StopICE DDNS Site Allegedly Compromised by Border Patrol Officials, Users Warn of Possible Data Exposure

A community warning circulating on Reddit suggests that a website associated withStopICE may have been compromised.

StopICE is an online platform used by immigration watchers. Posts in a subreddit community claim that users' personal login information may have been exposed.

One Reddit user said they received an alert on their phone about a suspected raid. They then visited a StopICE domain, but their internet provider issued security warnings. This prompted concern that the site — or a copy of it — might be malicious or hacked. The poster later acknowledged they might have been mistaken about earlier advice.

They urged caution and noted that they had not received a reply from the website's author. They also suggested that the site's security may have been compromised.

The Reddit poster described being redirected to a version of the StopICE site with a '.ddns' address. DDNS indicates that the site might be served via dynamic DNS, a system that maps changing IP addresses to hostnames. Users said this version of the site had functionality issues.

Pages did not load fully, and menu links often failed. Some users believed it might be a cloned or fake version of the legitimate platform.

The poster advised that entering login or phone details on that site could put personal information at risk. They recommended waiting for clarification from the site's author. At the time, no response had been confirmed.

Cybersecurity experts have been taking note that unofficial domains or cloned websites can be used for phishing. Malicious sites mimic real ones to trick users into entering sensitive information. This includes usernames, passwords, or phone numbers.

Dynamic DNS is widely used for personal servers, cameras, and home networks. On its own, it is not malicious. However, clones or mirror sites using similar hostnames can be risky. Users may mistakenly think they are interacting with the real platform.

Security researchers advise checking domain names and server certificates before entering credentials. Fake or compromised domains can collect or intercept personal data. In some cases, traffic is redirected without the user knowing. This is called DNS hijacking or DNS poisoning.

Source: International Business Times UK