(no title)

After the third update where the startup outlined their steps to fix the situation, the hacker added an addendum to their website with a link to the full incident report (in English). You can still find it on the web archive:

https://web.archive.org/web/20251008231051/https://security....

Direct link to the incident report (in English): https://anonfile.co/CZqiAMqc3sYyvHZ/file

The hacker accuses them of vibe coding their entire infrastructure and thus not understanding what they have created. And if only half of the content of the incident report is true, I am inclined to believe him. If you look at the founders and employees on LinkedIn, not even the CTO seems to have any IT-experience. Which in itself wouldn't be that big of a problem but they explicitly marketed their product as extremely secure and local. Seems very hypocritical to me to then not even give a second thought about securing your own infrastructure.

All in all with how they handle it, the startup seems to be just trying to save their image without really working on the flaws in their security, but here is hoping that I am wrong for the sake of their customers.

Some more links to news articles (in German): https://www.borncity.com/blog/2025/10/06/desaster-sicherheit... He did 3 parts on this, as apparently the hacker contacted him directly with insider information.

https://www.derstandard.at/story/3100000291066/localmind-sic...

https://www.heise.de/news/Sensible-Unternehmensdaten-ueber-S...