Hackers knocked a major StopICE doxxing site offline, dumped user data and replaced searches with memes, and the fallout revealed panic among the site’s operators and users after the Minneapolis shootings that sparked the campaign.
Images circulating on social media show a coordinated intrusion that crippled one of the largest platforms used to expose ICE officers following the two fatal self-defense shootings in Minneapolis. The breach appears to have hit the site’s core functions and dumped credentials, turning the database and user lists into public liabilities. That sequence left administrators scrambling and supporters openly worried about exposure.
“We were not kidding,” a message to administrators and users of the website read. The note went on to claim the attackers sent user names, logins, passwords, and locations to several government agencies, a clear escalation beyond mere vandalism. The same communique taunted the site’s security practices and those who helped build it.
“Sherman Austin is a terrible coder, so are ‘RC’ Concepcion and Matt Beran,” the message continued. The attackers also altered the site experience: anyone searching the database would be greeted with a Tom Homan meme instead of the usual results. StopICE had been built to let people point at and track license plates they believed belonged to ICE officers, making it one of the more prominent hubs for that activity.
The website’s administrator, Sherman Austin, attempted to reassure his co-conspirators of the website’s safety and asked them to “disregard” the “trolls.” Austin also accused the hackers of working with Customs and Border Patrol, a charge that added confusion to an already chaotic situation. Behind the scenes, screenshots and chat logs exposed users admitting they were panicking over what the leak could mean.
An anonymous account that exposed much of the site’s information showed that, behind the scenes, users were panicking. The public blowup pulled private exchanges into the open and laid bare how poorly secured some of the data stores were. One of the other main figures behind exposing the inner workings of the group behind the site expressed real concern about national security implications.
“Imagine what nation state threat actors can do with this information,” the individual said on X. “They would have access and be able to easily identify government vehicles and agents. We need to hold the people that are hosting these sites accountable. This could possibly be a national security threat.” Those sentences were not idle warnings — leaked plates, routes and names create real operational risk for officers and their families. The concern shifted the debate from free-speech arguments to who is accountable for reckless doxxing.
One account signaled the disruption wouldn’t be the end of the story after New Jersey’s Governor Mikie Sherrill announced a new portal to track and report ICE agents. The new portal and the hack together underscored how volatile and dangerous crowdsourced surveillance can become when combined with low security and political heat. On the right, reactions framed the attack as a cautionary tale about lawlessness and the left’s strategy of targeting enforcement personnel.
This incident shows how digital vigilante campaigns can backfire, exposing not just targets but the people who run and rely on these tools. The compromise also hardens the argument that hostile actors can weaponize loosely held personal data, turning activism into a national security problem. As the dust settles, debates will focus less on intention and more on consequences for public servants and the rule of law.
