What happened in the Nothing company data breach?

The UK-based smartphone company Nothing experienced a data breach that compromised the email addresses of its community members. The breach, first reported by Android Authority and later acknowledged by the company, involved the leakage of usernames, display names, comment counts, last-seen information, join dates, forum profile permissions, email addresses linked to community member profiles, and profile suspension fields.

What information was compromised in the Nothing data breach?

In the data breach, the information compromised included usernames, display names, comment counts, last-seen information, join dates, forum profile permissions, email addresses linked to community member profiles, and profile suspension fields. No other personal information such as names, physical addresses, passwords, or payment details were compromised.

What actions did Nothing take following the discovery of the data breach?

Upon discovering the data breach in December 2022, Nothing took immediate action to remedy the situation. The company addressed the vulnerability that impacted email addresses of community members and bolstered its security features to prevent further incidents.

Why is the leaked data from the Nothing data breach surfacing now?

It is unclear why the data from the Nothing data breach is now leaked online. No details have been disclosed about the number of affected individuals or the specific reasons for the delayed surfacing of this data.

Incident

Mobile company Nothing community member data leaked online

Q: What caused the Nothing data breach?

The original vulnerability that led to the Nothing data breach might have been due to an exposed API or an export file from the community forum management software. However, specific details about the cause are not clearly defined.

published: April 23, 2024

Learn More

The UK-based smartphone company Nothing has confirmed a data breach that compromised the email addresses of its community members.

The breach was first reported by Android Authority and later acknowledged by the company. The leaked data includes:

usernames,
display names,
comment counts,
last-seen information,
join dates,
forum profile permissions,
email addresses linked to community member profiles,
profile suspension fields.

The company states that no other personal information such as names, physical addresses, passwords, or payment details were compromised. The data is from 2022, probably related to a data breach from December 2022.

The company issued the following statement:

In December 2022, Nothing discovered a vulnerability, which impacted email addresses belonging to community members at the time. No names, personal addresses, passwords, or payment information were compromised. Upon this discovery nearly a year and half ago, Nothing took immediate action to remedy the situation and bolster its security features.

The original vulnerability might have been due to an exposed API or an export file from the community forum management software.

It's unclear why the data is now leaked online. No details are disclosed about the number of affected individuals.

Mobile company Nothing community member data leaked online

Read More
Flickr Discloses Data Breach Linked to Third-Party Email …
Google Ads reporting glitch exposes competitor data
Booking.com Notifies Customers of Data Breach and Targeted …
BePrime Cybersecurity Breach Exposes Client Pentest Reports and …
Datamaxx Applied Technologies reports data breach