Top Cyber Threats: Week of June 16, 2025

1. Meta Sues CrushAI for Sexualized Deepfakes

Meta has filed a lawsuit in Hong Kong against Joy Timeline HK Limited, the company behind the AI-powered app CrushAI, after discovering that the app repeatedly evaded Meta’s advertising rules on Facebook and Instagram. CrushAI creates nonconsensual “nudify” deepfakes by removing clothes from photos using artificial intelligence. Despite numerous violations, including more than 87,000 ads found in early 2025, the company cleverly circumvented Meta’s filters by using benign imagery. The lawsuit aims to stop future ads and represents a broader step by Meta to clamp down on exploitative AI tools using nonconsensual imagery.

2. France Goes to War with Pornhub

Pornhub and its parent company Aylo have suspended access in France after failing to meet new age‑verification requirements imposed by regulators, marking a significant shift in how adult sites handle user safety. The takedown, effective since June 7, 2025, follows Aylo’s refusal to implement on‑device verification methods such as ID scans or credit card checks citing privacy concerns. The move underscores the growing tension between regulatory demands for protecting minors and platforms’ efforts to protect user data.

3. Massive Credential Leak from Social & Gaming Platforms

A staggering 184 million account credentials, including plaintext usernames and passwords tied to Google, Apple, Microsoft, Facebook, Instagram, Snapchat, banking platforms, and government portals, were found in an unsecured, publicly accessible database discovered by cybersecurity researcher Jeremiah Fowler in early May 2025. The massive trove, described as a “cybercriminal’s dream,” appears to have been compiled using infostealer malware and was promptly taken offline; however, the sheer scope of exposed data dramatically heightens risks for credential reuse, identity theft, fraud, and unauthorized access. 

4. The Largest Breach Ever

A massive data leak totaling approximately 4 billion user records, around 631 GB, was uncovered in early June 2025, marking one of the largest-ever exposures of personal data. Discovered in an unsecured and publicly accessible database, the trove primarily contained Chinese user information, including names, birthdates, phone numbers, financial details (such as bank card numbers and debt data), and platform-specific records like over 805 million WeChat entries. Researchers warn it may have been curated for surveillance, profiling, or user behavior tracking, and note the lingering risks of identity theft, fraud, blackmail, and disinformation campaigns despite the database being taken offline.

5. 9 Million Americans Affected by Debt Collector Breach

Virginia-based debt collection agency Credit Control Corporation (CCC) has reportedly suffered a major data breach affecting approximately 9.1 million Americans, including their full names, phone numbers, demographic details, property data, mortgage information, and loan types. Cybernews verified a data sample posted by hackers on a dark web forum and warned the exposed information could facilitate targeted financial scams and identity theft schemes .