- Maine AG’s breach reporting portal misused with fake messages mimicking Discord and VRChat
- False reports submitted through public intake system; later confirmed hoax and removed
- The portal has been taken offline for investigation, with companies still able to file but public access suspended
The Office of the Maine Attorney General has been forced to take its reporting portal offline after several false disclosures ended up on the website.
The Breach Notification Portal is a public intake system for statutory data breach notifications – so if an organization suffers a breach affecting Maine residents, it can submit its notification through this portal instead of sending an email or mail. Once submitted, the attorney general’s office reviews the notice and usually publishes it for the public to see confirmed incidents affecting residents.
But recently, fraudulent disclosures impersonating Discord and VRChat ended up on the platform, with the latter having to issue a statement that the application was submitted with a fake employee name.
Deactivation of the portal
Soon after, the Maine AG Office confirmed the reports, saying the forgeries were submitted through the state’s reporting system.
“The Office of the Maine Attorney General has been made aware of an apparent abuse of our data breach reporting system,” the statement read.
“After conversations with VRChat, one of two affected companies, it has become clear that the reported data breaches were hoaxes posted by an unknown entity unrelated to either company. These false reports have been removed from the database. We are not aware of any recent legitimate data breach reports from either VRChat or Discord.”
To prevent similar abuse in the future, the Maine AG Office launched an investigation and temporarily disabled public access to the portal.
“We have no independent knowledge of the violations, the submitting entity fills in the information and it goes directly to the site. We will review the one you flagged, thank you,” the Maine Attorney General’s Office told Bleeping Computer.
Businesses can still submit breach notifications through the reporting service, but the general public looking for information should contact the office directly.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
