Mikael Thalen Profile picture
Staff writer @dailydot covering tech & politics - mikael.thalen@dailydot.com - Signal: mikaelthalen.11
3 subscribers
Jan 19, 2023 5 tweets 2 min read
NEW: The federal No Fly List was exposed on an open server discovered by a security researcher last week.

The list, which was being stored by the US airline CommuteAir, contained over 1.5 million rows of data including names, aliases, & birth dates. dailydot.com/debug/no-fly-l… The server, discovered by hacker @_nyancrimew, was secured prior to publication.

CommuteAir says the list was a version from 2019.

The Daily Dot was able to find numerous high-profile figures including the recently-freed Russian arms dealer Viktor Bout & at least 16 aliases.
Dec 16, 2022 12 tweets 5 min read
After banning @elonjet, which he said he wouldn’t, Musk has now banned @joinmastodon after it tweeted that users could follow the jet-tracking account on their platform. It appears Washington Post journalist @drewharwell was suspended as well for pointing out that Mastodon was suspended for promoting ElonJet, which I also just did in the above tweet.
Oct 28, 2022 6 tweets 2 min read
A blog run by David Depape, the Berkley man accused of attacking Paul Pelosi with a hammer, has articles titled 'Hitler did nothing wrong,' 'Black pilled,' and 'Pedophile normalization.' Image Source: heavy.com/news/david-dep…
Oct 28, 2022 4 tweets 3 min read
A fake statement from Donald Trump congratulating Elon Musk on his acquisition of Twitter is spreading online.

The fabricated quote claims Trump's account will be reinstated Monday & that the ex-president is "Happy to be able to engage with an African-American owned business." twitter.com/i/web/status/1… It appears the Independent briefly ran with the false claim but has since changed the article's headline.

The incorrect article has already been aggregated by Yahoo News.

webcache.googleusercontent.com/search?q=cache…
Jul 25, 2022 6 tweets 4 min read
NEW: An anti-vaccine dating website that allows users to donate “mRNA FREE” semen left its users’ personal data exposed online.

dailydot.com/debug/anti-vax… The site that was leaking user data, known as 'Unjected,' is similar in design to Twitter but is often referred to as the “Tinder for anti-vaxxers.”

Users can advertise their 'mRNA FREE' blood, sperm, or eggs to one another.
dailydot.com/debug/anti-vax…
Feb 28, 2022 9 tweets 5 min read
NEW: Despite the significant uptick of hacking & leaking amid Russia's invasion of Ukraine, every single method offered by WikiLeaks to submit them documents is broken.

Every submission option featured by WikiLeaks leads to broken sites & errors.

dailydot.com/debug/submitti… On WikiLeaks submission page, users are asked to visit their onion service on the dark web to securely provide them leaks...

Yet their server isn't even online. dailydot.com/debug/submitti…
Feb 27, 2022 5 tweets 3 min read
Just received a DM from the account that has been targeting journalists with phishing attacks.

Looks like others such as @JennaMC_Laugh and @dnvolz were just targeted as well.

The account used to belong to ex-NSA contractor Reality Winner but was seemingly hijacked. Image The phishing page being used by an account posing as Twitter to target journalists is hosted on Google Sites. Image
Feb 22, 2022 4 tweets 2 min read
NEW: A hacker has leaked emails from the ProtonMail inbox of Chris Garrah, founder of the 'Adopt a Trucker' fundraiser.

The emails, provided to DDoSecrets, show Garrah transferring tens of thousands of dollars prior to the Canadian government's crackdown. dailydot.com/debug/hacker-l… UPDATE: Chris Garrah, founder of the 'Adopt a Trucker' fundraiser whose emails were hacked & leaked, gave me the following statement:

'Not much of an email person or computer person but I’ve been told all my accounts and all that stuff has been hacked...'
dailydot.com/debug/hacker-l… Image
Feb 22, 2022 6 tweets 2 min read
Thread: A report discussing Queen Elizabeth's COVID diagnosis on Australia's 'A Current Affair' briefly showed the drug Stromectol (Ivermectin).

It's being widely cited online as proof that the Queen is using Ivermectin.

But a spokesperson for A Current Affair told me otherwise For starters, the report at no point says the Queen is using Ivermectin.

A doctor merely says the Queen 'might' benefit from new medicines.

The spokesperson said the segment was referring to an 'approved infusion medication called Sotrovimab' and that the wrong B-roll was used.
Feb 20, 2022 12 tweets 7 min read
SCOOP: Tried the Truth Social beta.

But not the one Trump & his fans are testing, the one used internally by his team, which left the site publicly accessible online (again).

Registered @realDonaldTrump & found a user praising dictator Augusto Pinochet dailydot.com/debug/truth-so… Again, this is not the mobile beta being discussed online but the internal beta that TMTG's dev team uses to find bugs before updating the app.

Found the page online in Oct. & was tipped by @WhiskeyNeon that a verification page for registrations was open. dailydot.com/debug/truth-so…
Feb 14, 2022 13 tweets 4 min read
BREAKING: GiveSendGo, the crowdfunding website used by the Freedom Convoy, is now redirecting to the domain GiveSendGone[.]wtf.

A video from the Disney film Frozen now appears alongside a manifesto condemning the website and the Freedom Convoy. A file allegedly containing tens of thousands of names of those who donated to the Freedom Convoy has also been leaked.

Working to verify further details.
Feb 10, 2022 7 tweets 3 min read
NEW: GiveSendGo, the crowdfunding service used by the 'Freedom Convoy,' claimed this week that it fixed a leak exposing user data.

But a security researcher has found exposed pics of credit cards, birth certificates, military IDs, SSN cards, & passports.

dailydot.com/debug/givesend… Earlier this week TechCrunch's @zackwhittaker reported that GiveSendGo had an exposed Amazon S3 bucket containing users' private

The company appeared to fix the issue. techcrunch.com/2022/02/08/ott…
Jan 21, 2022 5 tweets 3 min read
NEW: A Capitol rioter accused of beating a cop with a baseball bat has announced a new 'free-speech' social media site from behind bars: 'Liberty Centric.'

The site promises no censorship, bans, or 'fake' fact checking. I quickly found issues.

dailydot.com/debug/capitol-… The site was quietly launched to little attention last year by Jake Lang, an accused rioter who is currently in jail in D.C.

The site's official announcement came this week with the help of the conspiratorial blog The Gateway Pundit.

dailydot.com/debug/capitol-…
Nov 6, 2021 4 tweets 2 min read
Reviewing a trove of more than 600 hours of police helicopter surveillance footage leaked to DDoSecrets.

Footage includes video from the Dallas Police Department and the Georgia State Patrol.

wired.com/story/ddosecre… This screenshot from leaked police helicopter surveillance video, believed to be from the Georgia State Patrol, shows how far in the cameras can zoom.

Redacted these two seemingly random individuals in this shot who were totally unaware that they were being watched. Image
Oct 21, 2021 9 tweets 5 min read
NEW: I spoke with the hacker who discovered that Trump's new social media platform 'TRUTH Social' was openly accessible online.

Here's how they found it: dailydot.com/debug/hacker-t… The hacker, who asked not to be identified but claimed affiliation with the hacking collective Anonymous, first noticed the name of the company behind TRUTH Social's app: T Media Tech LLC.

dailydot.com/debug/hacker-t…
Oct 4, 2021 4 tweets 2 min read
NEW: Hackers operating under the banner of Anonymous have announced a third data leak from the web hosting company Epik.

The leak allegedly contains more bootable disk images as well as a data backup with 'private documents' from the Texas GOP.

dailydot.com/debug/anonymou… This latest leak comes just days after a 300GB cache containing bootable disk images of Epik's servers were released online, which exposed at least 59 API keys for services such as Twitter, Coinbase, and PayPal.

dailydot.com/debug/anonymou…
Sep 29, 2021 8 tweets 3 min read
BREAKING: The hacking collective Anonymous has announced another data leak from the web hosting company Epik.

Data includes full disk images of Epik's server infrastructure & exposes at least 59 API keys for Twitter, Coinbase, PayPal, & more.

Story here: dailydot.com/debug/anonymou… The leak is part 2 of what Anonymous has dubbed “Operation EPIK FAIL.”

The initial leak was made earlier this month and exposed “a decade’s worth” data.

More here: dailydot.com/debug/epik-hac…
Sep 27, 2021 8 tweets 3 min read
NEW: Data from the Oath Keepers has been leaked online after the militia group was allegedly targeted by a hacker.

Data includes chat logs, emails, and information on the group's members and donors.

dailydot.com/debug/oath-kee… The leaked Oath Keepers data was provided to the journalism & transparency collective DDoSecrets.

DDoSecrets co-founder Emma Best (@NatSecGeek) told the Daily Dot that the data sheds new light on the inner-workings of the militia group.

dailydot.com/debug/oath-kee…
Sep 20, 2021 6 tweets 4 min read
NEW: Days after the Capitol riot, 'Stop the Steal' founder Ali Alexander was racing to hide his ownership of over 100 websites.

But Ali used a domain privacy service from Epik, which was just recently hacked.

Here are the websites Ali tried to hide dailydot.com/debug/ali-alex… On Jan. 15, just 9 days after the riot, Alexander signed up for a domain privacy service from Epik known as "Anonymize."

The service would replace his name on his websites' public domain registrars with an Anonymized ID. dailydot.com/debug/ali-alex…
Sep 16, 2021 9 tweets 5 min read
NEW: The hack of web hosting company Epik has revealed the names behind some of the most notorious far-right sites.

A cybersecurity expert I analyzed the data with said Epik was “fully compromised.”

“Maybe the worst I’ve ever seen in my 20-year career.” dailydot.com/debug/epik-hac… As first revealed on Monday by @stevanzetti, the hacking collective Anonymous announced that it had hacked Epik, whose customers have included Parler, Gab, and forums such as TheDonald. dailydot.com/debug/epik-hac…
Jul 30, 2021 7 tweets 4 min read
Exclusive: Leaked chats reveal how the former lead psychologist for Cambridge Analytica is secretly working behind the scenes to influence anti-vaccine efforts.

dailydot.com/debug/leaked-c… Patrick Fagan, who has worked for Cambridge Analytica, the tobacco and gambling industries, as well as on voter deterrence campaigns, is secretly aiding the UK-based organization known as HART.

dailydot.com/debug/leaked-c…