Tip‑app leak hit 30K schools
What happened
A potential breach in an anonymous tip app may have exposed personal data tied to students at more than 30,000 schools—highlighting third‑party SaaS risk in K‑12. The incident underscores reviewing vendor data permissions and enforcing least‑privilege on every integrated application. (edweek.org)
Why it matters
A threat actor using the alias "Internet Yiff Machine" claimed on March 18, 2026 to have exfiltrated data from P3 Global Intel, the tip-management platform operated by Navigate360. (Reuters) Distributed Denial of Secrets published a release it labeled "BlueLeaks 2.0," providing a 91.53‑gigabyte dataset that it says came from the P3 platform. (DDoSecrets) The attacker and several reporters say the haul totals roughly 93 GB and more than 8 million tips spanning decades, with source timestamps reported from the 1980s through 2025. (Yahoo / The Breach) Journalistic sampling and reporting indicate the leak contains tip text plus extensive identifiers—including names, emails, dates of birth, phone numbers, home addresses, license plates and Social Security numbers—and also appears to include customer account records and support tickets. (Yahoo / Straight Arrow News) Navigate360 CEO J.P. Guilbault said the company has engaged an independent third party to investigate, that P3 systems remain operational, and that the company had not yet confirmed data access or misuse as of the initial statement. (Cybernews / Reuters) DDoSecrets says it will make the BlueLeaks 2.0 material available to vetted journalists and researchers, and the release intentionally echoes the 2020 "BlueLeaks" publication that exposed 269 GB of law‑enforcement files. (DDoSecrets / The Breach)
Key numbers
- A potential breach in an anonymous tip app may have exposed personal data tied to students at more than 30,000 schools—highlighting third‑party SaaS risk in K‑12.
- (edweek.org) A threat actor using the alias "Internet Yiff Machine" claimed on March 18, 2026 to have exfiltrated data from P3 Global Intel, the tip-management platform operated by Navigate360.
- (Reuters) Distributed Denial of Secrets published a release it labeled "BlueLeaks 2.0," providing a 91.53‑gigabyte dataset that it says came from the P3 platform.
- (DDoSecrets) The attacker and several reporters say the haul totals roughly 93 GB and more than 8 million tips spanning decades, with source timestamps reported from the 1980s through 2025.
What happens next
- (Cybernews / Reuters) DDoSecrets says it will make the BlueLeaks 2.0 material available to vetted journalists and researchers, and the release intentionally echoes the 2020 "BlueLeaks" publication that exposed 269 GB of law‑enforcement files.
- (DDoSecrets / The Breach) A potential breach in an anonymous tip app may have exposed personal data tied to students at more than 30,000 schools—highlighting third‑party SaaS risk in K‑12.
Sources
Quick answers
What happened in Tip‑app leak hit 30K schools?
A potential breach in an anonymous tip app may have exposed personal data tied to students at more than 30,000 schools—highlighting third‑party SaaS risk in K‑12. The incident underscores reviewing vendor data permissions and enforcing least‑privilege on every integrated application. (edweek.org)
Why does Tip‑app leak hit 30K schools matter?
A threat actor using the alias "Internet Yiff Machine" claimed on March 18, 2026 to have exfiltrated data from P3 Global Intel, the tip-management platform operated by Navigate360. (Reuters) Distributed Denial of Secrets published a release it labeled "BlueLeaks 2.0," providing a 91.53‑gigabyte dataset that it says came from the P3 platform. (DDoSecrets) The attacker and several reporters say the haul totals roughly 93 GB and more than 8 million tips spanning decades, with source timestamps reported from the 1980s through 2025. (Yahoo / The Breach) Journalistic sampling and reporting indicate the leak contains tip text plus extensive identifiers—including names, emails, dates of birth, phone numbers, home addresses, license plates and Social Security numbers—and also appears to include customer account records and support tickets. (Yahoo / Straight Arrow News) Navigate360 CEO J.P. Guilbault said the company has engaged an independent third party to investigate, that P3 systems remain operational, and that the company had not yet confirmed data access or misuse as of the initial statement. (Cybernews / Reuters) DDoSecrets says it will make the BlueLeaks 2.0 material available to vetted journalists and researchers, and the release intentionally echoes the 2020 "BlueLeaks" publication that exposed 269 GB of law‑enforcement files. (DDoSecrets / The Breach)
