StopICE Activist Platform Breach Exposes 100,000 Users to Federal Agencies
Learn More
StopICE, an activist platform designed to track and report Immigration and Customs Enforcement (ICE) activities, suffered a major data breach on January 30, 2026.
Attackers exploited vulnerabilities in the StopICE web infrastructure to gain access to the backend database. They stole user records and then overwrote the existing data with memes and apparently sent the user data to federal law enforcement.
The breach was first reported by Thea Felicity and confirmed through social media discussions and proof provided by the hackers. Technical analysis suggests the platform stored passwords in plaintext, allowing the threat actors to easily collect and share credentials with federal authorities. The hackers also accessed precise GPS coordinates, which were reportedly used to identify the residences and frequent locations of activists.
The compromised data includes:
- Full names
- User logins
- Plaintext passwords
- Phone numbers
- Precise GPS coordinates
The number of affected individuals is over 100,000.
Sherman Austin, the platform's organizer, reportedly failed to notify users of the breach immediately. Initial responses from the organization suggested the activity was merely "script trolls" or an attempt to flood the system, instead of a full database compromise. Users on platforms like Reddit reported that federal agents had already begun visiting individuals based on the leaked data before any official warning was issued by the StopICE leadership.
Security professionals recommend that anyone who used the StopICE app immediately change passwords on all other services, especially if they reused their StopICE credentials. Affected individuals should consider seeking legal counsel if their data was part of the leak.
