**This Week in Cybersecurity: 40 PS5s Stolen, 149 Million Passwords Leaked, and $68M Worth of 'Oops, We Were Listening'**

The world of cybersecurity is often plagued by threats from malicious hackers, ransomware attacks, and vulnerabilities in popular software. However, one of the most effective ways to breach an organization's security remains the simplest: social engineering. A group of hackers recently employed this tactic on a Best Buy employee, tricking him into handing over 40 PlayStation 5 consoles worth over $40,000.

The hack also highlights the importance of password security. Earlier in the week, it was reported that a massive database containing over 149 million stolen passwords had surfaced online. These credentials included access to popular platforms such as Gmail and Instagram, as well as more sensitive information like banking and credit card logins. Notably, 1.4 million of these accounts belonged to .edu email addresses.

The researcher who discovered the database, Jeremiah Fowler, couldn't determine whether the passwords were obtained by hackers or another security researcher. After a month of persistent inquiry, the company hosting the database removed it from its servers.

**WinRAR Vulnerability Continues to Pose Threat**

If you're among the millions who use WinRAR software on their computers, be aware that a vulnerability identified months ago still hasn't been fully addressed. This issue can put your system at risk due to the lack of auto-update capabilities in the software.

**Google Assistant Settlement: $68M for Eavesdropping Allegations**

If you're one of the millions who use Google Assistant on their smartphones or smart home devices, keep a close eye on your email inbox. The tech giant has agreed to pay $68 million to settle claims that its AI-powered assistant has been recording user conversations even when trigger phrases like "Hey, Google" or "OK, Google" weren't spoken.

**Why Changing Your Passwords Frequently is Actually a Bad Idea**

In our recent article, we highlighted why frequent password changes can actually undermine your security. Instead of changing passwords too often, it's recommended to use strong, unique passwords and avoid reusing them across multiple platforms.

**Browser- Stored Credit Card Information: A Recipe for Disaster?**

We also explored the risks associated with storing credit card information on browsers or random websites. This practice can expose sensitive financial data to potential security breaches, making it a practice that should be avoided at all costs.

**TikTok's New Privacy Policy and What It Means for Users**

The acquisition of TikTok by a joint US/UAE venture has led to changes in the platform's privacy policy. This update allows the new company to collect more data from users' posts, raising concerns about user data protection.

**Existential Dread: Why Companies Make it Easy to Open Accounts but Hard to Close Them**

In an eye-opening piece, senior writer Kim Key shares her experience trying to close a hotel rewards account she opened over 13 years ago. She highlights the difficulties that individuals face when attempting to cancel their accounts and the motivations behind these challenges.

**Microsoft Illegally Installed Cookies on Schoolkid’s Tech, Data Protection Ruling Finds**

In related news, an Austrian court has found Microsoft guilty of violating students' privacy by using tracking cookies in its Microsoft 365 Education platform. This ruling may have broader implications for the company's data collection practices within the EU.

**Malicious ChatGPT Extensions Discovered**

Researchers at LayerX Security have discovered a group of 16 malicious browser extensions designed to steal ChatGPT accounts. These extensions were marketed as tools to enhance the AI platform's functionality, but in reality, they posed a significant threat to users' data security.