Risky Bulletin: Apex Legends Streamers Hacked Again

Date: January 12, 2026
Host: Amberly Jack (prepared by Catalyn Campanu)
Podcast: Risky Bulletin (Risky Business)

Overview

This episode focuses on recent high-impact cybersecurity incidents from around the world, notably a fresh exploit in “Apex Legends” hitting popular streamers, a massive Instagram user data sale, government interventions on social platforms, ransomware attacks, and newly discovered vulnerabilities in widely used academic and financial systems. The bulletin delivers concise, up-to-date briefings with a rapid-fire delivery of headline breaches, policy moves, and criminal prosecutions.

Key Discussion Points and Insights

1. Apex Legends Streamers Targeted by Exploit

• [00:14] Respawn Entertainment patched an urgent exploit in their game Apex Legends.
• Vulnerability: Attackers could take over in-game characters belonging to players, specifically affecting high-profile streamers.
• Previous Incident: A similar exploit disrupted a major Apex Legends tournament in 2024.
• Quote:
  • “The flaw allowed attackers to take over players’ in-game characters. Last week the exploit was used against several Apex streamers.”

2. 17 Million Instagram Users’ Data for Sale

• [00:36] Malwarebytes reports a threat actor is selling data belonging to over 17 million Instagram users.
  • Data includes: names, phone numbers, emails, and addresses.
  • Data Source: Likely scraped from a Meta API in 2024.
  • Incident coincides with a rise in phishing via fake Instagram password reset emails.
• Quote:
  • “The details appear to have been scraped from one of Meta’s APIs in 2024.”

3. Trans Activists Hack Free Speech Union

• [01:07] The “Bash Back” group breached and defaced the website of the Free Speech Union, a right-wing British nonprofit.
  • Motivation: In protest over claims the organization promotes “transphobia and racism.”
  • Impact: Names of donors leaked online.

4. Ransomware Attack Against Chile Energy Provider

• [01:29] Chilean energy giant COPEC suffered a ransomware attack.
  • Perpetrator: The Anubis ransomware group claimed responsibility.
  • Damage: No disruptions reported to gas station operations.
  • Quote:
    • “The company COPEC confirmed the incident but said the attack did not impact the operations of its gas stations.”

5. Major Crypto Heists

• Truebit Platform Breach [01:49]:
  • Hackers stole $26 million in Ether by exploiting a mathematical bug in a smart contract.
  • Method: Minting unauthorized coins and selling them before discovery.
• Contigo Fintech Attack [02:05]:
  • Losses: Over $340,000 in crypto assets.
  • Company response: Secured systems, began repayments to over 1,000 affected customers, and stopped a second attack.

6. Armenia Court System Data Breached

• [02:33] Hackers accessed and offered for sale over 8 million records from Armenia’s e-civil litigation platform.
  • Government denies claims that the origin was their email server.

7. Ukrainian Hackers Disrupt Russian ISPs

• [02:54] Ukrainian group “BO Team” claims attacks that wiped networks of two Russian ISPs.
  • Affected regions: Crimea and Samara (Simstar and Craft s).
  • Tactics: Routers wiped, causing connectivity loss for several days.

8. Cloudflare Fined for Refusing Piracy Blocks

• [03:22] Italy fines Cloudflare €14 million for its refusal to block piracy sites on its 1.1.1.1 DNS service.
  • Reason: Regulatory demands for a blocklist.
  • Cloudflare’s defense: Implementing would degrade performance.
  • Significance: Fine equals about 1% of Cloudflare’s annual revenue.

9. Passport Recall in Ireland Due to Software Error

• [03:49] Irish government recalls 13,000 passports following a printing error caused by a software update.
  • Issue: Missing the Ireland country code on passports printed between Dec 23-Jan 6.

10. Indonesia Blocks X Over Pornography, AI Misuse Concerns

• [04:08] Indonesian regulators temporarily blocked access to X (formerly Twitter) due to pornographic AI-generated content.
  • Origin: X’s Grok AI feature cited as major source of non-consensual nudes.
  • European and UK regulators also considering actions.

11. Russian IT Director Arrested Over Ransomware

• [04:47] Former IT director at Sotrans, Anton Makhno, arrested for suspected role in a 2025 ransomware attack.
  • Group: Old Gremlins demanded over $4 million in bitcoin.

12. Dutch Man Sentenced for Antwerp Port Malware

• [05:23] Dutch citizen sentenced to 7 years for deploying malware at Belgium’s Antwerp port to facilitate drug smuggling (2020).
  • Discovery: Came to light after authorities seized Sky ECC encrypted messaging in 2021.

13. AI Security – LLM Server Scanning Campaign

• [05:57] Greynoise reports malicious scanning of over 70 misconfigured large language model (LLM) servers since late 2025.

14. Academic Portal Vulnerability Patched

• [06:14] Vulnerability in “Bees Bete”, an academic portal used by 100+ US universities patched.
  • Severity: SQL injection scored 9.8 CVSS.
  • Exploitable: Allowed tampering with grades or data theft.
  • Proof-of-concept exploit code is public.

Notable Quotes & Memorable Moments

• “The flaw allowed attackers to take over players in game characters. Last week the exploit was used against several Apex streamers.”
  — Amberly Jack [00:14]

• “The details appear to have been scraped from one of Meta’s APIs in 2024.”
  — Amberly Jack [00:44]

• “The company COPEC confirmed the incident but said the attack did not impact the operations of its gas stations.”
  — Amberly Jack [01:31]

• (On Grok AI generating non-consensual images:)
  “According to Bloomberg, Grok is now the top source for non consensual AI generated nude images. Rather than disabling, Grok X has put it behind a paywall.”
  — Amberly Jack [04:19]

Timeline & Timestamps for Key Segments

• [00:14] Apex Legends exploit
• [00:36] Instagram data breach
• [01:07] Free Speech Union hack
• [01:29] COPEC ransomware
• [01:49] Truebit crypto heist
• [02:05] Contigo fintech breach
• [02:33] Armenia litigation breach
• [02:54] Ukrainian hacktivist ISPs
• [03:22] Cloudflare piracy fine
• [03:49] Irish passport recall
• [04:08] Indonesia blocks X
• [04:47] Russian ransomware arrest
• [05:23] Antwerp port malware sentencing
• [05:57] LLM/AI server scanning
• [06:14] Academic portal vulnerability

Summary

The episode delivers a rapid roundup of fresh, high-consequence breaches and regulatory moves across gaming, social media, infrastructure, crypto, and academic sectors. The risk landscape in 2026 is shaped by sophisticated exploits (from Apex Legends to NFT platforms), evolving government interventions (content blocking, passport recalls), and the growing security impact of AI and LLM misconfigurations. Each news item provides a clear snapshot, often linking to broader trends in digital security and privacy.

Listeners come away with a timely, global perspective on today’s most urgent cybersecurity incidents.