A gift card tip for you this Christmas

The story of high-profile developer Paris Buttfield-Addison, whose account—containing 30 years of data and $30,000 in hardware—was "nuked" by automated fraud systems after he tried to redeem a $500 card purchased at a major retailer, went viral before being resolved by Apple Executive Relations on December 18. The week also saw a massive data breach at 700Credit exposing 5.6 million people and a critical 16-terabyte unsecured database leak containing 4.3 billion professional records, underscoring a period of heightened risk for digital identity and financial security.

AuthorAuthorAuthor

Daniel Masterson, Ai Courtrie Buson & Bard Gee
December 19, 2025

for the week December 14, 2025, 102nd edition

Your quick weekend update and reminder.
☝️ TWA
let me in kid GIF by Real Food RN

Gift card scams have become a sophisticated threat, not just to your wallet but to your entire digital life. Recent reports in late 2025 have highlighted "Account Nuking," where redeeming even a legitimately purchased but tampered gift card can cause Apple to permanently lock your Apple Account (formerly Apple ID), cutting off access to photos, emails, and paid apps.

🤷‍♀️ What now?: Avoid "Cycled" Cards: If you scratch the back and the code is already visible or looks like it has a sticker over it, do not attempt to redeem it. Take it back to the retailer immediately. Heighten your overall awareness.

This is an advertisement.

This is an advertisement.

This is an advertisement.

about this edition and Inside Hexagon

This week’s cybersecurity news is not so much the breach but how things were breached internally (!!) and what we call in the newsroom as “Christmas scams.” Be extra vigilant this holiday. Scams come in all sorts of packages.

The new year is just around the corner and we have started rolling out new for you. Be sure to check out our website hexagoncenter.org and get people you know and love to subscribe to HX Weekly.

This is an advertisement.

HOUSEKEEPING

Glossary/Legend:

  • Password spraying - A type of cyberattack where a malicious actor attempts to gain unauthorized access to multiple user accounts by trying a few common or weak passwords (e.g., "Password123", "QWERTY") across many different usernames. This "low and slow" method is designed to avoid detection and account lockouts that would typically occur with a traditional brute-force attack on a single account. 

  • Liar's dividend - a phenomenon where the proliferation of fake content, such as AI-generated deepfakes, makes it easier for people to dismiss genuine information as false. This allows individuals, especially public figures, to escape scrutiny by claiming that real incriminating evidence, like a video of them, is a fake. The "dividend" is the benefit this gives to the liar, as the public's mistrust of all content undermines the value of truthful, verifiable information.

  • Holistic security - a comprehensive strategy that integrates various protection layers—physical, digital, psycho-social, and organizational—to safeguard individuals, communities, or systems, recognizing that true security involves overall well-being, not just isolated technical defenses.

  • Personal Identifier - A unique word or phrase shared exclusively with an individual or a group, serving as a means of identification and affirmation within the established relationship. It is recommended that 2 or more Personal Identifiers be established per person.

  • MFA (Multi-factor authentication or 2FA or 2-Factor Authentication) - a multi-step or 2-step account login process that requires users to enter more information than just one.

  • Malware (short for malicious software) - refers to any intrusive software developed by cybercriminals (often called hackers) to steal data and damage or destroy computers and computer systems.

  • Ransomware - A type of malware that locks or encrypts a victim's files and demands a ransom payment to unlock and decrypt them. Ransomware can infect a variety of devices, including computers, smartphones, printers, and more.

Spread cybersecurity culture

Do you have any suggestions on how we can further share this newsletter? Tell your friends and family about us by sharing with them the Hexagon Center official website:
View archives at hxweekly.beehiiv.com

Even though we aim to provide you the most current and critical information to keep you safe, threat actors work 24/7 and this newsletter publishes only once a week. Even though we are available via a hotline, it is crucial that you stay up to date via other sources as well to be informed on how you may be at risk.

You may reply to this newsletter or email us at
[email protected]

Send us any questions or things you want to talk about. Please share some fun facts with us. We welcome feedback and suggestions.

Hexagon Center is formed as a nonprofit corporation in California for public benefit,
and is tax-exempt under section 501(c)(3) of the Internal Revenue Code.

DISCLAIMER

Cybersecurity is an ever-changing field, and threats may evolve. While Hexagon Center strives to provide accurate and timely information, we cannot guarantee absolute security. Users are responsible for implementing their security measures and staying informed about the latest cybersecurity developments. Hexagon Center is not responsible for any cyber or scam attacks by our readers. HX Weekly tips are advice are not official positions of Hexagon Center nor is Hexagon Center responsible for its content.

Content of this newsletter is not an official representation of Hexagon Center.

Reply

or to participate.