About five hours into Elon Musk’s testimony, I typed the following sentence into my notes: “I have never been more sympathetic to Sam Altman in my life.”
Technology
DJI will pay $30K to the man who accidentally hacked 7,000 Romo robovacs
On Valentine’s Day, I brought you a story that’s since made headlines all around the world: How one man, just trying to steer his DJI robot vacuum with a PlayStation gamepad, discovered an entire network of 7,000 remote-control DJI robots ready to let him peek into other people’s homes.
To be clear, DJI had already begun addressing some of the related vulnerabilities before the man, Sammy Azdoufal, showed The Verge just how much he could access. But it wasn’t clear whether DJI would pay him for his discovery, particularly after how it treated security researcher Kevin Finisterre back in 2017 — or how soon DJI might fully patch the additional vulnerabilities that Azdoufal discovered.
Today, we have some of the answers.
DJI will pay Azdoufal $30,000 for one single discovery, according to an email he shared with The Verge, without specifying which discovery it’s paying him for. Though DJI is not naming Azdoufal, it confirms to The Verge it has “rewarded” an unnamed security researcher for their work.
DJI would also not tell us which discovery it’s paying him for, but says it has already addressed the extra vulnerability Azdoufal found where someone can view a DJI Romo video stream without needing a security pin. “We can confirm that the PIN code security observation was addressed by late February,” reads a statement provided by DJI spokesperson Daisy Kong.
You might be wondering: What about the vulnerability that seemed so bad we refused to describe it in our original story? DJI tells me it’s working on that one too: “We have also started upgrading the entire system. This includes a series of updates, which we anticipate will be fully implemented within one month.”
DJI has also published a public blog post today about strengthening the DJI Romo’s security, one where it continues to claim that it discovered the original issue itself, while also crediting “two independent security researchers” for finding the same problem.
There, DJI seems to be suggesting that everything’s already resolved with the Romo: “Updates have been deployed to fully resolve the issue.” But again, there wasn’t just one vulnerability, and DJI told The Verge that it could take as long as another month.
In the blog post, DJI also says that the Romo already has ETSI, EU, and UL certifications for security — which may raise questions about how useful those certifications really are if one guy with Claude Code could access an entire network full of robovacs! — and that it will continue to test, patch, and submit the Romo and its app to independent third-party security audits.
DJI writes that it is “committed to deepening our engagement with the security research community, and we will soon introduce new ways for researchers to partner and collaborate with us.”
Musk’s direct testimony was an improvement over yesterday — even if his lawyer kept asking leading questions to cue him in how to answer. But that memory was immediately obliterated by an absolutely miserable cross-examination. For hours, Musk refused to answer yes or no questions with yes or no, occasionally “forgot” things he’d testified to in the morning, and scolded defense lawyer William Savitt. I watched a few jury members glance at each other. During one testy exchange, one woman was rubbing her head. Me too, babe.
Even the judge, who at times prompted Musk to answer “yes” or “no,” was having a bad time. “He was at times difficult,” said Yvonne Gonzalez Rogers after Musk after the jury left the room. (At one point, when she’d cut off his argumentative answer, she got the biggest laugh of the day.) “Part of management from my perspective is just to get through testimony.”
“I don’t yell at people,” Musk said
Musk spent a lot of yesterday painting this heroic picture of himself, and this morning, near the end of his direct examination, said, “I don’t lose my temper,” and “I don’t yell at people.” He said he might have called someone a “jackass,” but only in the spirit of saying something like, “don’t be a jackass.”
Immediately afterward, Savitt baited him into being petty, irritating, and generally hard to deal with. At one point, we all watched Musk lose his temper. He spent hours quibbling over simple questions. Again and again, Savitt referred back to Musk’s deposition, where he’d answered questions slightly differently, calling Musk’s accounts into question. Even if the average juror didn’t think he was lying, he was certainly inconsistent.
Savitt’s cross-examination left the distinct impression that Musk quit his quarterly payments to OpenAI because he wasn’t going to get full control of the company, then tried to kneecap it and fold it into Tesla. Initially, Musk wanted four board seats and 51 percent of the shares. The other co-founders would get three seats, together, to be voted on by shareholders (including other employees). Though Musk said that the eventual plan was to expand to 12 seats, it was obvious that Musk had full control on the initial board of seven.
When Musk didn’t get what he wanted, he pulled the plug on his funding commitment and hired Andrej Karpathy, OpenAI’s second-best engineer, to Tesla in 2017. Despite his fiduciary duty to OpenAI as a board member, he did not try to get Karpathy to stay at OpenAI when he said he heard Karpathy wanted to leave. (“I think people should have a right to work where they want to work,” Musk said on the stand.)
“In my and Andrej’s opinion, Tesla is the only path that could even hope to hold a candle to Google.”
By 2018, Musk was saying that OpenAI had no path forward with its current structure, declaring it was on “a path of certain failure” in emails to Ilya Sutskever and Greg Brockman. His proposed solution was to merge Tesla and OpenAI. “In my and Andrej’s opinion, Tesla is the only path that could even hope to hold a candle to Google,” Musk said. The plan never came to fruition, and Musk resigned from OpenAI’s board that year.
As early as 2016, Musk had his own concerns about OpenAI as a non-profit. In an email to a colleague at Neuralink, he wrote “Deepmind is moving very fast. I am concerned that OpenAI is not on a path to catch up. Setting it up as non-profit might, in hindsight, have been the wrong move. Sense of urgency is not as high.”
Asked about this, Musk said he was just speculating. Savitt said, “Those are your words, yes or no?”
“You mostly do unfair questions.”
Musk replied, “This is a hypothetical.”
Savitt said, “So you thought it might have been a wrong move? That’s what you said?”
Getting Musk to put any of that on the record was intensely difficult. He refused repeatedly to answer questions like whether he knew cutting off OpenAI donations would create financial pressure, or whether he’d asked Karpathy to stay at OpenAI. He accused Savitt of asking questions that were “designed to trick me,” and we got multiple versions of this:
Musk: You mostly do unfair questions
Savitt: I am trying to put the questions as fairly as I can. I am doing my best.
Musk: That’s not true.
Musk was trying to make this as painful as possible for Savitt, but he also made it as painful as possible for everyone else, including the jury. Watching him simply refuse to answer questions during cross he’d easily answered during direct was annoying. Watching him refuse to admit he understood the nature of linear time — and therefore the fact that he was still a director of OpenAI’s board before he resigned in 2018 — was infuriating. It made him look dishonest.
“I’d lost trust in Altman and I was concerned they were really trying to steal the charity.”
Musk’s basic, oft-repeated story during this week’s testimony has been that OpenAI is “stealing a charity” and “looting a non-profit.” He maintains that he was all right with some limited for-profit activity, but not anything that would overshadow OpenAI’s nonprofit work and constitute “the tail wagging the dog” — another phrase he reached for, over and over, like a security blanket. In direct testimony, he painted himself as a trusting “fool” who had believed the wily promises of Sam Altman and his cohort: “I gave them $38 million of essentially free funding, which they used to create an $800 billion for-profit company,” he lamented. His own lawyer’s questioning wrapped up with Musk being purportedly blindsided by a multibillion-dollar deal with Microsoft.
“I’d lost trust in Altman and I was concerned they were really trying to steal the charity,” Musk said. “It turned out to be true.”
“I said I didn’t look closely! I read the headline!”
On cross examination, Musk would barely even explain how much he bothered to learn about OpenAI’s operations before suing over them a few years later. When OpenAI proposed a for-profit arm around 2018, he got an email outlining the proposed corporate structure. On the stand, he said he’d only read the very first section of it,, which said that contributors should consider the investments as donations that may have no return. “I read the highlighted box with ‘important warning,’” Musk said.
Savitt asked Musk if he’d raised any objection to the structure then, when he’d received the documents. Musk said that he didn’t read beyond that first box.
Musk: I didn’t read the fine print.. We’re going into the fine print of this document.
Savitt: It’s a four-page document.
Musk then said he hadn’t read beyond taking this in the “spirit of a donation.” And then we got the deposition, where Musk said, “I don’t think I read this term sheet… I’m not sure I actually read this term sheet… I did not closely look at this term sheet.” Savitt pointed out that nowhere in the deposition did Musk say he’d read the first paragraph and Musk, raising his voice and effectively undermining his claims from the morning that he doesn’t lose his temper (lol) or yell at people (lmao), said, “I said I didn’t look closely! I read the headline!”
Imagine having to deal with this man as your cofounder. I think I would sooner open a vein.
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
NEWYou can now listen to Fox News articles!
Booking a train ticket is usually something most people don’t think twice about. Now it could come with real privacy risks after a reported data exposure tied to Amtrak.
A newly surfaced dataset linked to the company has appeared on Have I Been Pwned, a widely used site that tracks and verifies data breaches, suggesting customer information may now be circulating online. The company has not confirmed the full scope, but the situation is already drawing attention from security researchers.
For travelers, the bigger issue isn’t just what was taken. It is how that data can be used next.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
149 MILLION PASSWORDS EXPOSED IN MASSIVE CREDENTIAL LEAK
An alleged Amtrak data exposure may have affected millions of accounts, with researchers warning the leaked records could fuel convincing phishing attacks. (Pixelfit/Getty Images)
What we know about the Amtrak data breach
The breach was added to Have I Been Pwned on April 17, 2026, after a dataset attributed to Amtrak appeared online. According to that listing, the dataset includes more than 2.1 million unique accounts.
The exposed information listed by Have I Been Pwned includes email addresses, names, physical addresses and customer support records.
Separate reports suggest the total number of records could be significantly higher, with some estimates reaching up to 9.4 million, though that figure has not been confirmed by Amtrak.
Support interactions can reveal travel habits, preferences and past issues. That gives attackers more context to work with.
How the Amtrak data breach likely happened
The group linked to the attack, ShinyHunters, has a pattern. They often target cloud-based customer systems, especially platforms like Salesforce.
These systems store huge amounts of customer data in one place. That makes them efficient for businesses and valuable for attackers.
Attacks like this often involve exploiting access to cloud-based customer relationship management (CRM) environments rather than breaching internal networks directly.
In many cases, the breach does not require breaking into a company’s internal network. Instead, attackers exploit weak access controls, misconfigured settings or compromised credentials tied to cloud services.
Once inside, they can extract large datasets quickly and demand payment before releasing the data publicly.
Why the Amtrak data breach is different
Not all data breaches carry the same level of risk. This one stands out because of the type of information involved.
Basic contact details can already be used for spam. Add customer service history, and the situation changes. Attackers can reference real interactions to make their messages feel legitimate.
You might get an email that mentions a past trip, a refund request or a delayed train. It looks familiar. That is what makes it dangerous.
These tailored phishing attempts are far more convincing than generic scams.
HOW SCAMMERS BUILD A PROFILE ON YOU USING DATA BROKERS
Travelers are being urged to stay alert after a reported Amtrak data exposure linked to millions of accounts surfaced online. (martin-dm/Getty Images)
What the Amtrak data breach means for you
If your data is part of this breach, the immediate risk isn’t someone logging into your account. The bigger concern is impersonation.
Attackers can use your information to build trust quickly. They may pose as Amtrak support, a travel partner or even a financial institution tied to a booking.
That increases the chance you click a link, share more details or approve a transaction without realizing what is happening.
Even if you have never had an issue before, this kind of exposure changes your risk profile.
We reached out to Amtrak for comment, but did not hear back before our deadline.
Why do companies keep facing this problem?
This breach highlights a larger issue with how companies manage data today. Many rely heavily on cloud platforms to store and organize customer information. These tools are efficient, but they also concentrate risk in one place.
A single misconfiguration or compromised login can open the door to millions of records.
As more businesses move to software-as-a-service (SaaS) platforms, attackers are following. The pattern is becoming more common, not less.
How to check if your passwords were stolen
To see if your email was affected, visit Have I Been Pwned at haveibeenpwned.com. It is the first and official source for this newly added dataset.
- Enter your email address to find out if your information appears in the leak.
- When done, come back here for Step 1 below.
INSURANCE DATA BREACH EXPOSES SENSITIVE INFO OF 1.6 MILLION PEOPLE
Customer data linked to Amtrak has reportedly surfaced online, exposing contact details and support records that could be used in fraud schemes. (iStock)
Ways to stay safe after a data breach
If your data may be part of this breach, a few smart moves now can lower your risk and help you stay ahead of scams that often follow.
1) Use strong, unique passwords for every account
If you reuse passwords, this is the moment to change that. A single leaked password can unlock multiple accounts. Use a password manager to generate and store complex passwords so you are not relying on memory or repeating the same login. Start with your email account first, since it can be used to reset passwords across many of your other accounts. Check out the best expert-reviewed password managers of 2026 at CyberGuy.com.
2) Turn on two-factor authentication
Two-factor authentication (2FA) adds a second layer of protection. Even if someone gets your password, they still need a code from your phone or app. Focus on email, banking and travel accounts first since those are common targets after breaches.
3) Watch for highly targeted phishing attempts
Be extra cautious with emails or messages that reference past trips or support requests. That level of detail can make scams feel real. Avoid clicking links or downloading attachments unless you are certain of the source. When in doubt, go directly to the company’s official website.
4) Monitor your financial and account activity
Check your bank accounts and credit cards regularly for unusual charges. Look for login alerts or password reset notifications you did not request. The faster you catch something, the easier it is to contain.
5) Use strong antivirus software on your devices
Strong antivirus software does more than scan for viruses. It can block malicious links, detect suspicious downloads and stop phishing attempts before they reach you. Keeping your devices protected adds an important layer between you and attackers trying to exploit stolen data. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com.
6) Remove your personal data from broker sites
Data brokers collect and sell your personal information, which increases your exposure after a breach. A data removal service can help reduce how much of your information is circulating online and make it harder for scammers to build detailed profiles about you. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com.
Get a free scan to find out if your personal information is already out on the web: CyberGuy.com/FreeScan
7) Use identity monitoring for early alerts
An identity monitoring service can track your personal information across databases and alert you to suspicious activity. That includes new accounts opened in your name or signs that your data is being misused. See my tips and best picks on Best Identity Theft Protection at CyberGuy.com
8) Freeze your credit for added protection
A credit freeze prevents anyone from opening new accounts in your name without your approval. It is one of the most effective ways to stop identity theft after a breach. You can place a freeze for free with the major credit bureaus and lift it anytime when needed.
Kurt’s key takeaways
The Amtrak breach is still unfolding, and key details remain unclear. What is clear is the direction these attacks are heading. They are becoming more targeted, more personal and harder to spot. For consumers, that means staying alert even when something looks familiar. For companies, it means tightening controls around the systems that hold the most sensitive data. You do not need to panic, but you do need to pay attention.
With breaches like this happening again and again, are companies doing enough to protect your personal information? Let us know by writing to us at CyberGuy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
Amazon’s annual Gaming Week is bringing discounts on video games, accessories, and PC components through May 4th. This event is smaller than Amazon’s other sales, but there are some genuinely good deals. This year, we’ve found deals on popular titles like Elden Ring Nightreign, plus rare discounts on the Nex Playground console and on top-notch Nintendo Switch 2 controllers like the EasySMX S10. We’ve also found discounts on an assortment of laptops, monitors, and other gaming gear, some of which are happening at Amazon and other retailers, too.
-
News2 minutes agoNew Orleans sheriff indicted after investigation into escape of 10 inmates
-
New York2 hours agoHomes for Sale in the Bronx and Manhattan
-
Detroit, MI2 hours agoMailbag: Did Detroit Lions’ draft hint at defensive scheme changes?
-
San Francisco, CA2 hours agoSan Francisco bar hosts immersive
-
Dallas, TX2 hours agoDallas Captain Jamie Benn Fined By NHL For Cross-Checking
-
Miami, FL2 hours agoNonstop flights from U.S. to Venezuela resume Thursday at Miami International Airport for first time in seven years
-
Boston, MA3 hours agoBello's continued struggles compound Boston's thin rotation
-
Denver, CO3 hours agoTroubled apartments: Breaking down Denver’s distressed multifamily properties