TLDR
Scammers submitted fraudulent data breach disclosures to the Maine Attorney General's public portal, fabricating incidents that named VRChat (2.4M users) and Discord (10M users) without any real compromise. The portal accepts unverified...
How it works
Scammers submitted fraudulent data breach disclosures to the Maine Attorney General's public portal, fabricating incidents that named VRChat (2.4M users) and Discord (10M users) without any real compromise. The portal accepts unverified...
Red flags
- Breach notice lists vague or inconsistent dates (e.g., discovery after notification, placeholder phone numbers, free Gmail contacts). The cited submitting employee or email does not exist at the company. Official portals accept filings without identity verification, so the appearance of a notice does not prove a real breach
What to do
- 1Verify any breach notice by contacting the company through its official website, never via links or numbers in the notice itself. Check the company's own security advisory page and known reporter outlets before reacting. Treat unsolicited follow up calls
Source
bleepingcomputer
Source reviewed by Mythos Forensic Team
https://www.bleepingcomputer.com/news/security/maine-breach-portal-abused-to-publish-fake-data-breach-disclosures/FAQ
Is Fake data breach notices posted on Maine portal hit VRChat and Discord a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
Breach notice lists vague or inconsistent dates (e.g., discovery after notification, placeholder phone numbers, free Gmail contacts). The cited submitting employee or email does not exist at the company. Official portals accept filings without identity verification, so the appearance of a notice does not prove a real breach
What should I do first?
Verify any breach notice by contacting the company through its official website, never via links or numbers in the notice itself. Check the company's own security advisory page and known reporter outlets before reacting. Treat unsolicited follow up calls
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.