain name services, CDNs, hosting companies, and payment processors -- including Google, Microsoft, Cloudflare, Amazon Web Services, PayPal, and Starlink -- must restrict access to the targeted sites. The court found "clear and significant infringement" in the ex parte proceeding.

BrianFagioli writes: Google is changing its mind about killing off all goo.gl short links. The company had originally planned to shut them down entirely by August 25, 2025. That decision sparked concern among developers, educators, journalists, and everyday users who rely on these links across the web.

Now, just weeks before the deadline, Google is taking a softer approach. It turns out the company is only going to disable goo.gl links that haven't seen any activity since late 2024. If your link is still being used or clicked, it should keep working. This adjustment comes after what Google describes as community feedback.

Hackers from the group UNC2891 attempted a high-tech bank heist by physically planting a 4G-enabled Raspberry Pi inside a bank's ATM network, using advanced malware hidden with a never-before-seen Linux bind mount technique to evade detection. "The trick allowed the malware to operate similarly to a rootkit, which uses advanced techniques to hide itself from the operating system it runs on," reports Ars Technica. Although the plot was uncovered before the hackers could hijack the ATM switching server, the tactic showcased a new level of sophistication in cyber-physical attacks on financial institutions. The security firm Group-IB, which detailed the attack in a report on Wednesday, didn't say where the compromised switching equipment was located or how attackers managed to plant the Raspberry Pi. Ars Technica reports: To maintain persistence, UNC2891 also compromised a mail server because it had constant Internet connectivity. The Raspberry Pi and the mail server backdoor would then communicate by using the bank's monitoring server as an intermediary. The monitoring server was chosen because it had access to almost every server within the data center. As Group-IB was initially investigating the bank's network, researchers noticed some unusual behaviors on the monitoring server, including an outbound beaconing signal every 10 minutes and repeated connection attempts to an unknown device. The researchers then used a forensic tool to analyze the communications. The tool identified the endpoints as a Raspberry Pi and the mail server but was unable to identify the process names responsible for the beaconing.

The researchers then captured the system memory as the beacons were sent. The review identified the process as lightdm, a process associated with an open source LightDM display manager. The process appeared to be legitimate, but the researchers found it suspicious because the LightDM binary was installed in an unusual location. After further investigation, the researchers discovered that the processes of the custom backdoor had been deliberately disguised in an attempt to throw researchers off the scent.

[Group-IB Senior Digital Forensics and Incident Response Specialist Nam Le Phuong] explained: "The backdoor process is deliberately obfuscated by the threat actor through the use of process masquerading. Specifically, the binary is named "lightdm", mimicking the legitimate LightDM display manager commonly found on Linux systems. To enhance the deception, the process is executed with command-line arguments resembling legitimate parameters -- for example, lightdm -- session child 11 19 -- in an effort to evade detection and mislead forensic analysts during post-compromise investigations. These backdoors were actively establishing connections to both the Raspberry Pi and the internal Mail Server."

CISA has publicly released Thorium, a powerful open-source platform developed with Sandia National Labs that automates malware and forensic analysis at massive scale. According to BleepingComputer, the platform can "schedule over 1,700 jobs per second and ingest over 10 million files per hour per permission group." From the report: Security teams can use Thorium for automating and speeding up various file analysis workflows, including but not limited to:

- Easily import and export tools to facilitate sharing across cyber defense teams,
- Integrate command-line tools as Docker images, including open-source, commercial, and custom software,
- Filter results using tags and full-text search,
- Control access to submissions, tools, and results with strict group-based permissions,
- Scale with Kubernetes and ScyllaDB to meet workload demands.

Defenders can find installation instructions and get their own copy of Thorium from CISA's official GitHub repository.

Microsoft has abandoned a decades-long tradition of calling out the names of its rivals in regulatory documents. From a report: When the 50-year-old technology company released its annual report Wednesday, the 101-page document contained zero references to longtime foes Apple and IBM.

Nor did it mention privately held challengers such as Anthropic or Databricks. Last year's Microsoft annual report officially designated over 25 companies as competitors. The names of Microsoft's enemies have appeared in its annual reports at least since 1994.

An anonymous reader quotes a report from Ars Technica: Google is fond of saying its mission is to "organize the world's information," but who gets to decide what information is worthy of organization? A San Francisco tech CEO has spent the past several years attempting to remove unflattering information about himself from Google's search index, and the nonprofit Freedom of the Press Foundation says he's still at it. Most recently, an unknown bad actor used a bug in one of Google's search tools to scrub the offending articles.

The saga began in 2023 when independent journalist Jack Poulson reported on Maury Blackman's 2021 domestic violence arrest. Blackman, who was then the CEO of surveillance tech firm Premise Data Corp., took offense at the publication of his legal issues. The case did not lead to charges after Blackman's 25-year-old girlfriend recanted her claims against the 53-year-old CEO, but Poulson reported on some troubling details of the public arrest report. Blackman has previously used tools like DMCA takedowns and lawsuits to stifle reporting on his indiscretion, but that campaign now appears to have co-opted part of Google's search apparatus. The Freedom of the Press Foundation (FPF) reported on Poulson's work and Blackman's attempts to combat it late last year. In June, Poulson contacted the Freedom of the Press Foundation to report that the article had mysteriously vanished from Google search results.

The foundation began an investigation immediately, which led them to a little-known Google search feature known as Refresh Outdated Content. Google created this tool for users to report links with content that is no longer accurate or that lead to error pages. When it works correctly, Refresh Outdated Content can help make Google's search results more useful. However, Freedom of the Press Foundation now says that a bug allowed an unknown bad actor to scrub mentions of Blackman's arrest from the Internet. Upon investigating, FPF found that its article on Blackman was completely absent from Google results, even through a search with the exact title. Poulson later realized that two of his own Substack articles were similarly affected. The Foundation was led to the Refresh Outdated Content tool upon checking its search console. The bug in the tool allowed malicious actors to de-index valid URLs from search results by altering the capitalization in the URL slug. Although URLs are typically case-sensitive, Google's tool treated them as case-insensitive. As a result, when someone submitted a slightly altered version of a working URL (for example, changing "anatomy" to "AnAtomy"), Google's crawler would see it as a broken link (404 error) and mistakenly remove the actual page from search results.

Ironically, Blackman is now CEO of the online reputation management firm The Transparency Company.

A software developer who built his own home server in response to Amazon's removal of Kindle book downloads now argues that self-hosting "is NOT the future we should be fighting for." Drew Lyton constructed a home server running open-source alternatives to Google Drive, Google Photos, Audible, Kindle, and Netflix after Amazon announced that "Kindle users would no longer be able to download and back up their book libraries to their computers."

The change prompted Amazon to update Kindle store language to say "users are purchasing licenses -- not books." Lyton's setup involved a Lenovo P520 with 128GB RAM, multiple hard drives, and Docker containers running applications like Immich for photo storage and Jellyfin for media streaming. The technical complexity required "138 words to describe but took me the better part of two weeks to actually do."

The implementation was successful but Lyton concluded that self-hosting "assumes isolated, independent systems are virtuous. But in reality, this simply makes them hugely inconvenient." He proposes "publicly funded, accessible, at cost cloud-services" as an alternative, suggesting libraries could provide "100GB of encrypted file storage, photo-sharing and document collaboration tools, and media streaming services -- all for free."

Smartphone maker Nothing's $799 Phone 3 has been "mired in controversy among the same customers who rallied behind the company's past products" since its July launch, Bloomberg reported on Wednesday. Tech enthusiasts have "lambasted the company for the phone's peculiar industrial design and what they perceive to be an unreasonable price."

The Android device lacks the most performant Qualcomm processor chip found in premium Android phones and the camera performance "falls short of other handsets in this price bracket," the publication wrote in a scathing review. The phone costs $200 more than its predecessor and matches pricing with Apple's iPhone 16, Samsung's Galaxy S25, and Google's Pixel 9.

Critics across Reddit and social media have attacked Nothing for removing the signature Glyph Lights from previous models. Comments on Nothing's YouTube channel have been "bruising," focusing on the phone's oddly positioned camera array. "At its current price, the handset is too expensive for what it offers," the review concludes.

Dropbox will shut down its password manager service by October 28, giving users until then to extract their data before permanent deletion. The discontinuation occurs in phases: Dropbox Passwords becomes view-only on August 28, the mobile app stops working September 11, and complete shutdown follows October 28. The company cited focusing on core product features as the reason for dropping the service, which launched in 2020 for paid users and expanded to all users in 2021.

Journalist Jack Poulson accidentally discovered that Google had completely removed two of his articles from search results after someone exploited a vulnerability in the company's Refresh Outdated Content tool.

The security flaw allowed malicious actors to de-list specific web pages by submitting URLs with altered capitalization to Google's recrawling system. When Google attempted to index these modified URLs, the system received 404 errors and subsequently removed all variations of the page from search results, including the original legitimate articles.

The affected stories concerned tech CEO Delwin Maurice Blackman's 2021 arrest on felony domestic violence charges. In a statement to 404 Media, Google confirmed the vulnerability and said it had deployed a fix for the issue.

Minnesota Governor Tim Walz has activated the National Guard to assist the City of Saint Paul after a cyberattack crippled the city's digital services on Friday. "The city is currently working with local, state, and federal partners to investigate the attack and restore full functionality, and says that emergency services have been unaffected," reports BleepingComputer. "However, online payments are currently unavailable, and some services in libraries and recreation centers are temporarily unavailable." From the report: The attack has persisted through the weekend, causing widespread disruptions across the city after affecting St. Paul's digital services and critical systems. "St. Paul officials have been working around the clock since discovering the cyberattack, closely coordinating with Minnesota Information Technology Services and an external cybersecurity vendor. Unfortunately, the scale and complexity of this incident exceeded both internal and commercial response capabilities," reads an emergency executive order (PDF) signed on Tuesday.

"As a result, St. Paul has requested cyber protection support from the Minnesota National Guard to help address this incident and make sure that vital municipal services continue without interruption." "The decision to deploy cyber protection support from the Minnesota National Guard comes at the city's request, after the cyberattack's impact exceeded St. Paul's incident response capacity. This will ensure the continuity of vital services for Saint Paul residents, as well as their security and safety while ongoing disruptions are being mitigated. "We are committed to working alongside the City of Saint Paul to restore cybersecurity as quickly as possible," Governor Walz said on Tuesday. "The Minnesota National Guard's cyber forces will collaborate with city, state, and federal officials to resolve the situation and mitigate lasting impacts."

Anthropic will implement weekly rate limits for Claude subscribers starting August 28 to address users running its Claude Code AI programming tool continuously around the clock and to prevent account sharing violations. The new restrictions will affect Pro subscribers paying $20 monthly and Max plan subscribers paying $100 and $200 monthly, though Anthropic estimates fewer than 5% of current users will be impacted based on existing usage patterns.

Pro users will receive 40 to 80 hours of Sonnet 4 access through Claude Code weekly, while $100 Max subscribers get 140 to 280 hours of Sonnet 4 plus 15 to 35 hours of Opus 4. The $200 Max plan provides 240 to 480 hours of Sonnet 4 and 24 to 40 hours of Opus 4. Claude Code has experienced at least seven outages in the past month due to unprecedented demand.

A second, far more recent data breach at women's dating safety app Tea has exposed over a million sensitive user messages -- including discussions about abortions, infidelity, and shared contact info. This vulnerability not only compromised private conversations but also made it easy to unmask anonymous users. 404 Media reports: Despite Tea's initial statement that "the incident involved a legacy data storage system containing information from over two years ago," the second issue impacting a separate database is much more recent, affecting messages up until last week, according to the researcher's findings that 404 Media verified. The researcher said they also found the ability to send a push notification to all of Tea's users.

It's hard to overstate how sensitive this data is and how it could put Tea's users at risk if it fell into the wrong hands. When signing up, Tea encourages users to choose an anonymous screenname, but it was trivial for 404 Media to find the real world identities of some users given the nature of their messages, which Tea has led them to believe were private. Users could be easily found via their social media handles, phone numbers, and real names that they shared in these chats. These conversations also frequently make damning accusations against people who are also named in the private messages and in some cases are easy to identify. It is unclear who else may have discovered the security issue and downloaded any data from the more recent database. Members of 4chan found the first exposed database last week and made tens of thousands of images of Tea users available for download. Tea told 404 Media it has contacted law enforcement. [...]

This new data exposure is due to any Tea user being able to use their own API key to access a more recent database of user data, Rahjerdi said. The researcher says that this issue existed until late last week. That exposure included a mass of Tea users' private messages. In some cases, the women exchange phone numbers so they can continue the conversation off platform. The first breach was due to an exposed instance of app development platform Firebase, and impacted tens of thousands of selfie and driver license images. At the time, Tea said in a statement "there is no evidence to suggest that current or additional user data was affected." The second database includes a data field called "sent_at," with many of those messages being marked as recent as last week.

New submitter Pravetz-82 shares a report from Politico: A cyberattack on Russian state-owned flagship carrier Aeroflot caused a mass outage to the company's computer systems on Monday, Russia's prosecutor's office said, forcing the airline to cancel more than 100 flights and delay others. Ukrainian hacker group Silent Crow and Belarusian hacker activist group the Belarus Cyber-Partisans, which opposes the rule of Belarusian President Alexander Lukashenko, claimed responsibility for the cyberattack. Images shared on social media showed hundreds of delayed passengers crowding Moscow's Sheremetyevo airport, where Aeroflot is based. The outage also disrupted flights operated by Aeroflot's subsidiaries, Rossiya and Pobeda. While most of the flights affected were domestic, the disruption also led to cancellations for some international flights to Belarus, Armenia and Uzbekistan.

Silent Crow claimed it had accessed Aeroflot's corporate network for a year, copying customer and internal data, including audio recordings of phone calls, data from the company's own surveillance on employees and other intercepted communications. "All of these resources are now inaccessible or destroyed and restoring them will possibly require tens of millions of dollars. The damage is strategic," the channel purporting to be the Silent Crow group wrote on Telegram. There was no way to independently verify its claims. The same channel also shared screenshots that appeared to show Aeroflot's internal IT systems, and insinuated that Silent Crow could begin sharing the data it had seized in the coming days. "The personal data of all Russians who have ever flown with Aeroflot have now also gone on a trip -- albeit without luggage and to the same destination," it said. The Belarus Cyber-Partisans told The Associated Press that they had hoped to "deliver a crushing blow." Russia's Prosecutor's Office said it had opened a criminal investigation. Meanwhile, Kremlin spokesperson Dmitry Peskov called reports of the cyberattack "quite alarming," adding that "the hacker threat is a threat that remains for all large companies providing services to the general public."

Windows 11 has become indistinguishable from malware because of the way Microsoft has inserted intrusive advertising, AI monitoring features, and constant distractions designed to drive user engagement and monetization to the operating system, argues veteran writer and developer Rupert Goodwins of The Register.

Goodwins contends that Microsoft has transformed Windows 11 into "an ADHD horror show, full of distractions, promotions and snares" where AI features "constantly video what you're doing and send it back to Mother." He applies the term malware to describe software that intervenes in work to advertise and monitors user data, concluding that "for Windows it isn't a class of third-party nasties, it's an edition name."

Security researchers have discovered evidence suggesting the SkyRover X1 drone sold on Amazon for some $750 is a DJI product operating under a different brand name. The findings come at a time when DJI is facing an unofficial ban at US customs.

The drone shares identical specifications and features with the DJI Mini 4 Pro and connects to DJI's online infrastructure, including DJIGlobal, DJISupport, and DJIEnterprise services.

Hacker Kevin Finisterre successfully logged into the SkyRover system using his existing DJI credentials. Security consultant Jon Sawyer found the SkyRover app uses the same encryption keys as DJI software, with the company making only basic attempts to conceal its origins by replacing "DJI" references with "xxx" or "uav." DJI didn't deny to The Verge that the SkyRover X1 is their product.

This week Google's Open Source Security Team announced "a new project to strengthen trust in open source package ecosystems" — by reproducing upstream artifacts.

It includes automation to derive declarative build definitions, new "build observability and verification tools" for security teams, and even "infrastructure definitions" to help organizations rebuild, sign, and distribute provenance by running their own OSS Rebuild instances. (And as part of the initiative, the team also published SLSA Provenance attestations "for thousands of packages across our supported ecosystems.") Our aim with OSS Rebuild is to empower the security community to deeply understand and control their supply chains by making package consumption as transparent as using a source repository. Our rebuild platform unlocks this transparency by utilizing a declarative build process, build instrumentation, and network monitoring capabilities which, within the SLSA Build framework, produces fine-grained, durable, trustworthy security metadata. Building on the hosted infrastructure model that we pioneered with OSS Fuzz for memory issue detection, OSS Rebuild similarly seeks to use hosted resources to address security challenges in open source, this time aimed at securing the software supply chain... We are committed to bringing supply chain transparency and security to all open source software development. Our initial support for the PyPI (Python), npm (JS/TS), and Crates.io (Rust) package registries — providing rebuild provenance for many of their most popular packages — is just the beginning of our journey...

OSS Rebuild helps detect several classes of supply chain compromise:

- Unsubmitted Source Code: When published packages contain code not present in the public source repository, OSS Rebuild will not attest to the artifact.

- Build Environment Compromise: By creating standardized, minimal build environments with comprehensive monitoring, OSS Rebuild can detect suspicious build activity or avoid exposure to compromised components altogether.

- Stealthy Backdoors: Even sophisticated backdoors like xz often exhibit anomalous behavioral patterns during builds. OSS Rebuild's dynamic analysis capabilities can detect unusual execution paths or suspicious operations that are otherwise impractical to identify through manual review.


For enterprises and security professionals, OSS Rebuild can...

— Enhance metadata without changing registries by enriching data for upstream packages. No need to maintain custom registries or migrate to a new package ecosystem.

— Augment SBOMs by adding detailed build observability information to existing Software Bills of Materials, creating a more complete security picture...

- Accelerate vulnerability response by providing a path to vendor, patch, and re-host upstream packages using our verifiable build definitions...


The easiest (but not only!) way to access OSS Rebuild attestations is to use the provided Go-based command-line interface.
"With OSS Rebuild's existing automation for PyPI, npm, and Crates.io, most packages obtain protection effortlessly without user or maintainer intervention."

In 1995's online world, AOL existed mostly beside the internet as a "walled, manicured garden," remembers Fast Company.

Then along came AOHell "the first of what would become thousands of programs designed by young hackers to turn the system upside down" — built by a high school dropout calling himself "Da Chronic" who says he used "a computer that I couldn't even afford" using "a pirated copy of Microsoft Visual Basic." [D]istributed throughout the teen chatrooms, the program combined a pile of tricks and pranks into a slick little control panel that sat above AOL's windows and gave even newbies an arsenal of teenage superpowers. There was a punter to kick people out of chatrooms, scrollers to flood chats with ASCII art, a chat impersonator, an email and instant message bomber, a mass mailer for sharing warez (and later mp3s), and even an "Artificial Intelligence Bot" [which performed automated if-then responses]. Crucially, AOHell could also help users gain "free" access to AOL. The program came with a program for generating fake credit card numbers (which could fool AOL's sign up process), and, by January 1995, a feature for stealing other users' passwords or credit cards. With messages masquerading as alerts from AOL customer service reps, the tool could convince unsuspecting users to hand over their secrets...

Of course, Da Chronic — actually a 17-year-old high school dropout from North Carolina named Koceilah Rekouche — had other reasons, too. Rekouche wanted to hack AOL because he loved being online with his friends, who were a refuge from a difficult life at home, and he couldn't afford the hourly fee. Plus, it was a thrill to cause havoc and break AOL's weak systems and use them exactly how they weren't meant to be, and he didn't want to keep that to himself. Other hackers "hated the fact that I was distributing this thing, putting it into the team chat room, and bringing in all these noobs and lamers and destroying the community," Rekouche told me recently by phone...

Rekouche also couldn't have imagined what else his program would mean: a free, freewheeling creative outlet for thousands of lonely, disaffected kids like him, and an inspiration for a generation of programmers and technologists. By the time he left AOL in late 1995, his program had spawned a whole cottage industry of teenage script kiddies and hackers, and fueled a subculture where legions of young programmers and artists got their start breaking and making things, using pirated software that otherwise would have been out of reach... In 2014, [AOL CEO Steve] Case himself acknowledged on Reddit that "the hacking of AOL was a real challenge for us," but that "some of the hackers have gone on to do more productive things."

When he first met Mark Zuckerberg, he said, the Facebook founder confessed to Case that "he learned how to program by hacking [AOL]."
"I can't imagine somebody doing that on Facebook today," Da Chronic says in a new interview with Fast Company. "They'll kick you off if you create a Google extension that helps you in the slightest bit on Facebook, or an extension that keeps your privacy or does a little cool thing here and there. That's totally not allowed."

AOHell's creators had called their password-stealing techniques "phishing" — and the name stuck. (AOL was working with federal law enforcement to find him, according to a leaked internal email, but "I didn't even see that until years later.") Enrolled in college, he decided to write a technical academic paper about his program. "I do believe it caught the attention of Homeland Security, but I think they realized pretty quickly that I was not a threat."

He's got an interesting perspective today, noting with today's AI tool's it's theoretically possible to "craft dynamic phishing emails... when I see these AI coding tools I think, this might be like today's Visual Basic. They take out a lot of the grunt work."

What's the moral of the story? "I didn't have any qualifications or anything like that," Da Chronic says. "So you don't know who your adversary is going to be, who's going to understand psychology in some nuanced way, who's going to understand how to put some technological pieces together, using AI, and build some really wild shit."