Dialog says – Dialog, the invite-only group co-founded by Peter Thiel, told members last week that a criminal hacker breached a database holding personal information. But an investigation found the files were readable through a publicly accessible landing page for the group
Last week, Dialog told its members and former event participants that their information had been breached. The message blamed a “well-known criminal” who, according to the group, is wanted in the United States.
Dialog’s managing director Juliette Levine said that forensic investigators found that the names of 113 past participants in Dialog events had been exposed. and that “some” people registered for this summer’s Dialog retreat had their information accessed. In response, Levine said Dialog temporarily closed many of its systems.
But a WIRED analysis found something harder to accept: the files were readable to anyone who visited a landing page for the group’s app. Multiple reviews of the site’s publicly accessible architecture point to a misconfiguration rather than a break-in.
Dialog also framed its disclosure as an act of caution. saying it had acted “out of caution” to protect “the safety. privacy. and reputation of every Dialoger past and present.” The group’s claim hinges on the idea that a hacker got in. The technical evidence suggests otherwise—data exposed through the way the page was set up.
The records WIRED first reported on last week include the list of 113 names that Dialog confirmed were past participants. Among them were a sitting NATO commander, two US senators, and the US treasury secretary. They also included a separate, longer list of people registered for an August retreat outside Dublin, Ireland.
The exposed material did not stop at identities. WIRED also reported records showing how the group privately scores attendees, weighing their wealth and prominence when it comes to admission, seating, and pricing.
On the app side, Dialog created a form to distribute information for the August gathering. The process allowed any visitor to sign up using any email address. It did not request a password. After submitting an email. the visitor was taken to a near-empty holding page—yet the same page loaded internal files on some 200 people directly into their browser.
Viewing those files required little more than using the built-in inspection tools in major web browsers.
The records that became accessible through this route contained senior figures in national security and technology, both current and former. Among those listed as registered for the upcoming Dialog event were NATO officials. a current White House intelligence official. a retired general who held a senior role in US intelligence. and heads of national security policy and partnerships at two leading AI firms. Other figures included a former British security minister, a former Japanese defense minister, and a former Pakistani diplomat.
For nearly all of them, the data appeared comprehensive—private contact information alongside active login tokens.
Dialog’s exposure also extended into the questionnaires it used to collect information. The accessible records included participant lists. schedules. and links to completed questionnaires hosted by Fillout. a service Dialog used to collect information from attendees and store it in Airtable databases.
Loading one of those forms returned far more than the Dialog page itself. It included dates of birth. emergency contacts. cell phone numbers. the political leanings Dialog assigns to its members. internal rankings and grading notes. and the digital keys that serve as members’ logins. Much of that information appeared to come directly from Dialog’s Airtable records.
Airtable did not respond to requests for comment.
Fillout. in a statement provided to WIRED. said it was “not aware of any compromise of Fillout systems or active platform vulnerability.” The company said customers configure their own forms. connected data sources. and workflows. and that “the behavior of a given form depends on that configuration.” Fillout declined to comment on any specific customer’s forms or records.
Taken together. the sequence is stark: Dialog notified people of a breach tied to a criminal hacker. but the publicly reachable landing page behavior described by security reviewers made the accessible records possible without breaking anything into the system. The result was the same for those exposed—personal information. internal scoring details. and even login credentials—only the explanation for how it happened has changed.
Dialog Peter Thiel cybersecurity data breach misconfiguration WIRED Airtable Fillout app landing page login tokens invite-only group
So it was hacked or just a website mistake? They keep switching the story.
Misconfiguration sounds like IT needs a talking to, not “criminal hacker” headlines. Also 113 people?? That’s like, not nothing.
Wait, if senators and a NATO commander were in there then why are they acting like it’s no big deal. Like if it was “publicly accessible” then wasn’t it basically leaked the whole time?
This Peter Thiel group always seemed shady to me. I’m not saying it wasn’t “readable” but also hackers are everywhere, so misconfig or not it still feels like a breach. They shut down systems “out of caution” yeah ok but people’s info is still out there, like on the internet it doesn’t just disappear. Also scoring people by wealth… that part sounds worse than the technical stuff honestly.