In episode 459 of Smashing Security, we dive into a chillingly clever account takeover attempt targeting WordPress co-founder Matt Mullenweg - involving MFA fatigue, real Apple alerts, a convincing support call, and a phishing page that oh-so-nearly worked. If a famous techie could have this happen to you, can you be sure you're immune? Plus: would you donate your lifetime medical history to science if you were promised anonymity? We unpack serious concerns around UK Biobank, where “de-identified” data may not be as anonymous as you think — and how surprisingly little information it takes to reveal everything. And! Human-powered “AI”, and a punishment worse than prison: eight hours on the RSA expo floor... All this, and much more, in episode 459 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Paul Ducklin.