February 2026 stripped back the surface of several technologies we have come to accept as routine – and what lay underneath was not reassuring. Here’s what happened this month:
This Month at a Glance
⬇ 8.7 Billion Chinese Records Exposed in Global Mega-Leak: An unprotected Elasticsearch database containing national IDs, plaintext passwords, and social media identifiers sat open for over three weeks, in what researchers describe as one of the largest data exposures in recorded history.
⬇ Age Verification’s Hidden Side: Persona Links Biometric Checks to Federal Surveillance: Researchers found that the identity verification service used by ChatGPT, Discord, LinkedIn, and Roblox runs 269 checks per user, screens faces against intelligence watchlists, and files reports directly to US financial intelligence agencies – all behind the guise of age verification.
⬆ Scrutiny Works: Discord Drops Persona After Privacy Community Response: Following the public exposure of Persona’s surveillance capabilities, Discord announced it would not proceed with Persona for age verification – a rare and swift example of corporate accountability driven by independent researcher pressure.
⬇ Germany’s CDU Proposes Real-Name Mandate for All Social Media Users: Germany’s governing party debated a “Klarnamenpflicht” at its federal congress – a legal requirement for all social media users to register with verified real-world identities, drawing fierce opposition from digital rights advocates across Europe.
⬇ Microsoft Gives the FBI Your BitLocker Keys: Microsoft hands over cloud-stored BitLocker encryption keys to the FBI on court order around twenty times per year – a fact most users never knew when they chose the “convenient” cloud backup option.
⬇ AI Coding Assistants Secretly Sending Your Code to China: Two AI coding extensions used by 1.5 million developers were found to be surreptitiously transmitting every piece of code they processed to servers in China.
⬇ ChatGPT Is About to Serve You Ads – And They Will Know You Better Than Any Previous Ad: OpenAI announced plans to test advertising in the free version of ChatGPT, opening a front in a new and far more persuasive form of targeted advertising than anything social media has deployed before.
⬇ US Immigration Forms Now Demand Social Media History: New USCIS rules require over three million immigration applicants to disclose five years of social media handles across all major platforms – a requirement that extends to US citizen spouses, parents, and children in some cases.
⬆ iPhone Lockdown Mode Stops FBI Cold on Washington Post Reporter’s Device: Court records confirm that the FBI’s forensic team could not extract data from a journalist’s iPhone because it had Lockdown Mode enabled – rare, documented proof of a consumer privacy tool working exactly as intended.
⬇ DeepSeek, Moonshot, and MiniMax Ran 24,000 Fake Accounts to Extract Claude’s Capabilities: Anthropic publicly accused three Chinese AI laboratories of running coordinated distillation attacks against Claude – generating over 16 million exchanges through fraudulent accounts to syphon reasoning, coding, and tool-use capabilities without authorisation.
8.7 Billion Chinese Records Exposed in Global Mega-Leak
On 1 January 2026, security researcher Bob Diachenko and the Cybernews team discovered an unprotected Elasticsearch database containing 8.73 billion records linked to Chinese citizens and businesses. The cluster housed 163 indices – phone-centric, identity-centric, and account-centric – sitting open on bulletproof hosting infrastructure. It remained accessible for over three weeks before closing on 26 January, giving automated scrapers ample time to copy its contents. No owner was identified; researchers believe the structure points to a data broker operating outside any lawful framework.
The exposed data included full names, mobile numbers, home addresses, national ID numbers, plaintext passwords, social media identifiers, and dates of birth. That combination – national identification alongside authentication credentials – creates severe risk of identity theft at a scale that is hard to overstate. For comparison, the 2024 “mother of all breaches” contained 26 billion compiled records across multiple datasets; this single exposure at 8.73 billion ranks among the largest ever observed from one source.
To limit your exposure, check all your email addresses on HaveIBeenPwned, particularly if you have accounts on Chinese platforms. Change passwords where you reuse credentials, use a dedicated password manager, and enable multifactor authentication on email, banking, and social media. Be alert for personalised phishing: data of this quality enables convincing attacks that can arrive months after the original exposure.
Read more: Massive Chinese data breach allegedly spills 8.7 billion records – here’s what we know (TechRadar)
Continue reading: 8.7 billion records spilled: Inside the massive Chinese data leak (Cybernews)
Age Verification’s Hidden Side: Persona Links Biometric Checks to Federal Surveillance
On 16 February, researchers publishing as vmfunc revealed that Persona – the identity verification startup used by ChatGPT, Discord, LinkedIn, Roblox, Reddit, and Character.AI – had left 53 megabytes of its government-facing dashboard code publicly accessible on a FedRAMP-authorised server. The exposure required no breach: a misconfigured Vite development build had been deployed to production, leaving 2,456 files open to anyone with a browser. The researchers had originally set out to find a workaround to Discord’s age verification system, not realising they were about to expose one of the year’s most significant surveillance revelations.
What the code revealed went far beyond a simple age check. Persona runs 269 distinct verification checks per user, compares selfies against watchlist databases, screens individuals across 14 categories of adverse media, and files Suspicious Activity Reports directly with FinCEN and its Canadian equivalent FINTRAC. Intelligence programme codenames, including Project SHADOW and Project LEGION, appeared in the files. Biometric data is retained for up to three years – directly contradicting OpenAI’s publicly stated one-year retention policy.
To protect yourself, approach any platform that asks you to scan your face or upload a government ID with real caution. Ask whether biometric verification is genuinely required, and prefer platforms that use on-device verification where data is processed locally. If you have already submitted biometric data to any of the named platforms, be aware it may be retained longer than stated and processed by government-linked infrastructure.
Read more: Persona leak links age verification and federal surveillance (Cybernews)
Continue reading: Age verification vendor Persona left frontend exposed, researchers say (Malwarebytes)
Scrutiny Works: Discord Drops Persona After Privacy Community Response
Discord announced on 20 February that it would not proceed with Persona for its global age verification rollout – a decision that came almost simultaneously with the researchers’ findings on Persona’s surveillance capabilities. Discord had been testing Persona in the UK and some international markets, with communities already announcing moves to other platforms. The company stated it had launched an internal review and strengthened safeguards around its verification infrastructure.
The reversal demonstrates that independent security research can produce rapid corporate responses even without regulatory backing and removes a vendor with documented federal surveillance connections from a platform used by hundreds of millions of people. Discord’s replacement partner, k-ID, uses on-device verification where biometric data is processed locally and never transmitted to a third party. Platforms still using Persona – Reddit, Roblox, and Character.AI among them – are now on notice that scrutiny of their identity vendor choices is coming.
Continue reading: Hackers Expose Age-Verification Software Powering Surveillance Web (The Rage)
Germany’s CDU Proposes Real-Name Mandate for All Social Media Users
At the CDU’s federal party congress in Stuttgart on 20–21 February, the Schleswig-Holstein branch tabled a motion calling for a “Klarnamenpflicht” – a legal obligation requiring all social media users to register with verified real-world identities. Championed by Minister President Daniel Günther, the proposal is paired with a push for mandatory government ID checks before any platform registration.
The European Commission has already warned that national platform obligations going beyond the Digital Services Act are a “clear no-go” – so even if the CDU motion passes internally, its path to law is uncertain. Critics argue that mandatory real-name registration would expose activists, whistleblowers, LGBTQIA+ individuals, and domestic abuse survivors to serious harm. China’s real-name system has been used extensively to identify and silence government critics – a precedent European digital rights groups have been quick to raise.
This remains a proposal, not law. Even so, it is worth reviewing your pseudonymous accounts while they remain available and ensuring public commentary does not link to your real identity. Support organisations such as EDRi, noyb, and the EFF that are working to preserve anonymity rights in Europe.
Read more: Germany’s CDU Pushes Real-Name Social Media Mandate and ID Checks (Reclaim The Net)
Microsoft Gives the FBI Your BitLocker Keys
A Forbes report confirmed this month that Microsoft hands over users’ BitLocker recovery keys to the FBI on court order approximately twenty times per year. BitLocker is Windows’ built-in disk encryption tool, and Microsoft encourages users to back up their recovery key to the cloud for convenience. What is not prominently communicated is that a cloud-stored key is one Microsoft can hand to law enforcement on demand.
As Bruce Schneier noted in his February Crypto-Gram, this illustrates a broader pattern: convenient defaults in consumer software routinely erode protections that users believe they have. The same backup that saves you from being locked out of your own machine creates a copy subject to legal orders you will never see.
To protect yourself, check whether your BitLocker key is in Microsoft’s cloud at account.microsoft.com/devices/recoverykey. If it is, save it to a local USB drive or printed document and delete the cloud copy. For high-sensitivity environments, keep the key entirely offline and never with any provider subject to legal orders.
Learn more: Microsoft is Giving the FBI BitLocker Keys (Schneier on Security)
Continue reading: Microsoft Gave FBI Keys to Unlock BitLocker Encrypted Data (Forbes)
AI Coding Assistants Secretly Sending Your Code to China
A report by Koi Security revealed that two AI coding assistant browser extensions, used by 1.5 million developers, were silently transmitting every piece of code they processed to servers in China. The extensions marketed themselves as productivity and code-completion tools; researchers uncovered the exfiltration by analysing their network traffic. Source code, embedded credentials, API keys, and business logic were all being routed to Chinese infrastructure without disclosure.
The incident fits a pattern documented multiple times, most notably the Urban VPN case from December 2025, where a Chrome extension harvested AI conversations from eight million users. What makes this case especially dangerous is the sensitivity of the data. For developers working on regulated products in healthcare, finance, or critical infrastructure, the legal and competitive implications are severe.
To mitigate risks, audit all AI-powered browser extensions immediately and remove any you cannot verify through published, audited source code. Keep extensions to a minimum, and for professional work run AI coding tools through official auditable APIs rather than browser plugins. Enforce a policy that proprietary code never enters any third-party AI tool without a fully audited data processing agreement.
Read more: AI Coding Assistants Secretly Copying All Code to China (Schneier on Security)
Continue reading: MaliciousCorgi: The AI Extensions Leaking Code from 1.5 Million Developers (Koi Security)
ChatGPT Is About to Serve You Ads – And It Will Know You Better Than Any Previous Ad System
On 16 January 2026, OpenAI announced it would begin testing advertising in the free version of ChatGPT – confirming a direction Bruce Schneier and Nathan E. Sanders had mapped in a piece for The Conversation. They are not alone: Perplexity, Microsoft Copilot, Google’s AI Mode, and Amazon’s Rufus chatbot all now carry ads. The AI advertising era has arrived.
What makes this qualitatively different from a banner ad is the nature of the engagement. AI advertising sits inside a conversation where the system knows your specific question, context, and far more about your life than any search query reveals. Research shows AI models are at least as persuasive as humans at shifting behaviour. When the model recommending a hotel or medication has an undisclosed commercial arrangement with that provider, the potential for manipulation is unlike anything advertising has previously achieved.
To limit your exposure, treat AI product recommendations with the same scepticism you would give a sponsored search result. For sensitive decisions around health, finance, or legal matters, verify AI-generated guidance with independent sources. Paid tiers of AI services are more likely to be subscription-funded, though that is no guarantee – check the terms of any AI tool your team uses.
Continue reading: Could ChatGPT Convince You to Buy Something? (Schneier on Security)
Learn more: The threat of manipulation looms as AI companies gear up to sell ads (The Conversation)
US Immigration Forms Now Demand Social Media History
New 2026 USCIS rules require over three million immigration applicants – including those applying for work authorisation, green cards, and citizenship – to submit five years of social media handles across Facebook, X, Instagram, TikTok, YouTube, WhatsApp, Telegram, and GroupMe. In some cases, applicants must also hand over the handles of US citizen spouses, parents, and children who have never applied for anything themselves.
The stated purpose is screening for “hostile attitudes,” “hateful ideology,” “antisemitic activity,” and “anti-Americanism” – all undefined terms. The Brennan Center for Justice and 41 other organisations opposed the rule, arguing no evidence supports social media screening as a security tool and that it will chill free speech for millions. The administration has already prosecuted First Amendment-protected speech, making the risks immediate and tangible.
To protect yourself, anyone in the US immigration system should audit their public social media and remove or clarify content that could be misread. US citizens whose handles may be collected as part of a family member’s case should know their accounts are subject to government review. Consult an immigration attorney if you have concerns about your account history before submitting any forms.
Read more: Trump Administration Will Collect Social Media Handles from Legal Immigrants and U.S. Citizens (Brennan Center for Justice)
iPhone Lockdown Mode Stops FBI Cold on Washington Post Reporter’s Device
Court records reported by 404Media this month delivered something rare: documented proof that a consumer security tool worked exactly as intended against exactly the adversary it was designed to resist. The FBI raided Washington Post reporter Hannah Natanson’s home in January as part of a leak investigation. Forensic examiners from the FBI’s Computer Analysis Response Team could not extract any data from her iPhone because it had Lockdown Mode enabled. The court record states plainly: “Because the iPhone was in Lockdown mode, CART could not extract that device.”
Lockdown Mode is an opt-in feature Apple introduced in iOS 16, designed to protect journalists, activists, and high-risk users against sophisticated attacks. It restricts the device’s attack surface significantly: disabling most message attachment types, blocking wired connections when locked, and turning off link previews. This is one of the first publicly documented cases confirming it successfully resisted professional forensic tools in a live legal proceeding.
To take advantage of this, if you work in journalism, activism, or any context where your communications could be of interest to hostile actors, enable Lockdown Mode now: Settings → Privacy & Security → Lockdown Mode. The feature limits some functionality, but for those who need it, this court record confirms it is worth every inconvenience. Android users should look into Google’s Advanced Protection Programme.
Read more: iPhone Lockdown Mode Protects Washington Post Reporter (Schneier on Security)
Continue reading: FBI Couldn’t Get Into WaPo Reporter’s iPhone Because It Had Lockdown Mode Enabled (404Media)
DeepSeek, Moonshot, and MiniMax Ran 24,000 Fake Accounts to Extract Claude’s Capabilities
On 24 February, Anthropic published detailed evidence that three Chinese AI laboratories – DeepSeek, Moonshot AI, and MiniMax – ran coordinated distillation attacks against its Claude models. The three labs created approximately 24,000 fraudulent accounts and generated more than 16 million exchanges with Claude, in violation of Anthropic’s terms of service and regional access restrictions. Distillation is a legitimate training technique when applied to a lab’s own models; what Anthropic describes is competitors posing as ordinary users, bombarding Claude with crafted prompts, and feeding the outputs into their own training pipelines.
The campaigns differed in scale and focus. DeepSeek ran over 150,000 exchanges to harvest chain-of-thought reasoning data and generate censorship-safe alternatives to politically sensitive queries. Moonshot AI ran 3.4 million exchanges targeting agentic reasoning and coding, with later phases attempting to reconstruct Claude’s reasoning traces – Anthropic traced the accounts to named senior staff. MiniMax was the heaviest user at 13 million exchanges, redirecting nearly half its traffic to the latest Claude model on launch day. None of the three companies had publicly responded at the time of writing. Similar allegations were made by OpenAI and Google in the same period, suggesting distillation has become a flashpoint in the US–China AI race.
To protect yourself, this story matters beyond the competitive framing. Anthropic warned that illicitly distilled models are unlikely to retain the safety guardrails that prevent misuse for cyberattacks or weapons development. Apply the same scrutiny to AI tools from less transparent providers that you would to any opaque software: ask what data you share, what the tool does with it, and whether the developer has committed to verifiable safety standards.
Read more: Detecting and Preventing Distillation Attacks (Anthropic)
Continue reading: Anthropic accuses Chinese AI labs of mining Claude as US debates AI chip exports (TechCrunch)
Recommended Reading
- Crypto-Gram February 15, 2026 (Schneier on Security)
- The Watchers: Persona Source Code Leak Exposes Surveillance Network (Secure)
- China Megaleak Exposes 8.7 Billion Records (Information Age | Australian Computer Society)
- List of Recent Data Breaches in 2026 (Bright Defense)
- Cybersecurity & Privacy News and Analysis (Law360)
- Introducing Settings and Major Improvements to the Mailfence Mobile App! (Mailfence Blog)
- Enterprise Email Security: Best Practices for 2026 (Mailfence Blog)
That’s All for This Month’s Newsletter!
February 2026 confirmed what many have long suspected: the technologies we rely on daily often do far more than they advertise. Age verification turns out to be a federal surveillance pipeline. Cloud key backup means the FBI can unlock your drive. AI coding tools can ship your proprietary work abroad. And three Chinese labs spent months quietly extracting the capabilities of one of the world’s leading AI models through fake accounts. Amid it all, Discord’s rapid response after the Persona exposure showed that public pressure still works. Stay informed, ask hard questions of the services you use, and choose providers willing to be held to account. Thank you for reading, and we look forward to keeping you informed in March.
Best,
Patrick
Get the latest privacy news in your inbox
Sign up to the Mailfence Newsletter.
