Nothing confirms data breach of community profiles: Everything we know
What's the story
UK-based smartphone manufacturer, Nothing, has confirmed a security vulnerability that led to a data breach. The issue was first reported by Android Authority, highlighting the potential risk to numerous community profiles. The compromised data, that was discovered on a text file-sharing platform, included both public and non-public information associated with community member profiles. Here's everything we know.
Breach content
What data was compromised?
The compromised data included usernames, display names, dates of joining the community, comment counts, last-seen data, and forum profile permissions. Meanwhile, the non-public information comprised email addresses linked to community member profiles, as well as the details about profile suspensions. The company clarified that only email addresses were impacted by this breach.
Company statement
Nothing has taken measures to enhance security protocols
In response to the data breach, Nothing issued a statement acknowledging the security flaw. The company stated, "In December 2022, Nothing discovered a vulnerability, which impacted email addresses belonging to community members at the time. No names, personal addresses, passwords, or payment information were compromised." The company has taken swift measures to enhance its security protocols, following this incident that occurred about 18 months ago.
Information
No clarity on how info got leaked
Nothing did not reveal how this information got leaked online. Android Authority believes the data leak might have taken place because of an exposed API, or an export file from the Nothing Community forum management software.