Dialog Notifies Members of Data Exposure From Website Misconfiguration

Dialog notified members and past event participants last week that a database containing their personal information had been breached. The notification, emailed by managing director Juliette Levine, stated that forensic investigators found the names of 113 past participants in Dialog events had been exposed along with information for some people registered for this summer's retreat outside Dublin, Ireland.

Wired reported that the records were readable to any visitor who entered an email address on a site distributing a phone app for the August gathering.

The page loaded internal files on some 200 people into the browser without requiring a password, and viewing the files required only standard browser inspection tools. The exposed records include a sitting NATO commander, two US senators, the US treasury secretary, NATO officials, a current White House intelligence official, a retired general who held a senior role in US intelligence, heads of national security policy and partnerships at two leading AI firms, a former British security minister, a former Japanese defense minister, and a former Pakistani diplomat.

For nearly all individuals the data included private contact information, active login tokens, participant lists, schedules, and links to completed questionnaires hosted by Fillout that contained dates of birth, emergency contacts, cell phone numbers, assigned political leanings, internal rankings, and login keys.

Levine said the organization had temporarily closed many of its systems and alleged the exposure was a hack executed by a well-known criminal wanted in the United States. Dialog had outside counsel send a letter demanding Wired hand over the data it received and reported the incident to law enforcement.