Dialog Member Data Exposed Through Misconfigured App Site
Dialog, an invite-only network and private events group cofounded by Peter Thiel, exposed sensitive data on roughly 200 members and past participants through a misconfigured app distribution site that appears to have made internal files publicly accessible. Reporting indicates that anyone could submit an email address without a password and reach a page that loaded plaintext records through standard browser developer tools, exposing details such as dates of birth, cell phone numbers, emergency contacts, internal rankings and grading notes, political leanings assigned by Dialog, and active digital login tokens.
Dialog told members the database had been breached by a criminal hacker, but WIRED reported it found no evidence that an intrusion was required and concluded the exposure stemmed from insecure configuration tied to Fillout forms and Airtable-connected data. Fillout said its own systems were not known to be compromised and that customers are responsible for secure setup, while security experts cited in coverage said the incident reflects the persistent risk of security misconfiguration, ranked by OWASP as a leading application security weakness.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Pentagon examines Dialog exposure over affected national security personnel
WIRED reported that the Pentagon is looking into the Dialog data exposure after records reportedly revealed personal information belonging to multiple US national security officials, including intelligence and military personnel. The development marked a government response and highlighted that the exposed victim set included especially sensitive individuals.
Dialog member data was exposed via website misconfiguration
A misconfigured landing page for Dialog's app made internal files containing personal information for roughly 200 members and past participants publicly accessible without a demonstrated intrusion. Reporting said the exposed workflow involved Fillout forms connected to Airtable and that access could be obtained through standard browser developer tools.
WIRED reported no evidence of a break-in at Dialog
WIRED published an analysis concluding there was no evidence of an actual intrusion into Dialog's systems and that the exposed files appeared reachable through a publicly accessible app page. Experts cited by WIRED described the incident as a security misconfiguration rather than a confirmed hack.
Dialog notified members that their data had been breached
Dialog told members and past event participants that a database containing their personal information had been breached by a purported criminal hacker. The company characterized the exposure as a hack, despite later reporting finding no evidence that an intrusion was required.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
The Pentagon Is Looking Into the Dialog Data Exposure for Unmasking National Security Officials | WIRED
wired.com
Open sourceElite network says it was hacked after members’ personal data was left exposed - Malware News - Malware Analysis, News and Indicators
malware.news
Open sourceElite network says it was hacked after members' personal data was left exposed | Malwarebytes
malwarebytes.com
Open sourceDialog Claims It Was Hacked. A Misconfigured Website Left Its Members Exposed | WIRED
wired.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Privacy and data exposure incidents across consumer apps, software supply chains, and misconfigured servers
Multiple disclosures highlighted ongoing **data exposure risks** driven by misconfiguration and weak controls. Cybernews researchers reported that three photo-identification mobile apps exposed data for ~152,000 users due to **misconfigured Firebase** databases lacking authentication, leaking emails, usernames, profile photos, and **GPS coordinates**; evidence in the exposed data suggested automated scanning and prior access by attackers. Separately, a large-scale internet study found nearly **5 million** public web servers with accessible `.git` directories, including more than **250,000** instances exposing `.git/config`, which can contain deployment credentials and enable source-code reconstruction, secret theft, and follow-on compromise. In parallel, **software supply-chain abuse** targeted the dYdX ecosystem via malicious packages on **npm** and **PyPI** that stole wallet seed phrases and other credentials; one PyPI package also reportedly deployed a **remote access trojan** enabling code execution and theft of API credentials, SSH keys, source code, and other sensitive files, with potential for persistence and lateral movement. Separately from these incident reports, Google announced privacy-focused search features aimed at faster removal of **non-consensual explicit imagery** (including deepfakes) and expanded monitoring via *Results about you* to help users detect and request removal of exposed government ID numbers—positioned as a protective measure rather than a breach disclosure.
Mar 21, 2026
Large-Scale Data Exposures Driven by Misconfigured Cloud Datastores
Cybernews researchers reported multiple **data exposures caused by misconfigured back-end services**, including consumer mobile apps and a large unprotected database. Three widely downloaded Android AI photo identification apps—*Insect Identifier by Photo Cam*, *Dog Breed Identifier Photo Cam*, and *Spider Identifier App by Photo*—reportedly leaked more than **150,000** users’ data via a **Firebase misconfiguration** with inadequate authentication/access controls. Exposed data included email addresses, usernames, profile photos, notification tokens, and **GPS coordinates**; while passwords were not found, researchers noted the location data could enable stalking, doxxing, and targeted scams, and observed indications that automated bots had already discovered the exposed databases prior to the investigation. The apps were attributed to publisher **MobilMinds** (linked to **OZI Technologies**), and the developers reportedly did not respond to requests for comment. Separately, Cybernews identified an **unprotected Elasticsearch cluster** exposing approximately **8.7 billion records** associated with China, including names, birthdates, home addresses, national ID numbers, social media identifiers, usernames, and other account/platform details; the dataset also reportedly contained **plaintext credentials** and corporate/business records, suggesting long-term aggregation. The database’s ownership was not confirmed, but it was subsequently secured; researchers characterized the exposure as a systemic privacy risk potentially affecting hundreds of millions of individuals. Two additional items in the set describe individual bug-hunting writeups (e.g., bypassing mobile controls and abusing password reset/IDOR-style issues) but do not provide verifiable linkage to the specific Firebase/Elasticsearch exposures described above.
Mar 21, 2026
DomeWatch Database Exposure of Capitol Hill Job Applicants' Sensitive Data
An unsecured online database managed by the House Democrats’ DomeWatch platform exposed the personal information of over 7,000 individuals who applied for jobs, internships, or fellowships with Democratic offices and committees in the US House of Representatives. The exposed data included names, contact details, political affiliations, military service, and, critically, the security clearance status of hundreds of applicants, with at least 469 individuals holding "top secret" federal security clearances. The breach was discovered by an ethical security researcher in late September 2025, who promptly notified the House of Representatives’ Office of the Chief Administrator, leading to the database being secured within hours. The database, which was neither encrypted nor password-protected, also contained links to Google forms and other shared documents, as well as a file labeled as a "master key" that could potentially be used to decrypt protected data such as API tokens. The records, mostly timestamped from 2024–2025, raised concerns about the retention policy of the DomeWatch platform, which claims to archive resumes after 90 days. The exposure of such sensitive information, especially regarding individuals with high-level security clearances, significantly increases the risk of fraud, targeted attacks, and broader national security implications.
Mar 21, 2026