News of the Cyber World

[kyonides]

DISCORD BREACHED

Update on a Security Incident Involving Third-Party Customer Service

• Discord recently discovered an incident where an unauthorized party compromised one of Discord’s third-party customer service providers.
  
• This incident impacted a limited number of users who had communicated with our Customer Support or Trust & Safety teams.
  
• This unauthorized party did not gain access to Discord directly.
  
• No messages or activities were accessed beyond what users may have discussed with Customer Support or Trust & Safety agents.
  
• We immediately revoked the customer support provider’s access to our ticketing system and continue to investigate this matter.
  
• We’re working closely with law enforcement to investigate this matter.
  
• We are in the process of emailing the users impacted.
  

‍
At Discord, protecting the privacy and security of our users is a top priority. That’s why it’s important to us that we’re transparent with them about events that impact their personal information.

Recently, we discovered an incident where an unauthorized party compromised one of Discord’s third-party customer service providers. The unauthorized party then gained access to information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams.

As soon as we became aware of this attack, we took immediate steps to address the situation. This included revoking the customer support provider’s access to our ticketing system, launching an internal investigation, engaging a leading computer forensics firm to support our investigation and remediation efforts, and engaging law enforcement.

We are in the process of contacting impacted users. If you were impacted, you will receive an email from noreply@discord.com. We will not contact you about this incident via phone – official Discord communications channels are limited to emails from noreply@discord.com.

UK SAYS BYE TO IMGUR

Imgur blocks access to UK users after regulator warned of fine

Image-hosting platform Imgur has blocked people in the UK from accessing its content.

Imgur is used by millions to make and share images such as memes across the web, particularly on Reddit and in online forums.

But UK users trying to access Imgur on Tuesday were met with an error message saying "content not available in your region" - with Imgur content shared on other websites also no longer showing.

The UK's data watchdog, the Information Commissioner's Office (ICO), said it recently notified the platform's parent company, MediaLab AI, of plans to fine Imgur after probing its approach to age checks and use of children's personal data.

The BBC has approached MediaLab AI for comment.

A help article on Imgur's US website, seen by the BBC, states that "from September 30, 2025, access to Imgur from the United Kingdom is no longer available".

"UK users will not be able to log in, view content, or upload images. Imgur content embedded on third-party sites will not display for UK users."

The ICO launched its investigation into Imgur in March - saying it would probe whether the companies were complying with both the UK's data protection laws, and the children's code.

These require platforms to take steps to protect children using online services in the UK, including minimising the amount of the data they collect from them.

A document published by the ICO alongside the launch of its investigation stated that Imgur did not ask visitors to declare their age when setting up an account.

It said on Tuesday it had reached initial findings in its investigation and, on 10 September, issued MediaLab with a notice of intent to impose a fine.

"Our findings are provisional and the ICO will carefully consider any representations from MediaLab before taking a final decision whether to issue a monetary penalty," said Tim Capel, an interim executive director at the ICO.

"We have been clear that exiting the UK does not allow an organisation to avoid responsibility for any prior infringement of data protection law, and our investigation remains ongoing."

The watchdog would not elaborate on what its findings were, nor the details of the potential fine, when asked by the BBC.

"This update has been provided to give clarity on our investigation, and we will not be providing any further detail at this time," Mr Capel said in his statement.

'Commercial decision'
Some Imgur users and reports speculated as to whether Imgur moved to block UK users from its services, rather than comply with child safety duties recently imposed on some platforms under the Online Safety Act.

Among these are requirements for sites allowing pornography or content promoting suicide and self-harm to use technology to check whether visitors are over 18.

But both the ICO and Ofcom - the media regulator enforcing the Online Safety Act - said Imgur suspending access for UK users had been its own "commercial decision".

"Imgur's decision to restrict access in the UK is a commercial decision taken by the company and not a result of any action taken by Ofcom," an Ofcom spokesperson told the BBC.

"Other services run by MediaLab remain available in the UK – such as Kik messenger, which has implemented age assurance to comply with the Online Safety Act."

EDUCATION DEPARTMENT & ITS EMAIL ACCOUNTS

Education Department Employees Furious at Emails Changed Without Consent

Furloughed federal employees working at the Department of Education (ED) have claimed their out-of-office emails have been changed without their consent.

Speaking to Newsweek, NBC News and Federal News Network, employees said that upon going into shutdown, their automated emails had been altered with messages blaming Democrats for the unfolding political situation.

Newsweek was unable to verify these reports and the department responded with an automated email. Newsweek has contacted the ED by email to comment on this story outside of normal business hours.

The automated email read: "Thank you for contacting the press team. On September 19, 2025, the House of Representatives passed H.R. 5371, a clean continuing resolution. Unfortunately, Democrat Senators are blocking passage of H.R. 5371 in the Senate which has led to a lapse in appropriations. Due to the lapse in appropriations, we are currently in furlough status. We will respond to emails once government functions resume."

Why It Matters

After Congress could not agree on a funding measure, the government shut down as midnight passed on October 1. This means that non-essential government services have ground to a halt, and some federal workers have been furloughed and others laid off.

Since then, Democrats and Republicans have blamed one another for rejecting each other's spending plans and the Trump administration has been accused of violating a federal law, namely the Hatch Act, by disseminating messages said to be partisan through government departmental channels.

There are around 2,500 employees at the ED and some 87 percent of these staffers have been furloughed. If the government is found to have changed employee's emails without their consent, it will raise further questions about potential breaches of the Hatch Act as well as the extent to which employee's work data is private.

What To Know

Speaking to Newsweek, one federal employee said their automated email had been changed to one that read: “Thank you for contacting me. On September 19, 2025, the House of Representatives passed H.R. 5371, a clean continuing resolution. Unfortunately, Democrat Senators are blocking passage of H.R. 5371 in the Senate which has led to a lapse in appropriations. Due to the lapse in appropriations I am currently on furlough status. I will respond to emails once government functions resume.”

The employee requested anonymity over fears they might lose their job.

Meanwhile, five employees reportedly told NBC News their emails had also been changed to the same message, which is also the same wording as the automated email Newsweek received. An ED employee also reportedly told Federal News Network they discovered on Thursday that their automated email response had been changed.

It follows advocacy groups saying that some government communications about the shutdown, including emails and website posts blaming Democrats, violate federal laws restricting the behavior of government departments.

The Democracy Defenders Fund, a nonpartisan group, has filed a complaint to the Government Accountability Office (GAO) urging it to investigate whether the Department of Housing and Urban Development (HUD) violated appropriations laws including the Antideficiency Act, a law which restricts government spending, when it posted social media and website content blaming the "Radical Left" for the shutdown.

The group argued that these messages breach rules on the use of funds for publicity and propaganda.

The GAO told Newsweek it does not investigate potential Hatch Act violations of executive branch agencies.

First of all, those employees should already know that those emails belong to the US government. This means they can't complain about that. It's not like the government had answered any inquiry on a given topic as if it were impersonating the involved employees.

REAL EMAILS VS FAKE ONES

Most adults couldn’t differentiate between authentic and AI phishing emails, new survey shows

In a recent global survey, most people couldn’t differentiate between a phishing message written by artificial intelligence (AI) and an authentic, human-written email.

The survey of 18,000 employed adults from around the globe tested them on their awareness when it comes to cyber dangers, like AI and phishing, and found startling room for improvement.

When shown a phishing email, only 46% of survey respondents correctly identified that it was written by AI. The other 54% either believed it was an authentic message written by a human or were unsure.

But interestingly, age did not seem to play a role in awareness, as there were no significant differences between generations in being able to correctly recognize the phishing attempt (Gen Z 45%, millennials 47%, Gen X and baby boomers, both 46%), highlighting the fact that no group is exempt from needing extra cyber-caution in the age of AI.

And although the phishing simulation caught most respondents by surprise, the study did find that respondents are conscious of AI being used to trick them in digital environments — they’re just not able to consistently identify threats.

In another test, they were shown an authentic, human-written email that could have been sent by any one of their employers for a real purpose, and less than a third (30%) were able to correctly identify that it was genuine.

This highlights the prevalence of human error in recognizing cyber threats in the digital era.

The study was conducted by Talker Research on behalf of Yubico as part of their annual Global State of Authentication Survey, just in time for Cybersecurity Awareness Month in October, and polled employed respondents from the U.S., the U.K., Australia, India, Japan, Singapore, France, Germany, and Sweden.

The results found that more than four in 10 people (44%) have interacted with a phishing message (e.g. clicked on a link, opened an attachment) in the last year, with 13% even admitting they’ve done so in the last week.

AI NECKLACE

Artificial Intelligence ‘Friend’ necklace causes uproar: ‘AI wouldn’t care if you lived or died’

An AI startup spent more than $1 million to advertise on New York City’s subways — and New Yorkers simply aren’t having it.

Posters for Friend, a necklace style device that listens to your entire day and sends you push notifications, were defaced with warnings about the dangers of AI.

Vandals took sharpies to the ads, which went up late last month, scrawling messages like, “AI wouldn’t care if you lived or died” overtop utopian slogans.

Our tech overlords might want to intrude even deeper into our lives, but is wearable AI where people finally say enough is enough? Perhaps — and hopefully — so.

The West 4th Street station was almost totally taken over by the company’s ads, which spanned 11,000 subway cars, 1,000 platform posters, and 130 urban panels across the city — making it the largest subway ad campaign ever according to Friend CEO Avi Schiffmann.

When asked about the negative reaction to the ads, Schiffmann told The Post it was “all according to plan.” He also noted that Friend uses Google’s Gemini models, “which have safe guardrails that protect users against self harm.”

The Friend device looks a little like an AirTag necklace. It is supposed to be on-hand to answer questions at any time. It also listens to what goes on around it and sends push notifications to your phone, providing opinions about conversations you just had, all powered by Claude.

“Friend [noun] someone who listens, responds, and supports you,” a poster for the device reads. But New Yorkers have other opinions.

“BE A LUDDITE,” one graffiti says. Other posters have been defaced with, “AI will promote suicide when prompted,” and, “Go make real friends, this is surveillance.”

Despite the nasty reception, other companies are trying to pull off similar wearable tech stunts.

SOMETHING WULFO ALREADY WENT THROUGH: NO MORE DIAL-UP INTERNET

AOL pulls the plug on dial-up internet after decades of service

It’s official: AOL’s dial-up internet has taken its last bow.

AOL previously confirmed it would be pulling the plug on Tuesday (Sept. 30) — writing in a brief update on its support site last month that it “routinely evaluates” its offerings and had decided to discontinue dial-up, as well as associated software “optimized for older operating systems,” from its plans.

Dial-up is now no longer advertised on AOL’s website. As of Wednesday, former company help pages like “connect to the internet with AOL Dialer” appeared unavailable — and nostalgic social media users took to the internet to say their final goodbyes.
AOL, formerly America Online, introduced many households to the World Wide Web for the first time when its dial-up service launched decades ago, rising to prominence particularly in the 90s and early 2000s.

The creaky door to the internet was characterized by a once-ubiquitous series of beeps and buzzes heard over the phone line used to connect your computer online — along with frustrations of being kicked off the web if anyone else at home needed the landline for another call, and an endless bombardment of CDs mailed out by AOL to advertise free trials.

Eventually, broadband and wireless offerings emerged and rose to dominance, doing away with dial-up’s quirks for most people accessing the internet today — but not everyone.

A handful of consumers have continued to rely on internet services connected over telephone lines. In the U.S., according to Census Bureau data, an estimated 163,401 households were using dial-up alone to get online in 2023, representing just over 0.13% of all homes with internet subscriptions nationwide.

While AOL was the largest dial-up internet provider for some time, it wasn’t the only one to emerge over the years. Some smaller internet providers continue to offer dial-up today. Regardless, the decline of dial-up has been a long time coming. And AOL shutting down its service arrives as other relics of the internet’s earlier days continue to disappear.

Microsoft retired video calling service Skype just earlier this year — as well as Internet Explorer back in 2022. And in 2017, AOL discontinued its Instant Messenger — a chat platform that was once lauded as the biggest trend in online communication since email when it was founded in 1997, but later struggled to ward off rivals.

YOUTUBE & TRUMP

YouTube to pay $24.5M to settle Trump’s lawsuit over 2021 account suspension

Start shining the dance floor …

YouTube on Monday agreed to pay $24.5 million to settle a lawsuit brought by President Trump, and the bulk of the money will go toward the construction of the new White House ballroom. 

Trump sued the Alphabet-owned video sharing platform in July 2021, alleging that YouTube unlawfully silenced conservative viewpoints after the company suspended his account in the wake of the Jan. 6, 2021, riot at the US Capitol.

The Trust for the National Mall, the nonprofit group raising private donations to build the $200 million ballroom on the White House grounds, will be paid $22 million by the tech company as part of the settlement.

The remainder of the settlement money will go to other plaintiffs in the case, including the American Conservative Union.

Trump announced plans for the privately-funded, 90,000-square-foot “White House State Ballroom,” in July.

The ballroom will be situated in the East Wing and be able to fit 650 people.

Construction is expected to be completed before Trump’s term ends in early 2029.

YouTube was the last of the major social media companies sued by Trump over Capitol riot-related bans to settle.

Meta and X settled similar lawsuits brought by the president earlier this year, to the tune of $25 million and $10 million, respectively.

Trump was banned from YouTube for nearly two years in the aftermath of the riot. 

The video streaming service suspended Trump’s account on Jan. 12, 2021, and reinstated it on March 17, 2023 – several months after he launched his 2024 presidential campaign.

President Trump: Return Univision to Streaming on YouTube TV

President Donald Trump is urging the American Spanish-language network Univision to return to YouTube TV, saying its recent removal from the streamer will not fare well for Republicans in the 2026 midterms.

“I hope Univision, a great and very popular Hispanic Network, can get BACK onto the very amazing Google/YouTube,” he posted on Truth Social late Saturday. “It has been taken out of their package, which is VERY BAD for Republicans in the upcoming Midterms.”

The president continued, “They were so good to me with their highest rated ever political Special, and I set a Republican Record in Hispanic voting. Google, for the purpose of FAIRNESS, please let Univision back! President DJT.”

YouTube TV, owned by Google, dropped the broadcaster and its affiliates from its package last week after failing to reach a contract deal.

Its owner, TelevisalUniversion, issued a blistering statement early last week on the move:

Google’s YouTube TV has refused to “Do the Right Thing” and dropped Univision from its platform—stripping millions of Hispanic viewers of the Spanish-language news, sports, and entertainment they rely on every day.

Google’s actions are especially tone-deaf and egregious on the eve of a potential government shutdown, disregarding the appeals of government officials and Hispanic organizations who urged them to keep Univision on the main bundle.

The statement added, “To add insult to injury, YouTube TV chose to take this step during Hispanic Heritage Month—an act that is deeply insensitive and offensive.”

A major hurdle in the Univision talks is YouTube TV’s proposal to shift the company’s channels from its basic plan and put the Univision channel on a more expensive Spanish-language add-on package, the Los Angeles Times reported.

Univision’s programming includes news, dramas, popular soccer matches and games during the ongoing Major League Baseball playoffs.

According to the Times, Republican lawmakers — among them Sen. Ted Cruz (R-TX) and Rep. Mario Diaz-Balart (R-FL), — have criticized the move as “Google abusing its market power” to force subscribers to pay extra for Spanish-language shows.

As a 2024 candidate, Trump took questions from voters at a Univision town hall in Miami before his election victory.

Trump ultimately received support from 48 percent of Hispanic voters in the 2024 race, three percentage points behind former Vice President Kamala Harris, according to the Pew Research Center.

That surpassed former President George W. Bush, who held the previous record of Hispanic support with 44 percent of the vote in 2004, according to Pew.

GOOGLE

Google willing to share digital ad data with publishers to address monopoly, executive testifies

Google is willing to cough up more advertising data to publishers to address concerns about its illegal monopoly over digital advertising technology, a top executive at the search giant said Tuesday.

Glenn Berntson, an engineering director for Google Ad Manager, acknowledged the potential remedy during the second week of a high-stakes antitrust trial in Virginia federal court. He was called as a witness by Google’s defense lawyers.

Providing “publishers with these detailed insights, I think, is a good idea,” Berntson said during cross-examination by the Justice Department’s attorneys, according to Bloomberg. “The specifics is something we’d have to explore.”

Google is trying to wriggle out of a more damaging forced breakup of its digital advertising empire. The DOJ has argued that Google should be required to sell its key ad exchange, AdX, to restore fair competition and protect news publishers and advertisers that rely on the system.

Any remedy short of divestiture should be a “hard pass,” according to Jason Kint, the CEO of Digital Content Next, a trade group that represents online publishers.

“What publishers need isn’t another last-minute desperate gesture from Google as they try to avoid absolutely necessary structural remedies,” said Kint. “The Department of Justice has put on a brilliant case presenting remedies that will actually stop Google’s illegal conduct harming publishers, deny Google the fruits of it, restore competition and to avoid re-monopolization going forward.”

US District Judge Leonie Brinkema, who has final say over which remedies to implement, ruled in April that Google had violated the Sherman Act by dominating the online publisher ad server market, as well as the ad-exchange market that connects ad buyers to sellers. 

The shared data could include details on how Google’s ad server determines which display ads to show – boosting transparency about the inner workings the auction system that the company uses to buy and sell ad space in real time, according to Berntston.

The DOJ has also proposed that Google make the auction process more transparent by sharing data, but Berntson testified on the stand that simply releasing source code about the auction process wouldn’t necessarily help publishers understand it.

Instead, Berntson said Google could release a breakdown explaining its digital auction process. At the same time, he admitted that larger publishers with more resources would likely want to see the source code itself.

GOOGLE ON ORACLE

Multiple US executives targeted by ransomware in ‘high-volume attack,’ Google warns

Hackers linked to a prominent ransomware group have been targeting US business executives at “numerous organizations” in a massive campaign since last month, according to a warning issued by Google on Thursday.

Google’s researchers said the hackers claim to be part of the notorious “clOp” ransomware gang and have been sending the threatening emails as part of what it described as a “high-volume” attack.

It wasn’t immediately clear which other companies have been targeted in the ransomware campaign, or if any have paid the ransom to regain control of their data.

In the emails, the hackers are claiming to have stolen their data through popular business management apps offered by Oracle to corporate clients. The attacks began around Sept. 29, according to Genevieve Stark, head of cybercrime at Google Threat Intelligence Group.

“Initial analysis suggests that the targeting is opportunistic, as opposed to focusing on specific industries,” Stark added. “This is consistent with prior activity associated with the Cl0p data leak site.”

Oracle did not immediately return The Post’s request for comment.

The hackers have demanded ransoms of up to $50 million and have sent victims screenshots as proof of the breach, according to cybersecurity firm Halcyon, which is also tracking the hacking campaign, according to Bloomberg.

“We have seen Cl0p demand huge seven- and eight-figure ransoms in the last few days,” Cynthia Kaiser, vice president at Halcyon’s ransomware research center, told the outlet. “This group is notorious for stealthy, mass data theft that heightens their leverage in ransom negotiations.”

Google said it “does not currently have sufficient evidence to definitively assess the veracity of these claims.” At least one of the email addresses linked to the attack was previously used by the hacker group.

“The malicious emails contain contact information, and we’ve verified that the two specific contact addresses provided are also publicly listed on the CLOP data leak site (DLS),” said Charles Carmakal, chief technology officer at Google Cloud cybersecurity unit Mandiant. “This move strongly suggests there’s some association with Clop and they are leveraging the brand recognition for their current operation.”

The emails reportedly bear the hallmarks of clOp’s work, including sloppy English and grammar.

OPENAI

ChatGPT owner OpenAI hits $500B valuation after massive sale of shares

OpenAI, the company behind ChatGPT, has reached a valuation of $500 billion, following a deal in which current and former employees sold roughly $6.6 billion worth of shares, a source familiar with the matter told Reuters on Thursday.

This represents a bump-up from its current valuation of $300 billion, underscoring OpenAI’s rapid gains in both users and revenue.

Reuters reported details of the stock sale earlier in August.

As part of the deal, OpenAI employees sold shares to a consortium of investors including Thrive Capital, SoftBank, Dragoneer Investment Group, Abu Dhabi’s MGX and T. Rowe Price, according to the source, who spoke on the condition of anonymity as they were not authorized to speak to the media.

The company had authorized sales of $10-billion-plus worth of stock on the secondary market, the source added.

Thrive Capital, SoftBank, Dragoneer, MGX and T. Rowe Price did not immediately respond to Reuters’ requests for comment.

The share sale adds to SoftBank’s earlier investment in OpenAI’s $40 billion primary funding round.

The company generated around $4.3 billion in revenue in the first half of 2025, about 16% more than it generated all of last year, the Information reported earlier this week.

The sale comes at a time when tech giants are competing aggressively for AI talent with lucrative compensation packages.

BEZOS HAS ANOTHER WEIRD PREDICTION TO SHARE

Jeff Bezos makes wild prediction about data centers as energy demand grows

Amazon founder and executive chair Jeff Bezos predicted on Friday gigawatt-scale data centers will be built in space within the next 10 to 20 years and that continuously available solar energy meant they would eventually outperform those based on Earth.

Speaking at the Italian Tech Week in Turin, Bezos also compared the surge in artificial intelligence to the internet boom of the early 2000s, urging optimism despite the risk of speculative bubbles.

The concept of orbital data centers has gained traction among tech giants as those on Earth have driven up demand for electricity and water to cool their servers.
“These giant training clusters, those will be better built in space, because we have solar power there, 24/7. There are no clouds and no rain, no weather,” Bezos said in a public conversation with Ferrari and Stellantis Chairman John Elkann.

“We will be able to beat the cost of terrestrial data centers in space in the next couple of decades.”

Bezos said the shift to space infrastructure is part of a broader trend of using space to improve life on Earth.

“It already has happened with weather satellites. It has already happened with communication satellites. The next step is going to be data centers and then other kinds of manufacturing,” he said.

Hosting data centers in space has its own challenges, including the difficulty of maintenance and carrying out upgrades and the cost of launching rockets, as well as the risk the launches may fail.

The executive chair of Amazon said the AI wave shares traits with the dot-com era, when massive hype was followed by a crash.

“We should be extremely optimistic that the societal and beneficial consequences of AI, like we had with internet 25 years ago, are for real and there to stay,” he said.

For some reason, Bezos forgets everything concerning the Leonids, the infamous meteor shower that could easily hit one of those centers on the Moon.

HUMAN RESOURCES PROVIDER HACKED, SENTENCED DELIVERED LAST WEEK

Used Google Translate to translate it to English...

The verdict is in for the gang of young French hackers behind the Adecco hack: a look back at an extraordinary case

In 2022, French temporary employment giant Adecco announced it had been the victim of a large-scale cyberattack. Millions of personal data were stolen and used to carry out massive fraud campaigns across France. The verdict in the trial of the 14 defendants in this case was delivered on September 26, 2025.
Expectations were high in Lyon when the trial of those responsible for the Adecco hack opened in June 2025.

This massive theft of personal data from the French temporary employment giant had enabled the defrauding of thousands of people, whose information was recorded in the databases of the temporary employment agency, based in Villeurbanne.

At the time of the judgment, nearly 100,000 victims had been identified, including some 6,000 civil parties claiming damages, defended by more than 360 lawyers.

On September 26, 2025, only one man appeared in custody at the time of the verdict: Timothée Lhomond, aged 20 at the time of the events. Suspected of being the mastermind of a 14-person cybercriminal network, he was charged with 20 counts, including organized fraud, money laundering, forging identity papers, and compromising data systems.

A CEO as the brain and an intern as the gateway

In court, Timothée Lhomond is presented as a high-level hacker , a label he categorically denies. According to the prosecution, he began online scams at just 17 years old, before completing a work-study program and founding his own cybersecurity company, specializing in... data leak management for businesses.

An entrepreneurial adventure that came to a sudden halt two years ago when he was arrested in connection with the Adecco hacking investigation. The prosecutor had requested a seven-year prison sentence, but he was ultimately sentenced to six years in prison and a €30,000 fine.

The presiding judge justified this heavy sentence by the scale of the fraud, the significant harm inflicted on the victims, and the fact that Lhomond had continued his fraudulent schemes from his cell, going so far as to attempt to influence witnesses and accomplices using a contraband telephone.

His 13 accomplices, most of them very young, were also sentenced to prison terms of 6 months to 3 years, some of which could be extended to electronic monitoring.

Initial access to the Adecco database was made possible through the complicity of a 19-year-old apprentice, approached by Lhomond and his associates on a dark web forum, who sold his login details. He was sentenced to two years in prison, one of which was suspended.

TESLA

Tesla shocks Wall Street with nearly 500K deliveries as buyers rushed to lock in tax credit

Tesla’s third-quarter deliveries trounced Wall Street estimates on Thursday, powered by an unusual sales boost from US EV buyers rushing to lock in popular tax credits before their expiration at the end of September.

The Elon-Musk-led carmaker had frequently talked up the expiration, using it alongside discounts and financing deals to spur sales and leases of its EVs.

However, worries over cooling sales in the upcoming quarters due to the withdrawal of the $7,500 federal tax credit weighed on the company’s shares, which fell nearly 1% in morning trading.

“While the third quarter was strong, we expect fourth quarter sales will see a decline, consistent with the first half of the year, largely due to the US tax credit expiration,” said Seth Goldstein, senior equity analyst at Morningstar.

Europe remained a weak spot as rivals aggressively promoted plug-in hybrids, while Chinese EV brands started gaining groundin the hyper-competitive market.

The company’s European sales, including the UK, fell 22.5% from a year earlier in August, cutting its market share to 1.5%, according to data from the region’s Automobile Manufacturers’ Association.

Overall, Tesla said it delivered 497,099 vehicles in the third quarter, up 7.4% from 462,890 a year earlier.

It also delivered 481,166 units of its Model 3 compact sedan and Model Y crossover in the September quarter, well above Wall Street expectations. The carmaker is set to report quarterly results on October 22.

Full-year 2025 deliveries are projected to be around 1.61 million, roughly 10% below 2024, according to Visible Alpha. Tesla will need to deliver 389,498 vehicles in the December quarter to meet that projection.