NEW: My post on the student/k-12 tips exposed in "BlueLeaks 2.0" is now up.

P3 Campus and its partner programs like Safe2Say Something PA, Safe2Tell, and Sandy Hook Promise were supposed to provide secure and anonymous ability to report tips.

Promises of security and anonymity do not appear to have been kept. A hacker claims it was easy to gain access and repeatedly access the database to acquire more than 8 million tips.

There is not much anonymous about what I reviewed in the dataset.

Many of the school-related tips I reviewed reported concerns over named students with suicidal ideation or cutting, students being bullied or bullying others, and drugs (mostly vaping) in school. Some students reported cybercriminal activity.

Navigate360, the parent company of P3, still hasn't publicly acknowledged that it was breached and that sensitive information was involved. Their lack of transparency was noted by @douglevin

The dataset has not been leaked publicly, but the "Internet Yiff Machine" who provided it to #ddosecrets and https://infosec.exchange/@mikaelthalen@mastodon.social -- and then to me -- has listed it for sale.

My focus in this post was on the student/school -related tips, but the 93.51 GB dataset has millions of tips that include adult issues and crimes, including drugs, homicide, assaults, etc. I provide one or two examples from the non-student tips to illustrate how sensitive the tips are in this dataset.

This may be the worst breach I've ever seen involving sensitive student information, and I've seen many student-related data breaches over the past two decades.

Read: "P3 Advertised 20+ Years and 0 Security Breaches. You Can Guess What Happened Next.'" at https://databreaches.net/2026/04/16/p3-advertised-20-years-and-0-security-breaches-you-can-guess-what-happened-next/

#BlueLeaks2 #DDoSecrets #databreach #P3Campus #P3Tips #Navigate360 #CrimeStoppers #Safety #Safe2tell #InternetYiffMachine

@zackwhittaker @campuscodi @jgreig @euroinfosec @funnymonkey @mkeierleber @JayeLTee

How to obtain and read the leaked Kash Patel emails on Linux (maybe will work on other OS?)

First download the files from @ddosecrets. They offer both direct DL and torrent options:

https://ddosecrets.org/article/kash-patel-emails

Once you have them unzip the file. These emails are in EML format, and it's possible to import them into Thunderbird so they look just like real emails.

WARNING: If you have TBird hooked up to a live email account you will be able to answer these emails just as if they'd been sent to you. You probably don't want to do this.

I'm running Mint 20.3. Unfortunately the version of TBird in the repository is too old to allow the necessary plugin to work, so I had to install the latest version directly. I used the FlatPak, but any way you can get the latest version is fine. You can download it from:

https://www.thunderbird.net/en-US/

After you have the latest TBird installed go to Addons in the hamburger menu. Search for and install ImportExportTools-NG.

If you already have an actual email account hooked up in TBird skip the next step. If you don't, as I didn't, the only way I could create a local folder was to add a real email account. I could then create a local folder and delete the real account from TBird. It's not necessary to delete it, but having an outgoing server configured when reading leaked emails worries me.

So create a local folder and then right-click on it. You should see an ImportExportTools menu item. Click on that and then Import EML messages and then (most efficient) Import All EML Messages from a Directory and all Subdirectories.

Choose the directory created by unzipping and you're good to go!

#KashPatel #LeakedEmails #DDOSecrets #Handala #Leaks #FBI #HandalaHackTeam

The group "Department of Peace" hacked the DHS' internal tool for managing contracts and leaked a list of contractors working with ICE ~6000 of them released today. https://ddosecrets.org/article/ice-contracts

Here is a handy explorer for it https://micahflee.github.io/ice-contracts/
#ice #DepartmentOfPeace #ddosecrets

ooooh, la la...

#EpsteinFiles #DDoSecrets

Distributed Denial of Secrets

https://ddosecrets.com/

#HackerNews #Distributed #Denial #of #Secrets #DDoSecrets #Cybersecurity #DataPrivacy #InformationSecurity

Une hacktiviste déguisée en Pink Ranger supprime des sites de nazis en live au 39C3

https://fed.brid.gy/r/https://korben.info/hacktiviste-pink-ranger-supprime-sites-nazis-39c3.html