Data from Nothing's community profiles leaked on the web

UK-based smartphone manufacturer, Nothing, has confirmed a security vulnerability that led to a data breach. The issue was first reported by Android Authority, highlighting the potential risk to numerous community profiles. The compromised data, that was discovered on a text file-sharing platform, included both public and non-public information associated with community member profiles. Here's everything we know.

What data was compromised?

The compromised data included usernames, display names, dates of joining the community, comment counts, last-seen data, and forum profile permissions. Meanwhile, the non-public information comprised email addresses linked to community member profiles, as well as the details about profile suspensions. The company clarified that only email addresses were impacted by this breach.

Nothing has taken measures to enhance security protocols

In response to the data breach, Nothing issued a statement acknowledging the security flaw. The company stated, "In December 2022, Nothing discovered a vulnerability, which impacted email addresses belonging to community members at the time. No names, personal addresses, passwords, or payment information were compromised." The company has taken swift measures to enhance its security protocols, following this incident that occurred about 18 months ago.

No clarity on how info got leaked

Nothing did not reveal how this information got leaked online. Android Authority believes the data leak might have taken place because of an exposed API, or an export file from the Nothing Community forum management software.