Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Android Central
Android Central
Technology
Brady Snyder

Nothing data breach comes to light, affecting community members

The Glyph lights illuminated on the back of a Nothing Phone (2).

What you need to know

  • Nothing has confirmed a data breach from 2022 that saw the data of 2,250 Nothing Community members left vulnerable.
  • While no passwords or other types of sensitive information were accessible in the breach, the email addresses of users were stolen.
  • Now, the email addresses and other information related to the breach were found online in an apparent database dump.

Nothing came under fire after initially partnering with Sunbird for Nothing Chats, the company that left user messages completely unencrypted and easily accessible. Unsurprisingly, Nothing Chats was shut down quickly, but not before Nothing's reputation took a hit. Now, an earlier data breach on the Nothing Community forums from 2022 has surfaced, affecting thousands of users. 

The situation came to light on Sunday, April 21, when a few users on X (formerly Twitter) reported discovering personal information used with Nothing Community accounts on an online database. Most of the data included in the dump was already publicly available, like Nothing Community usernames. However, user emails (which are not public-facing on Nothing Community) were also leaked. 

The posts were first blurred and then eventually taken down to prevent bad actors from exploiting the data exposed in the database. Android Authority found and confirmed that the database existed, adding that there is no evidence user account passwords were leaked. In addition to user data, official emails of Nothing employees were also discovered in the online database. 

Nothing confirmed the data breach in a statement to Android Authority on Monday evening, stating that the vulnerability dated back to 2022. 

"In December 2022, Nothing discovered a vulnerability, which impacted email addresses belonging to community members at the time," the company said. "No names, personal addresses, passwords, or payment information were compromised. Upon this discovery nearly a year and half ago, Nothing took immediate action to remedy the situation and bolster its security features."

(Image credit: Nicholas Sutrich / Android Central)

As far as data breaches are concerned, the Nothing Community leak appears to have a very small scope. Aside from seeing an uptick in spam emails, there will likely be limited impact to Nothing Community users following the breach. Users can change their passwords just to be save, but that probably isn't necessary because no Nothing Community account passwords were stolen. 

Notably, it does not appear that Nothing made an attempt to contact affected users that their email addresses may have been exposed. It did make undisclosed internal changes to protect user data going forward, however.

While relatively minor, it's the latest recent instance of Nothing being the center of a data and privacy incident. Although the vulnerabilities date back to 2022, this breach comes to the surface as users still recall the Nothing Chats debacle quite well, as Sunbird stages a comeback

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.