Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Dialog, order only a group composed of Peter Thielwas informed members and past participants last week that the database containing their information was hacked, they say it is a hacker. But a WIRED review found that the files were read from anyone who visited the group’s app’s home page — which security experts describe as a flaw that made the data publicly available.
The notice to the people affected by the information notice, sent by email by the director of Dialog Juliette Levine and given to WIRED, said that the legal investigators found that the names of 113 people who participated in the events of Dialog were revealed and, separately, “some” who registered to return to Dialog this summer had information. Levine said the agency has temporarily shut down many of its operations in response.
Levine said that the disclosure was “a crime committed by a known and wanted criminal in the United States,” and added that the group “took prudent steps” to protect the “security, privacy, and reputation of every Dialoger past and present.”
Several publicly available comments on the site’s design, however, point to a bug, not a hack.
THE WIRE first report on Dialog articles last week. It includes a list of 113 names that Dialog has confirmed were involved in their breach – among them the head of NATO, two US senators, and the US Treasury secretary – and a long, long list of people who signed up to return in August outside Dublin, Ireland. WIRED also reported on documents that revealed the group’s status privately score attendancemeasuring their wealth and popularity in decisions about entry, stay, and prices.
The Dialog site, set up to share the phone program for the August meeting, will allow each guest to register using any email address. It did not ask for a password. After sending the email, the visitor was taken to a nearby blank page; the same site also loaded the internal files of about 200 people into their browser. Viewing files requires more than browsing the web with tools built into every major web browser.
The documents obtained by this process include national security officials and the current, current and past. Among those whose documents showed that they were registered for the upcoming Dialog event were NATO officials; White House intelligence officer; a retired high-ranking officer in US intelligence; and heads of national security law and partnerships at two leading AI companies. Others included a British defense minister, a former Japanese defense minister, and a former Pakistani ambassador. For almost everything, the exposed information is comprehensive, from private information to access tokens.
The document also contained a list of participants, agendas, and links to questionnaires completed by Fillout, a Dialog service used to collect information from attendees and store it in the Airtable database. Entering one of these forms also brought up more information than the Dialog website contains, including birthdays, emergency contacts, cell phone numbers, political discussions that give its members, internal layouts and documents, and digital keys that serve as members. Much of this information appeared to come from Dialog’s Airtable records.
Airtable did not respond to a request for comment.
In a statement to WIRED, Fillout says it was “not aware of any disruption to Fillout’s operations or the platform’s vulnerability.” The company says that customers configure their forms, data sources, and workflows, and that “the performance of a given form depends on that configuration.” Fillout declined to comment on the forms or customer records.
