LeRoy Nellis

Contact

My Blog Was Compromised Again — And This Time It Crossed Into My Private Files

By LeRoy Nellis

There is a difference between speculation and documentation.

What follows is not a theory. It is a recorded anomaly that requires investigation.

Over the past 48 hours, I identified a new security incident involving my website, Loopwired.com / LeRoyNellis.blog, raising serious concerns about unauthorized access and the integrity of my digital environment.

What Happened

A document appeared on my blog that was not intentionally published through my normal workflow.

  • Not a draft I uploaded
  • Not a scheduled post
  • Not a recovered revision

What makes this incident materially different is the nature of the document itself.

The content appears to originate from a Google Docs file associated with my working environment, accessed through my personal laptop.

  • Not exported for publication
  • Not uploaded to WordPress
  • Not shared publicly through Google Docs

Yet it appeared—formatted and accessible—on my live site.

Why This Matters

This is not a routine technical issue.

If verified, this scenario suggests one or more of the following:

  • Unauthorized access to my WordPress environment
  • Unauthorized access to my Google account or synced files
  • Cross-system data exposure between local and cloud-based platforms
  • Credential compromise or session hijacking
  • Automated or scripted insertion of content into my site

Each possibility carries significant implications—not just for my platform, but for anyone publishing investigative or legal material online.

Pattern Recognition

This incident does not exist in isolation.

Prior anomalies I have documented include:

  • Unexplained deletions or alterations of published posts
  • Metadata inconsistencies across documents
  • Irregular platform behavior affecting content visibility

Individually, these events could be dismissed. Collectively, they establish a pattern that warrants independent forensic review.

Actions Taken

This incident is being treated as a formal security event.

Immediate steps include:

  • Logging timestamps and affected URLs
  • Preserving current and prior versions of content
  • Reviewing WordPress access logs and plugin activity
  • Auditing Google account login and device history
  • Checking for unauthorized integrations, API access, or session persistence

Further escalation may include:

  • Independent cybersecurity forensic analysis
  • Hosting provider backend log review
  • Formal documentation for legal and evidentiary use

What This Is — and What It Is Not

This is not a conclusion.

It is a documented irregularity that requires technical verification.

However, one fact is clear:

Content appearing publicly without intentional publication—particularly when originating from private working files—is not normal system behavior.

Final Note

This is being published as a matter of record.

Because when systems behave outside expected boundaries, the correct response is not assumption—it is documentation.

Document everything. Ignore nothing.

Further updates will follow as additional facts are confirmed.

About the Author

LeRoy Nellis is an investigative writer and researcher based in Austin, Texas, focused on institutional accountability, digital systems, and pre-trial detention practices. His work documents patterns of systemic failure across legal, technological, and governmental frameworks.