93 gigabytes. More than 8.3 million records. And a promise — “your anonymity is protected at all times” — sitting in plain text on someone else’s server.

A hacking group calling itself the Internet Yiff Machine has claimed responsibility for breaching P3 Global Intel, a Texas-based platform that manages crime tips for law enforcement agencies, Crime Stoppers programs, military investigators, and more than 30,000 schools across the United States. The stolen data spans from February 1987 to November 2025, and was shared with Straight Arrow News and the leak archive Distributed Denial of Secrets, which dubbed it “BlueLeaks 2.0.”

P3’s parent company, Navigate360, has not confirmed the breach. CEO JP Guilbault said the firm has hired a third-party forensics team and has “not confirmed that any sensitive information has been accessed or misused.” But Straight Arrow News says it corroborated the data’s authenticity by contacting multiple tipsters whose details appeared in the cache. Reuters reported that the hacker gained entry by socially engineering a customer account and then exploiting a system vulnerability. The hacker group said it acted out of animosity toward law enforcement, urging the public: “Don’t do the dirty work for the pigs.”

What the cache contained

The exposed data includes names, email addresses, dates of birth, phone numbers, home addresses, license plate numbers, Social Security numbers, and criminal histories of both accused individuals and, frequently, the tipsters themselves. Chat logs between tipsters and investigators were stored unencrypted. Tipster login credentials sat in plain text.

The breach even captured tips submitted during the December 2024 manhunt for Luigi Mangione, accused of killing UnitedHealthcare CEO Brian Thompson. One tipster who reported a sighting left her email and phone number in her submission — and later told reporters she never received a response from Crime Stoppers.

Among the most sensitive material: school-related tips about self-harm, suicidal ideation, and threats of violence submitted through platforms like Safe2SayPA.org. One 2022 report about a bullied seventh-grader who fixated on firearms included the child’s full name throughout.

The anonymity that wasn’t

The hackers also exposed an internal P3 page describing a feature called “Session Information Disclosure.” The opt-in tool lets law enforcement clients request tipsters’ IP addresses and up to 90 days of session data. The stated purpose is to address “serious misuse or abuse” of the system. What prevents a police officer accused of misconduct from using it to unmask a whistleblower is unclear.

P3 tells tipsters their anonymity is absolute. Its architecture tells a different story.

The cost of broken trust

Mailyn Fidler, a cybersecurity professor at the University of New Hampshire Franklin School of Law, told Straight Arrow News the breach could cause “severe harm and even death to police informants” and poses national security risks, given P3’s government contracts. Four federal departments — Defense, Homeland Security, Justice, and Interior — paid Navigate360 nearly $1.3 million between 2020 and 2025.

School security experts say the damage extends further. Kenneth Trump, president of National School Safety and Security Services, put it plainly: administrators “work so hard to create that trust to get kids to come forward, and kids are not going to trust anonymous reporting if the system is actually not anonymous.” Doug Levin, national director of the K12 Security Information Exchange, has recommended that school districts suspend use of the platform while the investigation is underway.

DDoSecrets is restricting access to journalists and researchers rather than publishing the data. But the damage is already done — not only to the people named in 38 years of tips, but to the fragile premise that institutions will protect those who speak to them in secret.

Sources