Last week, **Dialog**, the clandestine group co-founded by **Peter Thiel**, notified its members and past event participants about a database breach containing their personal information. The organization initially claimed the incident was the work of a 'criminal hacker.' However, an investigation by **WIRED** revealed that the files were readily viewable by anyone visiting a landing page for the group's app, pointing to a significant misconfiguration rather than a sophisticated intrusion. ### The Nature of the Exposure **Juliette Levine**, **Dialog**'s managing director, communicated to affected individuals that names of 113 past participants were exposed, along with information for 'some' people registered for an upcoming summer retreat. **Levine** asserted that the exposure was a 'hack executed by a well-known criminal who is wanted in the United States,' prompting the group to temporarily shut down many of its systems. Contrary to **Dialog**'s claims, multiple reviews of the site's publicly accessible architecture indicate a misconfiguration was the root cause. **WIRED** previously reported on the exposed records, which included the names of a sitting **NATO** commander, two **US Senators**, and the **US Treasury Secretary**, among others. The records also detailed how **Dialog** privately scores attendees based on wealth and prominence. ### How the Data Became Public The exposure stemmed from a **Dialog** site designed to distribute a phone app for an August gathering. This site allowed any visitor to sign up with an email address without requiring a password. Upon submission, the visitor was directed to a holding page that simultaneously loaded internal files pertaining to approximately 200 individuals into their browser. These files could be accessed simply by inspecting the page with standard browser developer tools. ### High-Profile Individuals Affected The accessible records contained comprehensive data on senior figures in national security and technology, both current and former. This included **NATO** officials, a current **White House** intelligence official, a retired general with a senior role in **US** intelligence, and heads of national security policy at leading **AI** firms. Other exposed individuals included a former British security minister, a former Japanese defense minister, and a former Pakistani diplomat. For nearly all, the exposed data was extensive, ranging from private contact information to active login tokens. ### Deeper Data in Third-Party Services The records also included participant lists, schedules, and links to completed questionnaires hosted by **Fillout**, a service **Dialog** used to collect and store attendee information in **Airtable** databases. Loading these forms revealed even more sensitive data, such as dates of birth, emergency contacts, cell phone numbers, **Dialog**'s assigned political leanings for members, internal rankings, grading notes, and digital keys serving as member logins. Much of this information appeared to originate directly from **Dialog**'s **Airtable** records. **Airtable** has not commented on the incident. **Fillout** stated to **WIRED** that it was 'not aware of any compromise of **Fillout** systems or active platform vulnerability,' emphasizing that customers configure their own forms and data sources. ### Legal Repercussions and Expert Opinions **Dialog**, which has not responded to requests for comment, had outside counsel from **ArentFox Schiff** send a letter to **WIRED** demanding the return of the data. The letter, signed by partner **D. Reed Freeman**, characterized the incident as a 'cyberattack' by a 'known cybercriminal' and claimed the files were 'stolen.' **Dialog** has reportedly informed law enforcement. **WIRED** has not provided the data to **Dialog** or its attorneys. **Maia arson crimew**, a Swiss journalist and cybersecurity researcher, initially received tips about the exposure. She stated that she did not exploit any software flaws or bypass security measures, merely viewing records publicly available to any browser visitor. **Nicholas Weaver**, from the **International Computer Science Institute**'s network security team, described the exposure as a 'negligence and a not-actually-unheard-of anti-pattern,' indicating a common, avoidable web design error rather than a sophisticated intrusion. **Aaron Mackey**, deputy legal director at the **Electronic Frontier Foundation**, found the characterization of the activity as 'criminal' to be 'far-fetched.' He warned against using broad computer-crime laws to stifle security research and journalism. **Mackey** clarified that the incident involved **Dialog**'s website providing data to users who simply entered an email, rather than anyone bypassing technical controls. ### Public Fallout Among Attendees The **Dialog** exposure triggered a public scramble among prominent attendees to explain their presence on the list. **Ezra Klein**, a **New York Times** columnist, confirmed attending **Dialog** events in 2018 and 2022 but stated he did not interact with **Peter Thiel**. Actor **Joseph Gordon-Levitt** also confirmed attendance at two conferences, asserting he never met **Thiel**, whom he described as his political opposite. Actress **Sophia Bush** stated she attended to push back against **AI** hype and was surprised to learn of **Thiel**'s co-founding role.