Affiliate links on Android Authority may earn us a commission. Learn more.
We found a database of Nothing community members' emails from 2022 (Update: Nothing statement)
- Email addresses of Nothing Community members from 2022 have been spotted in a database dump online.
- No passwords or other sensitive info has been spotted in the file.
- Nothing has since bolstered its security features since this original leak.
Update, April 22, 2024 (05:30 PM ET): In response to our discovery of this database of email addresses belonging to Nothing community members from 2022, Nothing has delivered the following statement:
In December 2022, Nothing discovered a vulnerability, which impacted email addresses belonging to community members at the time. No names, personal addresses, passwords, or payment information were compromised. Upon this discovery nearly a year and half ago, Nothing took immediate action to remedy the situation and bolster its security features.
We are not sure why this database from a 2022 breach has resurfaced. Regardless, the original, unamended article continues after the break.
Original article, April 22, 2024 (06:45 AM ET): Nothing is riding on a wave of good reception from consumers, thanks to impactful products like the Nothing Phone 2a, which we’ve liked for bringing something new to the budget smartphone market. But the company has also had its share of controversies, like the Nothing Chats debacle, which was a privacy nightmare. Nothing appears to have suffered an alleged data breach recently, as we could locate a bunch of information around Nothing Community profiles floating on the internet.
We have located a file on a text file-sharing website containing a data dump of several Nothing Community profiles. The data present in this dump includes already-public information, such as usernames, display names, join dates, comment counts, last-seen information, forum profile permissions, and more.
However, the dump also includes information that isn’t necessarily public, such as email addresses associated with the forum profile. We could also spot profile suspension fields (used by moderators who manage online forums) but could not immediately locate anything beyond “null” values.
To be clear, we could not locate any passwords in the data dump. However, the email addresses present in the dump do not appear to be easily visible on Nothing Community profiles, thus exposing the email addresses of thousands of Nothing Community members in one file.
Based on the last-seen information, the data appears to be from 2022. Further, based on the information on email addresses, we estimate that information on the first ~2,250 Nothing Community profiles is present in this data dump, including several @nothing.tech emails for community managers. For obvious reasons, we cannot share the data dump.
If we are allowed to speculate, this could be the result of an exposed API. However, the API appears to be inaccessible at the time of writing. Alternatively, it could also be an export file from Nothing Community’s forum management software.
Even though we have not seen any proof of passwords being compromised, we recommend Nothing Community members change their password merely out of abundant precaution.
We’ve contacted Nothing for a statement on this alleged data breach and to learn more about the remedial measures the company has taken to prevent a reoccurrence. We’ll update this article if and when the company responds.