this post was submitted on 03 Feb 2026
81 points (98.8% liked)

Technology

80273 readers
3626 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
81
Activist platform StopICE denies breach after alleged hack raises alarm (cyberinsider.com)
submitted 12 hours ago by Beep@lemmus.org to c/technology@lemmy.world
8 comments fedilink hide all child comments
 

An activist platform designed to track US immigration enforcement activity, StopICE.net, has come under fire after reports surfaced of a major data breach that allegedly compromised the personal information of over 100,000 users and handed it to federal authorities.

top 8 comments
sorted by: hot top controversial new old
[–] solrize@lemmy.ml 17 points 10 hours ago (2 children)

Why were they collecting that info to begin with? Sounds like asking for trouble.

[–] brickfrog@lemmy.dbzer0.com 6 points 6 hours ago (1 children)

From the posted link

In a lengthy statement released over the weekend, the StopICE team rejected claims that any personal user data was exposed or handed over to authorities. According to them, the platform does not collect names, addresses, or precise GPS coordinates from its users. Instead, it uses anonymized polar coordinate calculations based on ZIP codes to trigger location-based alerts.

The statement also attributes the attempted breach to a personal server allegedly tied to a Customs and Border Protection (CBP) agent in Southern California. The attackers reportedly tried to inject false alerts into the system but were unsuccessful, the platform says, due to countermeasures and quick isolation of the attack vector. The operators claim the attackers fell for “bait” in the form of fake data and API keys, enabling StopICE to trace their networks and even publish associated IP addresses and phone numbers.

StopICE further downplayed the scale of the incident, claiming the only exposure involved temporary file names after a backend management tool update modified security headers, an issue they say was minor and resolved swiftly.

Keep in mind StopICE is a website, not an app, so some of the stuff the hackers claimed they got don't seem to make sense. The only "personal" info I see the website could collect is a phone number if you sign up for text alerts when someone posts an alert at a zip code / city / state.

[–] solrize@lemmy.ml 1 points 2 hours ago (1 children)

Phone # seems like a scary thing to collect. Also, visiting the web site reveals an IP address, maybe also not good. Wonder if there's a more anonymous way to get the alerts out, like if some larger sites sent out alert geolocations along with regular web pages.

[–] brickfrog@lemmy.dbzer0.com 0 points 2 hours ago (1 children)

Eh, SMS could be a burner phone or virtual number but I sort of agree that the site could recommend people do that rather than entering their own real phone number if they want to sign up for optional SMS alerts. It's probably one of those convenience vs privacy issues - how to enable non-tech savvy people to receive optional alerts if they choose to.

[–] solrize@lemmy.ml 1 points 1 hour ago

Burner phone still tracks the person everywhere. Yeah it's hard. Too bad 1-way pagers are near extinct now.

[–] FauxLiving@lemmy.world 17 points 9 hours ago* (last edited 8 hours ago) (1 children)

According to them, the platform does not collect names, addresses, or precise GPS coordinates from its users. Instead, it uses anonymized polar coordinate calculations based on ZIP codes to trigger location-based alerts.

The evidence that there is compromised data comes from screenshots on Reddit that are claimed to be of a chatroom where someone is posting something that looks like personal data which contains information that the site says they do not collect. This isn't exactly a smoking gun.

Given that they are the target of a cyber attack, likely one that is politically motivated, I would assume that the attackers are not above spreading disinformation on social media.

[–] Tetsuo@jlai.lu 2 points 8 hours ago

Yeah I would bet the people hosting the StopICE website knew very well they would be the target of all kinds of attacks.

That doesn't make them cybersecurity experts but I wouldn't be surprised they would have put multiple layers of protection on the site.

Especially when tracking ICE agents you wouldn't want the people reporting their position to also be trackable...

[–] FiniteBanjo@feddit.online 7 points 12 hours ago

The timing of that update modifying security headers is a little suspicious, tbh.