Hackers stole the data of 8 million US police informants.
A California resident feared for his life and wrote to police with the caveat "remain anonymous." He reported a family connected to the Sinaloa drug cartel , described marijuana trafficking schemes, and warned that suspects always carried weapons. Now, this report, like millions of others, has been exposed to the public after a major hack.
Hackers stole data from P3 Global Intel, a Texas-based company. The company operates a cloud-based system through which residents report crimes, often with the promise of complete anonymity. The service is used by Crime Stoppers programs, police, federal agencies, schools, and even the US military.
The leak affected more than 8.3 million records spanning the period from 1987 to November 2025. The archive includes names, addresses, phone numbers, dates of birth, vehicle registration numbers, Social Security numbers, and criminal records. Moreover, the data is not only from suspects but also from the authors of the messages themselves, despite promises to keep their identities confidential.
Industry experts believe such a leak could have serious consequences, including the death of the informants. This isn't just a private risk. Given P3's clientele, the issue also affects national security.
The company that owns Navigate360 stated that it has not yet confirmed the data compromise and has engaged a third-party firm to investigate. Services remain operational. However, the hackers themselves claim that the system's security left much to be desired and contradicts the company's claims of "no hacks in 20 years."
The group THE INTERNET YIFF MACHINE claimed responsibility for the publication. In the accompanying message, the members explicitly stated their hostility toward law enforcement and called for non-cooperation with the police. The archive, in addition to the messages themselves, included user accounts , correspondence, and support requests.
The hack also exposed the service's internal mechanisms. It turned out that P3 clients can retrieve user session information, including IP addresses, upon request. This feature is technically designed to combat abuse, but it's unclear what limitations prevent it from being used to deanonymize message authors.
The way the data was stored is additionally alarming. Message IDs and passwords used by people to check the status of their requests were stored in the database in cleartext, without encryption. The leak also includes correspondence between senders and recipients of the messages, including instructions on how to receive cash rewards for assisting the police.
The archive has already been dubbed " BlueLeaks 2.0," a reference to the 2020 leak that exposed hundreds of gigabytes of US law enforcement data. Representatives of DDoSecrets, who obtained a copy of the database, point to systemic problems: long-term storage of information, weak controls over data sharing, and a failure to protect the identities of individuals mentioned in the messages.
The database's contents demonstrate the scale of P3's operations . The service was used by the US Department of Defense, the Department of Homeland Security, the Department of Justice, and the Department of the Interior. Over several years, government agencies paid the company approximately $1.3 million.
The archive also contains specific stories. For example, a woman who complained to the military investigative department about harassment by a recruiter. She requested anonymity, fearing career repercussions, but received a response: without revealing her identity, the investigation was impossible.
In another post, an open-source intelligence specialist reported on a person viewing CSAM materials. He included website addresses, contact information, and the suspect's IP address. According to the author, he had sent over 100 similar messages in recent years.
Schools are also actively using the system. The leaked files include reports of bullying, suicidal thoughts, and threats of physical violence. In one case, a parent reported a seventh-grader who was fascinated with guns and was experiencing problems due to bullying by classmates. Internal records show that the police conducted an investigation and the child was sent for a psychiatric evaluation, but his full name remained in the database.
There are no signs yet that the hackers intend to publish the entire archive publicly. However, the very fact of the leak already calls into question the key promise of such services: the anonymity that people who decide to report a crime rely on.
A California resident feared for his life and wrote to police with the caveat "remain anonymous." He reported a family connected to the Sinaloa drug cartel , described marijuana trafficking schemes, and warned that suspects always carried weapons. Now, this report, like millions of others, has been exposed to the public after a major hack.
Hackers stole data from P3 Global Intel, a Texas-based company. The company operates a cloud-based system through which residents report crimes, often with the promise of complete anonymity. The service is used by Crime Stoppers programs, police, federal agencies, schools, and even the US military.
The leak affected more than 8.3 million records spanning the period from 1987 to November 2025. The archive includes names, addresses, phone numbers, dates of birth, vehicle registration numbers, Social Security numbers, and criminal records. Moreover, the data is not only from suspects but also from the authors of the messages themselves, despite promises to keep their identities confidential.
Industry experts believe such a leak could have serious consequences, including the death of the informants. This isn't just a private risk. Given P3's clientele, the issue also affects national security.
The company that owns Navigate360 stated that it has not yet confirmed the data compromise and has engaged a third-party firm to investigate. Services remain operational. However, the hackers themselves claim that the system's security left much to be desired and contradicts the company's claims of "no hacks in 20 years."
The group THE INTERNET YIFF MACHINE claimed responsibility for the publication. In the accompanying message, the members explicitly stated their hostility toward law enforcement and called for non-cooperation with the police. The archive, in addition to the messages themselves, included user accounts , correspondence, and support requests.
The hack also exposed the service's internal mechanisms. It turned out that P3 clients can retrieve user session information, including IP addresses, upon request. This feature is technically designed to combat abuse, but it's unclear what limitations prevent it from being used to deanonymize message authors.
The way the data was stored is additionally alarming. Message IDs and passwords used by people to check the status of their requests were stored in the database in cleartext, without encryption. The leak also includes correspondence between senders and recipients of the messages, including instructions on how to receive cash rewards for assisting the police.
The archive has already been dubbed " BlueLeaks 2.0," a reference to the 2020 leak that exposed hundreds of gigabytes of US law enforcement data. Representatives of DDoSecrets, who obtained a copy of the database, point to systemic problems: long-term storage of information, weak controls over data sharing, and a failure to protect the identities of individuals mentioned in the messages.
The database's contents demonstrate the scale of P3's operations . The service was used by the US Department of Defense, the Department of Homeland Security, the Department of Justice, and the Department of the Interior. Over several years, government agencies paid the company approximately $1.3 million.
The archive also contains specific stories. For example, a woman who complained to the military investigative department about harassment by a recruiter. She requested anonymity, fearing career repercussions, but received a response: without revealing her identity, the investigation was impossible.
In another post, an open-source intelligence specialist reported on a person viewing CSAM materials. He included website addresses, contact information, and the suspect's IP address. According to the author, he had sent over 100 similar messages in recent years.
Schools are also actively using the system. The leaked files include reports of bullying, suicidal thoughts, and threats of physical violence. In one case, a parent reported a seventh-grader who was fascinated with guns and was experiencing problems due to bullying by classmates. Internal records show that the police conducted an investigation and the child was sent for a psychiatric evaluation, but his full name remained in the database.
There are no signs yet that the hackers intend to publish the entire archive publicly. However, the very fact of the leak already calls into question the key promise of such services: the anonymity that people who decide to report a crime rely on.
