Damien Wilde / Android Authority
TL;DR
- Several items of person info of Nothing Community members have been noticed on-line, together with email addresses.
- The data dump seems to be from 2022 and pertains to early Nothing Community members.
- No passwords have been noticed within the data dump, however we advise Nothing Community customers to alter their passwords out of plentiful precaution.
Nothing is driving on a wave of fine reception from shoppers, because of impactful merchandise just like the Nothing Phone 2a, which we’ve preferred for bringing one thing new to the price range smartphone market. But the corporate has additionally had its share of controversies, just like the Nothing Chats debacle, which was a privateness nightmare. Nothing seems to have suffered an alleged data breach just lately, as we might find a bunch of knowledge round Nothing Community profiles floating on the web.
We have situated a file on a textual content file-sharing web site containing a data dump of a number of Nothing Community profiles. The data current on this dump consists of already-public info, equivalent to usernames, show names, be part of dates, remark counts, last-seen info, discussion board profile permissions, and extra.
Aamir Siddiqui / Android Authority
However, the dump additionally consists of info that isn’t essentially public info, equivalent to email addresses related to the discussion board profile. We might additionally spot profile suspension fields (utilized by moderators who handle on-line boards) however couldn’t instantly find something past “null” values.
To be clear, we couldn’t find any passwords within the data dump. However, the email addresses current within the dump don’t look like simply seen on Nothing Community profiles, thus exposing the email addresses of hundreds of Nothing Community members in a single file.
Based on the last-seen info, the data seems to be from 2022. Further, based mostly on the data on email addresses, we estimate that info on the primary ~2,250 Nothing Community profiles is current on this data dump, together with a number of @nothing.tech emails for community managers. For apparent causes, we can’t share the data dump.
If we’re allowed to take a position, this may very well be the results of an uncovered API. However, the API seems to be inaccessible on the time of writing. Alternatively, it is also an export file from Nothing Community’s discussion board administration software program.
Even although we’ve not seen any proof of passwords being compromised, we suggest Nothing Community members change their password merely out of plentiful precaution.
We’ve contacted Nothing for a press release on this alleged data breach and to be taught extra in regards to the remedial measures the corporate has taken to stop a reoccurrence. We’ll replace this text if and when the corporate responds.