Dialog Claims It Was Hacked. A Misconfigured Website Left Its Members Exposed

A secretive, invite-only group called Dialog — co-founded by billionaire tech investor Peter Thiel — told its members last week that a criminal hacker had broken into their private database. But a closer look by the technology magazine WIRED showed something different. The personal information of members was not stolen through a skilled cyberattack. Instead, it appears to have been left in plain sight on a public webpage because of a basic website setup mistake.

Dialog's managing director, Juliette Levine, sent an email to people affected by the leak. She said that investigators found the names of 113 past Dialog event participants had been exposed. She also said that some people signed up for a Dialog summer retreat had their information accessed. Levine blamed the incident on 'a well-known criminal who is wanted in the United States.'

However, cybersecurity experts who reviewed the website disagreed with that explanation. They said the setup of Dialog's website — not a hacker — was responsible. Experts call this kind of error a 'misconfiguration,' which means the website was set up incorrectly and accidentally made private files available to anyone online.

Here is how the mistake worked: Dialog built a website to share a phone app for its August retreat near Dublin, Ireland. Anyone could visit the site and sign up using any email address, with no password needed. After entering an email, a visitor was taken to a nearly empty page. But that same page also quietly loaded private files about roughly 200 people into the visitor's web browser.

The files that were accidentally made public contained very sensitive information. They included names and private contact details for senior government and military leaders, tech executives, and other powerful figures. Among those listed were NATO officials, a current White House intelligence official, two U.S. senators, the U.S. treasury secretary, and the heads of security policy at two leading artificial intelligence companies. The files also included dates of birth, emergency contacts, cell phone numbers, and even digital login keys.

A Swiss journalist and cybersecurity researcher named maia arson crimew was among the first people to find and review the exposed files. She says she did not exploit any software flaw or break through any security barrier to access the data. She simply visited the website and viewed files that were already available to every visitor's browser. She learned about Dialog after one source noticed the group's name in court documents related to the infamous case of Jeffrey Epstein.

Nicholas Weaver, a network security expert at a nonprofit research institute, said the exposure looked like a web design error, not a sophisticated attack. 'This is negligence and a not-actually-unheard-of anti-pattern,' Weaver said, meaning it was a careless but common type of mistake. Aaron Mackey, a lawyer at the Electronic Frontier Foundation — a group that defends digital rights — agreed. He said calling the incident 'criminal' seemed far-fetched, because the website itself handed over the data to anyone who typed in an email address.

Mackey also warned that broad computer-crime laws are sometimes used to discourage security researchers and journalists from reporting on data leaks. He said what happened here was simple: Dialog's own website gave data to visitors who entered an email address. 'In that circumstance, they've done nothing more than follow a link on a website,' he said.

Dialog did not respond to WIRED's questions. Instead, the group's lawyers sent a letter demanding that WIRED hand over the data it had received. The letter called the incident a 'cyberattack' by a 'known cybercriminal' and said Dialog had reported the matter to law enforcement. WIRED did not give Dialog or its lawyers any data.

The story also revealed something else about Dialog's practices. Records showed that the group privately scores its attendees based on their wealth and status. These scores influence decisions about things like who gets invited, where they sit, and how much they pay to attend.

After the story became public, some well-known attendees quickly spoke out. New York Times columnist Ezra Klein wrote on X that he had attended Dialog events in 2018 and 2022, but said he never met Peter Thiel there. Actor Joseph Gordon-Levitt said on Instagram that he had attended two conferences but had never spoken with Thiel. Actress Sophia Bush said she was shocked to learn the group was co-founded by someone 'you could not pay me to be in a room with.'