{"id":237031,"date":"2026-06-25T05:57:00","date_gmt":"2026-06-25T09:57:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/25\/elite-network-says-it-was-hacked-after-members-personal-data-was-left-exposed\/"},"modified":"2026-06-25T09:50:10","modified_gmt":"2026-06-25T13:50:10","slug":"elite-network-says-it-was-hacked-after-members-personal-data-was-left-exposed","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/25\/elite-network-says-it-was-hacked-after-members-personal-data-was-left-exposed\/","title":{"rendered":"Elite network says it was hacked after members&#8217; personal data was left exposed"},"content":{"rendered":"<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/privacy\/2026\/06\/elite-network-says-it-was-hacked-after-members-personal-data-was-left-exposed\">Elite network says it was hacked after members&#8217; personal data was left exposed<\/a><\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/privacy\/2026\/06\/elite-network-says-it-was-hacked-after-members-personal-data-was-left-exposed\">https:\/\/www.malwarebytes.com\/blog\/privacy\/2026\/06\/elite-network-says-it-was-hacked-after-members-personal-data-was-left-exposed<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-25 05:57:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.malwarebytes.com\">www.malwarebytes.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>Some organizations exist to be exclusive. They\u2019re invite-only, and discreet, the kind of place where the membership directory is the product. <\/p>\n<p>Dialog, the exclusive network founded by billionaire investor and PayPal co-founder Peter Thiel, whose members include a sitting NATO commander, two US senators, and the US Treasury Secretary, is one of those. <\/p>\n<p>Last week, information on hundreds of those members was sitting in plaintext on its app distribution site, visible to anyone who knew how to right-click. Then Dialog said it had been hacked.<\/p>\n<p>A signup page that led straight to members\u2019 files<\/p>\n<p>The site was set up to distribute a phone app to support an upcoming gathering for the network, which arranges high-end get-togethers. Any visitor could sign up using any email address. It did not request a password.<\/p>\n<p>After submitting an email, the visitor landed on a near-empty holding page that reportedly loaded internal files on roughly 200 high-profile people directly into their browser. They were visible using \u201ctools built into every major browser,\u201d which appears to refer to the browser\u2019s built-in developer tools.<\/p>\n<p>Those files were not minimal. Loading the questionnaire forms returned dates of birth, emergency contacts, cell phone numbers, the political leanings Dialog assigns to its members, internal rankings and grading notes, and the digital keys that serve as members\u2019 logins. For nearly all of them, the exposed data was comprehensive, from private contact information through to active login tokens.<\/p>\n<p>The records also included a current White House intelligence official, a retired general who held a senior role in US intelligence, and the heads of national security policy at two leading AI firms. Dialog also privately scores attendees, weighing their wealth and prominence in decisions about admission, seating, and pricing. Those scores were among the things sitting in the public HTML.<\/p>\n<p>Dialog on the defensive<\/p>\n<p>Dialog\u2019s managing director described the access as a hack<\/p>\n<p> \u201cexecuted by a well-known criminal who is wanted in the United States.\u201d <\/p>\n<p>WIRED, which broke the story, found no evidence that any break-in was required. In fact, it seems to have involved little more than clicking on a link on a web page.<\/p>\n<p>The forms were built using Fillout, a popular online form builder. The data was stored in Airtable, a widely used cloud database platform. Fillout said it was unaware of any compromise to its own systems and noted that customers are responsible for configuring their forms, connected data sources, and workflows.<\/p>\n<p>Dialog has not said when the misconfigured page first went live, meaning members\u2019 data could have been openly accessible for an indeterminate period before it was discovered.<\/p>\n<p>Security misconfiguration now ranks #2 on the OWASP Top 10 for 2025, which is an industry list of the top application security risks. It has risen from #5 in 2021. The category accounts for more than 719,000 of documented security weaknesses.<\/p>\n<p>The fix is also routine: build systems with only the features you need, and configure them securely.<\/p>\n<p>What this means for the rest of us<\/p>\n<p>How organizations describe incidents matters beyond a single breach. If simply accessing publicly available information is routinely labeled a \u201chack,\u201d security researchers may become more reluctant to investigate and responsibly disclose exposed systems, leaving misconfigurations undiscovered for longer.<\/p>\n<p>For end users, the lesson is older than the internet. If an organization collects your date of birth, your emergency contacts, and a private score of how much you\u2019re worth to them, ask where that data lives. Any answer involving \u201cour website\u201d deserves a second question, and anything that stops at \u201cwe take your security very seriously\u201d deserves further questioning.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Elite network says it was hacked after members&#8217; personal data was left exposed https:\/\/www.malwarebytes.com\/blog\/privacy\/2026\/06\/elite-network-says-it-was-hacked-after-members-personal-data-was-left-exposed Publish&#8230;<\/p>\n","protected":false},"author":1,"featured_media":237032,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2026\/06\/red-carpet-event.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,30],"class_list":["post-237031","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-breach"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237031"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=237031"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237031\/revisions"}],"predecessor-version":[{"id":237033,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237031\/revisions\/237033"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/237032"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=237031"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=237031"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=237031"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}