National Amusements, CBS and Paramount’s parent company, reported a year-old hack this month affecting 82,128 people. TechCrunch first covered the breach, revealed in a company legal filing with Maine’s Attorney General under a 2005 state digital privacy law. National Amusements hasn’t commented publicly on the intrusion outside of the legal filing, and it isn’t clear if customer (or “only” employee) data was stolen.

Maine’s data breach notification says the hack occurred over a year ago, from December 13 to 15, 2022. It states 82,128 people were affected, 64 of whom were Maine residents. National Amusements’ senior vice president of human resources filed the notice, which may suggest (but not confirm) that it revolved largely or entirely around internal employee data. The filing says the company began notifying customers in writing on December 22, 2023 — 372 days after the breach.

“On or about December 15, 2022, National Amusements became aware of suspicious activity in our computer network,” the notification letter to victims reads. “We immediately took steps to secure our network and minimize any disruption to our operations.”

However, that last sentence contains an inconsistency, as the notice posted by Maine’s Attorney General’s office lists the “date breach discovered” as August 23, 2023. That suggests the company didn’t know about the intrusion until eight months after the incident, hardly qualifying as “immediately” taking steps.

The filing says hackers accessed financial information, including “account number or credit/debit card number (in combination with security code, access code, password or PIN for the account).” National Amusements wrote in Maine’s notice that it’s offering victims 12 months of Experian credit monitoring and identity theft services to customers whose social security numbers were taken.

Engadget contacted National Amusements for confirmation or additional info. We will update this article if we hear back.

National Amusements gained a controlling stake in Paramount and CBS in 2019 following the Viacom-CBS merger. This hack appears separate from one Paramount disclosed in August through Massachusetts’ Attorney General’s Office. The company listed that breach’s date as “between May and June 2023.”

The Humane AI Pin is expected to start shipping in March. On Friday, the company posted on X (Twitter) that “those who placed priority orders will receive their Ai Pins first when we begin shipping in March.” The company had previously given an “early 2024” estimate for the screen-less wearable device designed to replace a smartphone.

Humane, founded by former Apple employees Bethany Bongiorno and Imran Chaudhri, views the smartphone (still their ex-employer’s bread and butter) as on its last legs. “The last era has plateaued,” TechCrunch reported Chaudhri as saying in a November press briefing. He views the AI-powered wearable product as “a new way of thinking, a new sense of opportunity.”

The $699 Humane AI Pin doesn’t have a screen; instead, it relies on voice cues and a projector that beams relevant info onto the user’s hand. The founders flaunt the device’s privacy focus combined with contextual intelligence, promising it “quickly understands what you need, connecting you to the right AI experience or service instantly.” Partnerships with OpenAI, Microsoft and Tidal provide what the company calls “access to some of the world’s most powerful AI models and platforms.”

The pin runs on a quad-core Snapdragon processor with a dedicated Qualcomm AI Engine powering its Cosmos OS software. It ships in three color options, two of which add an extra $100 to its price. Buyers must pay $24 monthly to access the pin’s cellular data, built as an MVNO (mobile virtual network operator) on top of T-Mobile’s network.

In addition to providing the March shipping date, Humane says the remaining orders will continue to roll out in the order they were received. Engadget emailed the company to ask when it expects current orders to go out, and we’ll update this article if it responds.

The Humane AI Pin is available to pre-order now from Humane’s website. The Eclipse (matte black on black) costs $699, while Lunar (polished chrome on white) and Equinox (polished chrome on black) colorways will set you back $799.

Insomniac Games has weighed in publicly for the first time since hackers leaked over 1.3 million of the publisher’s private files. The studio posted on X (Twitter) that it’s “saddened and angered” by the cyberattack, describing the internal aftermath as “extremely distressing.” Insomniac indirectly alluded to the publication of gameplay footage from an upcoming Wolverine game, assuring fans that “Marvel’s Wolverine continues as planned.”

The publisher began by thanking supportive fans, many of whom rallied around the hacking victim in the thread’s comments, before relaying the burden the cyberattack inflicted on its employees. “We’re both saddened and angered about the recent criminal cyberattack on our studio and the emotional toll it’s taken on our dev team,” the studio wrote. “We have focused inwardly for the last several days to support each other.”

Insomniac acknowledged some of the stolen content currently making the rounds on social media and the dark web. “We are aware that the stolen data includes personal information belonging to our employees, former employees, and independent contractors,” it posted. “It also includes early development details about Marvel’s Wolverine for PlayStation 5. We continue working quickly to determine what data was impacted.”

The Rhysida ransomware group took credit for the attack, claiming to have infiltrated Insomniac within 20 to 25 minutes, according to the group’s statement to cyberdaily.au. The hackers threatened to publish the stolen content if Insomniac, Sony or anyone else refused to pay its $2 million ransom. The group suggested that some data was sold, and the public dump allegedly comprised 98 percent of the complete set.

In addition to the Wolverine gameplay, the leak included files from Marvel’s Spider-Man 2, internal HR documents (including I-9 employment forms and termination docs), screenshots from Insomniac’s Slack channels and the contents of several employees’ PCs.

“This experience has been extremely distressing for us,” Insomniac wrote. “We want everyone to enjoy the games we develop as intended and as our players deserve.”

Insomniac alluded to its leaked protagonist to signal durability. “Like Logan...Insomniac is resilient,” the publisher posted. “Marvel’s Wolverine continues as planned. The game is in early production and will no doubt greatly evolve throughout development, as do all our plans.”

A London judge has sentenced the teenage hacker who infiltrated Rockstar Games, leaking Grand Theft Auto VI footage, to an indefinite hospitalization, as reported by The BBC. The 18-year-old, Arion Kurtaj, breached Rockstar’s servers from a Travelodge hotel while under police custody, using only an Amazon Fire TV Stick, smartphone, keyboard and mouse. (He was promptly re-arrested.) Kurtaj was a central member of the Lasus$ international hacking group.

Doctors declared Kurtaj unfit to stand trial because he has acute autism. Following the judgment, the jury was instructed to determine if he committed the alleged crimes, not whether he had criminal intent. Following a mental health assessment suggesting he “continued to express the intent to return to cybercrime,” the judge decided he remained too high a risk to the public. The court also heard accounts of Kurtaj’s allegedly violent behavior while in custody, including reports of injury and property damage.

Despite Rockstar's claim that the hack cost it $5 million and thousands of hours of staff time, Kurtaj’s attorneys argued the success of the GTA 6 trailer, which racked up 128 million views in its first four days, meant his hack didn’t cause serious harm.

A second Lapsus$ member was found guilty in the same trial, but the 17-year-old’s name wasn’t made public because they’re a minor. The unnamed hacker was accused of working with Kurtaj and other Lapsus$ members to infiltrate Nvidia and phone company BT/EE, stealing data and demanding a $4 million ransom. The minor was sentenced to an 18-month youth rehabilitation order under “intense supervision,” including a ban on VPN use.

The two accomplices are the first Lapsus$ members to be convicted. Authorities believe other “digital bandits” in the group (suspected to be primarily teenagers in the UK and Brazil) are still at large. It isn’t clear what kind of payoff the hackers got from the ransom requests, if any, as none of the affected companies have admitted to ponying up.

Google Chrome is getting new security and performance features. The web browser’s latest version (M12) upgrades Safety Check and Memory Saver while adding the ability to save tab groups.

Safety Check is Chrome’s security hub that checks for updates and compromised passwords and displays whether Safe Browsing is turned on. With the browser’s latest version, Safety Check becomes more proactive, running automatically in the background. “You’ll get proactively alerted if passwords saved in Chrome have been compromised, any of your extensions are potentially harmful, you’re not using the latest version of Chrome, or site permissions need your attention,” Chrome Group Product Manager Sabine Borsay wrote in an announcement post. The feature will provide alerts at the top of Chrome’s three-dot menu.

Safety Check can also now revoke sites’ permissions to access things like location, microphone or camera if you haven’t visited them in a while. In addition, it highlights when sites you rarely engage with spam you with notifications, suggesting you turn them off.

Google

Memory Saver mode, introduced in 2022 and rolled out to everyone early this year, frees memory from open tabs you aren’t using. When you hover over one while in Memory Saver mode, the tool shows more detail about the active tab’s usage. This includes how much memory you could potentially save by making it inactive.

Google says it’s also now easier to specify sites you want Memory Saver always to keep active. After installing the update, you can check out the new options in the Performance section of Chrome’s settings.

Google

Finally, Chrome will soon let you save tab groups. For example, suppose you have a project with 25 opened tabs, but you need to step away or work on something else. Saved tab groups allow you to give them an appropriate name, shut them down and pick them up later where you left off.

Google says Chrome’s security and performance updates will roll out this week. However, saved tab groups will launch “over the next few weeks.”

Amazon will no longer sell donkey-skin gelatin to California residents. A report published Wednesday by Wired states the online retailer settled with a nonprofit that filed a complaint, alleging the products violated state animal welfare laws protecting horses. Amazon denied any wrongdoing and disputed the allegations. Still, it agreed to block sales of ejiao, a traditional Chinese medicine made from donkey hide, in the Golden State.

The Center for Contemporary Equine Studies, an organization devoted to protecting horses, filed the complaint in February. It accused Amazon of violating California’s Prohibition of Horse Slaughter and Sale of Horsemeat for Human Consumption Act. The nonprofit argued donkey products should be classified as horsemeat based on the law’s language.

Ejiao is a gelatin made from soaked and stewed donkey hides. Devotees believe it treats conditions related to blood circulation, insomnia and dry cough. However, apart from one published study — funded by an ejiao maker — suggesting it can be used successfully to treat anemia, scientific research doesn’t appear to support these claims.

Animal Welfare Institute

According to the Animal Welfare Institute, ejiao’s popularity is annihilating donkey populations. “Donkeys are being stolen, transported long distances without food or water, and killed under inhumane and unsanitary conditions” to fulfill ejiao’s demand, the organization wrote. Meanwhile, a report by the Donkey Sanctuary, an advocacy group, claims workers in Tanzania battered the animals with hammers to meet quotas.

The plaintiff’s attorney believes Amazon’s settlement sets a precedent for other retailers to cease ejiao sales in California. “Amazon doesn’t settle cases it thinks it can win,” Corey Page, an attorney with the firm that represented The Center for Contemporary Equine Studies, told Wired. “This is a signal that if anyone is doing this, they are doing something illegal. If a company like Amazon decides it needs to stop sending products and promoting products that violate California law, then all other retailers should do the same.”

Amazon’s settlement language reportedly agrees to “undertake reasonable best efforts” to enact “internal measures” blocking ejiao products “so that such products will not be available for sale to California addresses.”

Amazon

When I attempted to use an old (but still active, according to USPS) Los Angeles address of mine to buy an ejiao product called “Ass Hide Glue Lumps” (highlighted in a previous Wired report from earlier this year that drew attention to the issue), it thwarted the attempt. “Sorry, this item can’t be shipped to your selected address,” the error message read in red type. “You may either change the shipping address or delete the item from your order.”

If you’re surprised Amazon sold donkey meat in the first place (and still does outside California), consider some other “exotic” meats the retailer offers. These include whole-skinned alligator (only $195!), foie gras (duck or goose liver), kangaroo jerky and boneless snapping turtle meat.

Reuters published an explosive investigative report Wednesday chronicling Tesla's alleged patterns of deliberate neglect and shifting blame onto customers for parts failures. The damning exposé accounts the Elon Musk-led company’s alleged long-running tendency to claim vehicle owners had engaged in “driver abuse,” charging them for repairs over failures caused by parts the company discussed internally as being flawed. The issues are often related to suspension and steering. Externally, Tesla’s portrayal of the problems has ranged from flat-out denial to partial acknowledgment.

Several accounts in the story document Tesla owners who were told their car's issues stemmed from prior damage or driver abuse. In some cases, they had just bought the vehicles:

One of the drivers Reuters interviewed, Shreyansh Jain, suffered a suspension collapse in a 2023 Tesla Model Y he had owned for less than 24 hours. When the automaker told him a lower control arm separating from the steering knuckle caused the failure, he expected Tesla to cover the repairs. A service rep who inspected the car said they found “no evidence of any external damage,” as revealed in a text message. 

About a week later, Tesla sent a letter to Jain, skirting blame and citing “a prior external influenced damage to the front-right suspension” as the cause.

Jain said he was the only person to have driven the car on its first day of ownership, and he hadn’t had an accident before the suspension failed. “I was like, ‘Bloody hell, how can metal just snap like that when I know for sure the car has not hit anything?’” he said to Reuters. Three months later, the repairs were complete, and Jain paid a $1,250 deductible (with his insurance covering the rest). He says his rates then spiked dramatically on another car he owned.

Tesla

Cincinnati surgeon Trace Curry paid $110,000 for a 2016 Tesla Model X. He replaced the SUV’s control arms twice, once covered by warranty and a second time at his expense. After the warranty ran out, Reuters reviewed invoices showing Curry paid around $10,000 for failed suspension and drive-axle parts. Then, in 2018, he replaced the front half shafts (under warranty); he replaced them again (at his own cost) for $1,500.

Reuters’ investigation suggests Tesla knew that many of the parts that required replacing in Curry's Model X — control arms, suspension and front half shafts — had high failure rates.

Andrew Lundeen was driving his wife’s 2018 Model 3 in August when the car’s power steering failed while driving over a speed bump. The Santa Rosa, California, resident told Reuters a Tesla service manager told him a power steering connector had corroded — and attributed it to a car wash, which the employee cited as a known problem.

Lundeed paid $4,400 out of pocket to replace the steering rack and a wiring harness, allegedly thanks to his bold decision to visit a car wash. “This is the only car I’ve ever heard of where a car wash can damage the wiring,” he told the Tesla manager. Lundeed described the employee as saying, “All I can tell you is we’re not a 100-year-old company like GM and Ford. We haven’t worked all the bugs out yet.”

Photo by Roberto Baldwin / Engadget

The investigation also documents Tesla’s can-kicking and inconsistent responses to part recalls in different regions. For example, the company’s engineers identified the aft link, part of the suspension, as having snapped in several incidents while owners drove at low speeds (similar to Jain’s account). A former Tesla employee “with direct knowledge of the matter” told Reuters that between 2016 and 2020, Tesla “resolved” around 400 aft link complaints in China — either through in-warranty repairs or through “goodwill repairs” if they were out-of-warranty.

The Musk-led automaker delayed a recall for four years, only agreeing to one after Chinese regulators applied pressure. The country’s State Administration for Market Regulation described a “risk of accidents” as part of the rationalization.

However, despite global reports of failures, Tesla never recalled the part in the US and Europe. The company told US regulators the problems resulted from “driver abuse.” Reuters also viewed a 2019 “talking points” memo urging service centers to blame “vehicle misuse,” like “hitting a curb or other excessive strong impact,” as the culprit. “Abuse” and “misuse” are conditions in the Musk-led company’s contract, giving the automaker leeway to reject in-warranty repairs for incidents it labels as such.

The National Highway Traffic Safety Administration (NHTSA) has been investigating Tesla since 2020 for the fore link (a suspension part) in Model S and X, and it began looking into power steering failures in the 2023 Model 3 and Model Y in July. Reuters’ nearly 5,000-word report is worth a read, especially if you’re a Tesla owner who has paid for repairs out of pocket. The NHTSA will likely find it an equally compelling read.

Creating stickers from photos is an easily overlooked iPhone feature tucked into iOS 17. Using Apple’s machine learning algorithms that quickly separate a subject from its background, it extracts pictures of you, your friends or pets (or anything else it detects as the picture’s subject), transforming them into digital decals. It even makes animated stickers from Live Photos to slap onto iMessage chats or Markup tools. Here’s how to create your own.

What are iPhone stickers?

In Apple’s ecosystem, stickers are digital versions of their real-world counterparts. They debuted in iOS 10, Apple’s 2016 iPhone operating system, allowing users to place cut-outs of fun images onto iMessage bubbles for more personalized reactions.

Apple

Creating iPhone stickers from photos is new to iOS 17, and so is their location. In older versions of iOS, you had to navigate the iMessage App Store (in the Messages app) and app drawer to find them. In the new software’s more streamlined approach, you only have to tap the plus icon next to a message, choose Stickers and pick the one you want. (More on that below.)

How to create stickers from photos in iOS 17

Here’s how to make custom stickers from your photos on Apple’s latest iPhone software:

1. In the Photos app on your iPhone, choose a picture you want to transform into an iPhone sticker. Tap on the photo to open it in a full-screen view.

2. Touch and hold your finger on the photo’s subject. For example, if it’s a picture of your dog making a derpy face, hold your finger down on the pup until you see an animated effect highlighting the subject. (If it doesn’t work on the first try, do it again.)

3. In the popup menu that appears above the subject, choose “Add Sticker.” If you don’t see that text, tap on the arrow (>) at the right end of the options box until you find it. After tapping “Add Sticker,” the decal will appear below in the same drawer you’ll see in the Messages app.

4. Optionally, hold your finger down on it in the stickers drawer and choose “Add Effect” from the menu. You can give it a standard outline, add a comic style, transform it into a puffy sticker or make it shiny.

5. Tap the X button or swipe down to close the Stickers menu at the bottom of the screen.

How to create stickers from Live Photos in iOS 17

Apple’s Live Photo adds (roughly) three-second video clips captured before and after pressing the shutter button. If you took your source picture as a Live Photo, you can turn it into an animated iPhone sticker through the following steps:

1. Open the iOS Photos app, and tap on the Live Photo you want to turn into an animated sticker. It should now take up your phone’s entire screen.

2. Hold your finger down on the photo’s subject. Wait until you see an animated ripple effect protruding and highlighting the subject. (Try again if it doesn’t catch the first time.)

3. In the menu above the subject, choose “Add Sticker.” If you don’t see that option, tap the right arrow at the end of the menu. After tapping “Add Sticker,” you’ll see the subject appear in a drawer below with your custom stickers.

4. You should see a pop-up menu above the sticker. If you don’t, hold your finger down on the sticker in the list. Choose “Add Effect.” A new screen with effects options will appear.

5. In addition to sticker effect options, you’ll see “Off” on the upper left. Tap that until it changes to “Live.” You now have an animated sticker.

6. Press the X button or swipe down to close the sticker drawer.

How to use custom stickers in iMessage

Apple

Here’s how to use your new photo sticker in the Messages app:

1. In Messages, open a chat thread.

2. Press the + button to the left of the text box.

3. Choose “Stickers.”

4. If you don’t see your custom sticker in the “recently used” menu below, tap the sticker icon (between the 9:00 clock and smiley face icons, above the stickers but below the text box) to find it.

5. If you want to place the sticker in a reply, tap the one you want. Or, if you’re going to include it as a reaction on top of a chat bubble, hold your finger down on the sticker and drag it onto the message to which you want to react.

How to use custom stickers in Markup

You can also add stickers to photos, screenshots, PDFs, email attachments and other documents:

1. Open an image or file you want to add a sticker to. It could be through the Photos app, Files, Mail, Notes or any other app that supports Markup edits.

2. If you’re in Photos, tap “Edit,” then choose the Markup icon (upward-facing pen on the upper right). If you’re in Files or another app where you already see the icon, skip the “Edit” step and only tap the pen symbol.

3. Once you’ve opened the Markup menu, tap the + sign at the far right of the bottom toolbar (next to the color palette and pencil).

4. Tap “Add Sticker.”

5. Choose the custom sticker you just made.

6. It should appear with a blue bounding box atop the original photo or document. Drag the corners to resize, or slide your finger across the screen to move it.

7. Tap outside the bounding box to place the sticker.

8. Tap “Done” to save the changes.

For more on iOS 17, you can catch up on Engadget’s review of Apple’s 2023 iPhone operating system.

Beeper Mini has a new “fix” coming for its broken iMessage on Android integration. However, the new method requires Mac access to send (and intermittently resend) “registration data” from an Apple-made desktop or laptop, calling into question how far users will stick with the app. The company says you’ll see the new functionality in an update to the Beeper Cloud Mac app on Wednesday, December 19.

Beeper’s current method requires identification info (“registration data”) sent from a physical Mac computer to authenticate iMessage connections on Android. The company’s latest plans now shift the Mac onus to users. “We have, up until now, been using our own fleet of Mac servers to provide this,” a Beeper spokesperson wrote in the app’s Reddit community. “Unfortunately, this has proven to be an easy target for Apple because thousands of Beeper users were using the same registration data.”

Beeper Mini launched to much fanfare, promising — and delivering — seamless iMessage chats on Android with only a phone number. However, in what seemed like an inevitable move, Apple squashed the app’s core functionality, forcing the startup to deploy new workarounds as it entered a cat-and-mouse game with the $3 trillion corporation.

Beeper says tomorrow’s update for Beeper Cloud on Mac will generate unique “1:1” registration data for individuals rather than thousands of accounts drawing on the same validation info on Beeper’s servers. The company says the new approach “makes the connection very reliable.” However, the registered Mac will still need to “periodically regenerate” the data after you’ve connected a Mac to Beeper Cloud, so it can’t just be a one-and-done connection to the computer.

If you don’t have a Mac and want to use Beeper Mini, the company says you can ask a friend to use their Apple computer for validation. “In our testing, 10-20 iMessage users can safely use the same registration data,” the company posted. The spokesperson said the update will restore chatting on iMessage with your Apple ID email if you don’t already have a phone number tied to your account.

Steve Jennings via Getty Images

It remains to be seen if Beeper Mini’s users will stick around for the more cumbersome setup. “At this point, I am willing to wait for Apple to come out with RCS support,” Redditor u/OldSalukiBandDude commented, referring to Apple’s promised support for the standard that will bring more iMessage-like features to chats between iPhones and Android handsets. “‘Fix’ is a strong word,” u/PredatorRanger added. “This is more like half-assing a workaround that requires more on the user’s end.”

Others were more open-minded about Beeper’s persistence in the face of Apple’s moves to squash the service. “Ppl are so whiney,” u/Waders411111 wrote. “This is a great bandaid to stop the bleeding and let ppl use beeper as intended.. as a way to integrate all your message apps in one place.” U/bb147 concurred: “Not the most user friendly fix but I am happy to have stable consolidated chats again even if I have to install something on a Mac, at least for now.”

In addition to the new setup method, Beeper says it’s open-sourcing its full iMessage bridge and the Mac code that generates registration data. The company linked to a Github tool that allows users to self-host the bridge, bypassing the company’s servers for those who want extra assurance.

The US Department of Justice says it has disrupted the Blackcat ransomware group. Also called ALPHV or Noberus, the hackers have targeted over 1,000 computer networks and extorted millions of dollars from victims. Bloomberg reports its members were known for speaking Russian. “In disrupting the BlackCat ransomware group, the Justice Department has once again hacked the hackers,” Deputy Attorney General Lisa O. Monaco wrote in a DOJ news release.

The FBI says it developed a decryption tool, which it has used to help over 500 Blackcat victims recover their data — saving more than $68 million in ransom payments. The agency adds that it has “gained visibility into the Blackcat ransomware group’s computer network” and seized several of its websites.

“With a decryption tool provided by the FBI to hundreds of ransomware victims worldwide, businesses and schools were able to reopen, and health care and emergency services were able to come back online,” Monaco wrote. “We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime.”

REUTERS / Reuters

Blackcat’s developers create and update the ransomware software, which “affiliates” deploy in attacks on high-value targets; the developers and attackers then split the profits. Once an affiliate has infiltrated a network, they typically steal sensitive data before encrypting the victim’s system, incapacitating it. They then ask for a ransom. If the victims pay, the hackers say they’ll decrypt the system and abstain from exposing their confidential information. If the targets refuse to pony up, the hackers leave the victims locked out and publish their spicy documents on the dark web.

Blackcat took credit for infiltrating businesses and other US and European organizations. These included hacks on MGM Resorts, Caesars Entertainment, Reddit, US critical infrastructure (government facilities, emergency services, defense industrial base companies, critical manufacturing and healthcare facilities), a large UK hospital group and various attacks across the energy sector.

Its members aren’t afraid to think outside the box, either. Last month, Blackcat affiliates reportedly ratcheted the pressure on a hacked company by snitching to the SEC for not reporting their infiltration.

Although this could only be a fleeting upper hand in a long-running game of cat and mouse, the DOJ warns it’s just getting started. “Criminal actors should be aware that the announcement today is just one part of this ongoing effort,” wrote the DOJ’s Acting Assistant Attorney General Nicole M. Argentieri. “Going forward, we will continue our investigation and pursue those behind Blackcat until they are brought to justice.”