惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

N
News and Events Feed by Topic
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
月光博客
月光博客
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
大猫的无限游戏
大猫的无限游戏
T
Tailwind CSS Blog
S
SegmentFault 最新的问题
V
V2EX
阮一峰的网络日志
阮一峰的网络日志
C
Cisco Blogs
博客园 - 叶小钗
P
Privacy International News Feed
Jina AI
Jina AI
Apple Machine Learning Research
Apple Machine Learning Research
T
Threatpost
IT之家
IT之家
博客园 - 聂微东
Know Your Adversary
Know Your Adversary
Help Net Security
Help Net Security
罗磊的独立博客
I
Intezer
S
Schneier on Security
博客园_首页
C
CERT Recently Published Vulnerability Notes
雷峰网
雷峰网
Cisco Talos Blog
Cisco Talos Blog
宝玉的分享
宝玉的分享
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Webroot Blog
Webroot Blog
TaoSecurity Blog
TaoSecurity Blog
MyScale Blog
MyScale Blog
P
Privacy & Cybersecurity Law Blog
T
The Exploit Database - CXSecurity.com
PCI Perspectives
PCI Perspectives
Security Latest
Security Latest
H
Heimdal Security Blog
S
Secure Thoughts
Hacker News: Ask HN
Hacker News: Ask HN
Y
Y Combinator Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Microsoft Security Blog
Microsoft Security Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
SecWiki News
SecWiki News
The GitHub Blog
The GitHub Blog
A
Arctic Wolf
A
About on SuperTechFans
aimingoo的专栏
aimingoo的专栏
T
Threat Research - Cisco Blogs
Engineering at Meta
Engineering at Meta
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC

Security Latest

British Police Built a Sprawling Crime-Prediction Machine. Some Results Couldn’t Be Trusted OpenAI Launches Full-Scale Effort to Patch Open-Source Bugs as It Takes on Anthropic’s Mythos World Cup Scams Are Getting Harder to Spot A Critical Deadline Is Approaching for Windows and Linux Security Hackers Claim to Leak Stolen Madison Square Garden Data How the Peter Thiel-Linked Dialog Club Secretly Ranks Its Members How to Watch the Knicks Parade on NYC Traffic Surveillance Cameras The UK Will Scan Asylum-Seekers’ Faces for Age Checks—Despite Knowing the Tech Is Flawed Leak Exposes Members of Peter Thiel’s Secretive ‘Dialog’ Society ‘Dangerous’ AI Models Are Coming No Matter What Meta Tapped a Pentagon Supplier to Prototype Face Recognition for Its Glasses The FCC Wants to Kill Burner Phones Grok Is Still Hosting Sexualized Deepfakes of Famous Women Drug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats Trump Risks Key Surveillance Authority Over ‘Unqualified’ Spy-Chief Pick Wrongful Arrest Exposes Failures in One of the Oldest Police Face-Recognition Tools in the US Soccer Fans, You’re Being Watched Mapping Every Flock License Plate Reader Near US World Cup Stadiums Amnesty International Warns That World Cup Fans Face Potential Human Rights Violations Anthropic Offers Mythos Upgrade for Cyber Partners and a ‘Safe’ Version for the Rest of You Meta Deletes Face-Recognition System From Its Smart Glasses App After WIRED Report All the Ways Europe Is Ditching American Technology Crypto-Funded Chinese Peptide Labs Are Booming Meta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of Phones xAI Asks Court to Strip Alleged Grok Deepfake Nudes Victims of Anonymity Android Is Fighting Phone Scams With a New Feature to Prove Who’s Calling The Manhattan Institute Helped Kill DEI. Now It’s Coming for Protests The Romance Scammer Who Made a Small Fortune Posing as a WWE Superstar Websites Can Now Spy on You Through Your Hard Drive Cybercrime Crew Claims It Hacked Mike Lindell’s MyPillow The White House’s Aliens.gov Site Brags That ICE Arrested More Than 700 US Citizens The Pentagon Knew Enemies Could Track Troops’ Phones for Years. Now They Are Scammers Are Using Your Real Hotel Reservations to Trick You With Spear-Phishing Attacks Internet Starts to Return in Iran After 3-Month Blackout US Law Enforcement Warns of ‘Anti-Tech Extremism’ as AI Hatred Grows The AI Era Is Creating a Bug-Hunting Arms Race The FBI Wants ‘Near Real-Time’ Access to US License Plate Readers ‘Creepy’ Listening Tool for Targeted Ads Didn’t Actually Work, FTC Says A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale The EU Is Going Through a Trump-Fueled Breakup With Big Tech A Bipartisan Amendment Would End Police License Plate Tracking Nationwide Madison Square Garden Bans Lawyer Representing New York Cop Injured at a Boxing Match Data Brokers’ and AI Firms’ Opt-Out Forms Are Built to Fail, Report Finds You Can Get Some of Your Nudes Removed From the Internet Under a New Law An ICE Firearms Trainer Was Involved in At Least 4 Deadly Shootings Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording Your iPhone Gets Stolen. Then the Hacking Begins DHS Plans Experiment Running ‘Reconnaissance’ Drones Along the US-Canada Border WhatsApp Adds Meta AI Chats That Are Built to Be Fully Private Foxconn Ransomware Attack Shows Nothing Is Safe Forever Iran Is Using Tiny ‘Mosquito’ Boats to Shut Down the Strait of Hormuz Hackable Robot Lawn Mower Unlocks a New Nightmare You Can Disable Gemini in Chrome if It’s Freaking You Out Cybercriminals Are Complaining About AI Slop Flooding Their Forums DHS Demanded Google Surrender Data on Canadian’s Activity, Location Over Anti-ICE Posts Disneyland Now Uses Face Recognition on Visitors OpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk Accounts Exposed Data Illustrates the Nightmare Scenario for a Stalkerware Victim The Race Is on to Keep AI Agents From Running Wild With Your Credit Cards California Engineer Identified in Suspected Shooting at White House Correspondents Dinner Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—and Predates Stuxnet AI Tools Are Helping Mediocre North Korean Hackers Steal Millions Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox Meta Is Sued Over Scam Ads on Facebook and Instagram They Built a Legendary Privacy Tool. Now They’re Sworn Enemies The Weird, Twisting Tale of How China Spied on Alysa Liu and Her Dad It Takes 2 Minutes to Hack the EU’s New Age-Verification App Republican Mutiny Sinks Trump's Push to Extend Warrantless Surveillance The Shocking Secrets of Madison Square Garden’s Surveillance Machine Europe’s Online Age Verification App Is Here The Deepfake Nudes Crisis in Schools Is Much Worse Than You Thought In the Wake of Anthropic’s Mythos, OpenAI Has a New Cybersecurity Model—and Strategy Telegram Is Still Hosting a Sanctioned $21 Billion Crypto Scammer Black Market The FCC Has a Fast Lane for Complaints About Trump’s Media Critics Meta Is Warned That Facial Recognition Glasses Will Arm Sexual Predators The Dumbest Hack of the Year Exposed a Very Real Problem Your Push Notifications Aren’t Safe From the FBI How the Internet Broke Everyone’s Bullshit Detectors Anthropic’s Mythos Will Force a Cybersecurity Reckoning—Just Not the One You Think Politicians Are Spending More Money on Security as They Increasingly Become Targets ‘We Were Not Ready for This’: Lebanon's Emergency System Is Hanging by a Thread Men Are Buying Hacking Tools to Use Against Their Wives and Friends Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure Anthropic Teams Up With Its Rivals to Keep AI From Hacking Everything Border Patrol Agents Sold Challenge Coins With ‘Charlotte’s Web’ Characters in Riot Gear Hackers Are Posting the Claude Code Leak With Bonus Malware Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards ‘Uncanny Valley’: Iran’s Threats on US Tech, Trump’s Plans for Midterms, and Polymarket’s Pop-up Flop What Happens When a Nuclear Site Is Hit? Unmasking the Paramilitary Agents Behind Trump’s Violent Immigration Crackdown Apple Will Push Out Rare ‘Backported’ Patches to Protect iOS 18 Users From DarkSword Hacking Tool Iran Threatens to Start Attacking Major US Tech Firms on April 1 The US Military’s GPS Software Is an $8 Billion Mess The Broken System That Keeps Shipping Crews Stranded in the Strait of Hormuz Iranian Hackers Breached Kash Patel’s Email—but Not the FBI’s How Trump’s Plot to Grab Iran's Nuclear Fuel Would Actually Work
Dialog Claims It Was Hacked. A Misconfigured Website Left Its Members Exposed
Dell Cameron,Dhruv Mehrotra · 2026-06-24 · via Security Latest

Dialog, the invite-only group cofounded by Peter Thiel, notified members and past event participants last week that a database containing their personal information had been breached, supposedly by a criminal hacker. But a WIRED analysis found that the files were readable to anyone who visited a landing page for the group’s app—what cybersecurity experts describe as a misconfiguration that effectively made the data publicly accessible.

The notification to people affected by the data exposure, emailed by Dialog managing director Juliette Levine and provided to WIRED, said that forensic investigators found that the names of 113 past participants in Dialog events had been exposed and, separately, “some” people registered for this summer's Dialog retreat had their information accessed. Levine said the organization had temporarily closed many of its systems in response.

The exposure, Levine alleged, “was a hack executed by a well-known criminal who is wanted in the United States,” adding that the group had acted “out of caution” to protect “the safety, privacy, and reputation of every Dialoger past and present.”

Multiple reviews of the site's publicly accessible architecture, though, point to a misconfiguration, not a break-in.

WIRED first reported on the Dialog records last week. They include the list of 113 names that Dialog confirmed to be past participants in its breach disclosure—among them a sitting NATO commander, two US senators, and the US treasury secretary—as well as a separate, longer list of people registered for an August retreat outside Dublin, Ireland. WIRED also reported on records that revealed how the group privately scores attendees, weighing their wealth and prominence in decisions about admission, seating, and pricing.

A Dialog site, set up to distribute a phone app for the August gathering, let any visitor sign up using any email address. It did not request a password. After submitting an email, the visitor was taken to a near-empty holding page; the same page also loaded the internal files on some 200 people into their browser. Viewing the files required little more than inspecting the page with tools built into every major internet browser.

The records made accessible by this process include senior figures in national security and technology, both current and former. Among those whom records showed as being registered for the upcoming Dialog event were NATO officials; a current White House intelligence official; a retired general who held a senior role in US intelligence; and the heads of national security policy and partnerships at two leading AI firms. Other figures included a former British security minister, a former Japanese defense minister, and a former Pakistani diplomat. For nearly all, the exposed data is comprehensive, from private contact information to active login tokens.

The records also contained participant lists, schedules, and links to completed questionnaires hosted by Fillout, a service Dialog used to collect information from attendees and store it in Airtable databases. Loading one of those forms returned far more information than the Dialog page itself contained, including dates of birth, emergency contacts, cell phone numbers, the political leanings Dialog assigns to its members, internal rankings and grading notes, and the digital keys that serve as members' logins. Much of that information appeared to come directly from Dialog's Airtable records.

Airtable did not respond to requests for comment.

In a statement to WIRED, Fillout says it was “not aware of any compromise of Fillout systems or active platform vulnerability.” The company says customers configure their own forms, connected data sources, and workflows, and that “the behavior of a given form depends on that configuration.” Fillout declined to comment on any specific customer's forms or records.

Dialog, which did not respond to requests for comment, had outside counsel send a letter this weekend demanding WIRED hand over a copy of the data it had received. The letter, signed by partner D. Reed Freeman at the law firm ArentFox Schiff, characterizes the breach as a “cyberattack” by a “known cybercriminal,” argues the files were “stolen,” and says Dialog has also reported the incident to law enforcement. WIRED has not provided Dialog or its attorneys with any data.

The exposure first came to light after maia arson crimew—a Swiss journalist and cybersecurity researcher who was indicted in the US in 2021 on hacking-related charges but has not been convicted of any crimes—received tips from two sources, she says. One had been reviewing US Department of Justice records related to Jeffrey Epstein when they noticed Dialog’s name on an invitation sent to a third party in 2012, which had been forwarded to the infamous sex offender, and grew curious about the secretive group. A second source later pointed crimew to the retreat app.

crimew says she neither exploited a software flaw nor bypassed any security measures to access the Dialog data, and viewed the same records that were available to every visitor’s browser.

Nicholas Weaver, a member of the nonprofit International Computer Science Institute's network security team, says the exposure bears the hallmarks of a web design error rather than a sophisticated intrusion. “This is negligence and a not-actually-unheard-of anti-pattern,” Weaver says, referring to a common but avoidable mistake.

Aaron Mackey, deputy legal director at the Electronic Frontier Foundation, a digital rights nonprofit, says that based on what’s publicly known about outside access to Dialog data, characterizing the activity as “criminal” appears “far-fetched.” He warns that broad computer-crime laws are sometimes invoked to chill security research, journalism, and other First Amendment–protected activity.

Based on the available details, Mackey says, the incident involved Dialog’s website giving data to people who had entered an email address on the site, rather than anyone bypassing a technical control to gain access. “In that circumstance, they've done nothing more than follow a link on a website,” he says.

The Dialog exposure set off a public scramble among prominent attendees to explain their presence on the list. Ezra Klein, the New York Times columnist, wrote on X that he had attended Dialog twice, in 2018 and 2022, but did not see or speak with Peter Thiel and noted that the people named in his statement “do not trust each other and do not have aligned agendas.” Actor Joseph Gordon-Levitt said on Instagram that he had been to two conferences but had never met or spoken with Thiel, whom he described as his political and ideological opposite. Actress Sophia Bush, who has campaigned against deepfake technology, said she had attended to push back on AI hype and was surprised to learn the group was cofounded by someone “you could not pay me to be in a room with.”