26 million people were impacted by data exposed by the Post Millennial breach.

26 million people were impacted by data exposed by the Post Millennial breach.

The data of 26,818,266 individuals whose information was compromised in a recent hack of The Post, a conservative news website for millennials, has been added to Have I Been Pwned?

The Post Millennial is a conservative Canadian online news magazine belonging to the Human Events Media Group, which also operates the American ‘Human Events’ news platform.

Both news outlets experienced a cyberattack earlier this month, during which phony messages purporting to be authored by Andy Ngo, the editor of The Post Millennial, were posted on the front pages of the affected websites.

The threat actors post links to the stolen material shared on the vandalized pages and assert that they have taken the company’s email lists, subscriber database, and writer and editor details as part of their attacks.

The information went swiftly online, where it was posted in hacker forums and torrents, making it simple for threat actors and other users to download.

This data allegedly belongs to writers, editors, and subscribers to the sites, which could create significant privacy and security risks for the exposed individuals.

Yesterday, Troy Hunt added the data to the Have I Been Pwned data breach notification service, noting that the data has not been confirmed to have been stolen directly from Human Events or The Post Millennial.

As the leaked data is for a considerable number of users, Hunt decided to add it to HIBP to alert those potentially exposed.

“The breach resulted in the defacement of the website and links posted to 3 different corpuses of data, including hundreds of writers and editors (IP, physical address, and email exposed), tens of thousands of subscribers to the site (name, email, username, phone, and plain text password exposed), and tens of millions of email addresses from several thousand mailing lists alleged to have been used by The Post Millennial (this has not been independently verified),” reads HIBP’s post.

“The mailing lists appear to be sourced from various campaigns not necessarily run by The Post Millennial and contain a variety of different personal attributes, including name, phone, and physical address (depending on the campaign).”

As tweeted by Troy Hunt, while the data was leaked as part of the post-millennial defacement, it is unclear where it originated from.

By the time of writing this, The Post Millennial has not issued a public statement regarding the site’s defacement or to warn its subscribers that data may have been exposed.

In the meantime, reset your passwords and monitor account activity closely if you are a subscriber to the mentioned news outlets. Also, treat all communications (email, call, SMS) with vigilance.

Share This


Wordpress (0)
Disqus ( )