Original source (on modern site) | Article images: [1]
Next Article
Breach might have taken place because of an exposed API
What's the story
UK-based smartphone manufacturer, Nothing, has confirmed a security vulnerability that led to a data breach.
The issue was first reported by Android Authority, highlighting the potential risk to numerous community profiles.
The compromised data, that was discovered on a text file-sharing platform, included both public and non-public information associated with community member profiles.
Here's everything we know.
The compromised data included usernames, display names, dates of joining the community, comment counts, last-seen data, and forum profile permissions.
Meanwhile, the non-public information comprised email addresses linked to community member profiles, as well as the details about profile suspensions.
The company clarified that only email addresses were impacted by this breach.
In response to the data breach, Nothing issued a statement acknowledging the security flaw.
The company stated, "In December 2022, Nothing discovered a vulnerability, which impacted email addresses belonging to community members at the time. No names, personal addresses, passwords, or payment information were compromised."
The company has taken swift measures to enhance its security protocols, following this incident that occurred about 18 months ago.
Nothing did not reveal how this information got leaked online. Android Authority believes the data leak might have taken place because of an exposed API, or an export file from the Nothing Community forum management software.
What data was compromised?
Nothing has taken measures to enhance security protocols
No clarity on how info got leaked