Damien Wilde / Android Authority
TL;DR
- Several pieces of user information of Nothing Community members have been spotted online, including email addresses.
- The data dump appears to be from 2022 and pertains to early Nothing Community members.
- No passwords have been spotted in the data dump, but we advise Nothing Community users to change their passwords out of abundant precaution.
Nothing is riding on a wave of good reception from consumers, thanks to impactful products like the Nothing Phone 2a, which we’ve liked for bringing something new to the budget smartphone market. But the company has also had its share of controversies, like the Nothing Chats debacle, which was a privacy nightmare. Nothing appears to have suffered an alleged data breach recently, as we could locate a bunch of information around Nothing Community profiles floating on the internet.
We have located a file on a text file-sharing website containing a data dump of several Nothing Community profiles. The data present in this dump includes already-public information, such as usernames, display names, join dates, comment counts, last-seen information, forum profile permissions, and more.
Aamir Siddiqui / Android Authority
However, the dump also includes information that isn’t necessarily public information, such as email addresses associated with the forum profile. We could also spot profile suspension fields (used by moderators who manage online forums) but could not immediately locate anything beyond “null” values.
To be clear, we could not locate any passwords in the data dump. However, the email addresses present in the dump do not appear to be easily visible on Nothing Community profiles, thus exposing the email addresses of thousands of Nothing Community members in one file.
Based on the last-seen information, the data appears to be from 2022. Further, based on the information on email addresses, we estimate that information on the first ~2,250 Nothing Community profiles is present in this data dump, including several @nothing.tech emails for community managers. For obvious reasons, we cannot share the data dump.
If we are allowed to speculate, this could be the result of an exposed API. However, the API appears to be inaccessible at the time of writing. Alternatively, it could also be an export file from Nothing Community’s forum management software.
Even though we have not seen any proof of passwords being compromised, we recommend Nothing Community members change their password merely out of abundant precaution.
We’ve contacted Nothing for a statement on this alleged data breach and to learn more about the remedial measures the company has taken to prevent a reoccurrence. We’ll update this article if and when the company responds.
