Your personal information may be in the wrong hands.
Millions of consumers' personal information was compromised in a recent data breach at The Post Millennial.
We’ll explore the consequences of this breach, how it occurred, and the steps you may take to reduce the risks in this post.
Threat actors attacked The Post Millennial, a Canadian news source, on May 2, 2024.
Three databases, purportedly containing all of the news outlet's email lists, subscriber information, and private information on its authors and editors, were released along with a fake statement supposed to be from Andy Ngo, the editor of the publication.
Since the incident, this information has been shared widely and was posted on BreachForums.
In the course of the attacks, the threat actors publish links to the stolen material shared on the defaced pages, claiming to have taken the company's email lists, subscriber database, and information about its writers and editors.
editors.json: this includes the name, personal email, phone and sometimes address of the journo. Given the politically charged nature of some of the content, PII exposure of this nature is extra concerning. It's now easy to match a story to someone's physical address and phone.
— Troy Hunt (@troyhunt) May 10, 2024
Troy Hunt provided the information to the Have I Been Pwned data breach notice service yesterday. He stated that there is no proof that the data was taken directly from The Post Millennial or Human Events.
Just to be *ultra* clear before proceeding, this is "alleged" to have been taken from The Post Millennial along with the other data but as it wasn't directly collected by them, that's hard to emphatically verify without a statement from them (more on that soon).
— Troy Hunt (@troyhunt) May 10, 2024
Hunt decided to add the compromised data to HIBP to notify anyone who might be at risk, given that it pertains to a sizable user base.
According to HIBP:
"The mailing lists appear to be sourced from various campaigns not necessarily run by The Post Millennial and contain a variety of different personal attributes including name, phone and physical address (depending on the campaign)."
A recent attack that targeted The Post Millennial has exposed information of over 26 million people, according to the Have I Been Pwned data breach reporting service.
The data breach led to sensitive data being stolen and the front pages of both websites being vandalized. It also affected the associated online news portal Human Events.
The Post Millennial writers' and editors' names, usernames, addresses, IP addresses, emails, phone numbers, and account information are all included in the 761 records that make up the writers and editors database.
Some entries seem to be filled with a certain amount of bogus or placeholder data, but other data looks accurate and connected with news outlet contributors. For instance, "Zimbabwe" is listed as the user's nation in 540 out of 761 records.
Along with party affiliation, gender, donation amounts, work titles, social media handles, and even what appear to be contact center employees' sales notes, the data also includes information about individuals' political opinions.
A large amount of private information was made public by The Post Millennial data breach, posing many privacy dangers to those who were impacted.
The privacy risks include:
Identity Theft | Cybercriminals can use names, email addresses, and possibly other personal information to impersonate people and steal personal identities. |
Financial Loss | People may incur false charges if their payment information is hacked. |
Account Takeovers | When hackers get access to another person's online account, they can take control of that account by using stolen email addresses and passwords. |
Phishing Attacks | By using exposed email addresses, con artists can use phishing scams to target people and steal their money or personal information. |
Targeted Advertising | The leaked data can be used to create detailed profiles of individuals, which can be exploited for targeted advertising or other forms of manipulation. |
Harassment and Doxxing | Publicly available personal data, including email addresses and physical addresses, can be used to harass or dox journalists. |
Because post-millennial websites usually collect sensitive data from their subscribers, there are particular issues associated with a data breach on these types of websites.
These platforms frequently contain a wealth of personally identifiable information, all of which can be extremely valuable to hackers. So you should consider taking these prompt safety measures in the course of a data leak:
PurePrivacy is a complete solution to protect your online identity as we understand the growing worries over internet privacy. With PurePrivacy at your fingertips, you can:
You can scan the dark web for any data leaks and get notified right away with this efficient monitoring system if your personal information is exposed.
You can find out what hidden profiles data brokers have made on you with the help of the Data Broker Scan. You can identify these online records using PurePrivacy and take action.
You can take control of your online profile by automatically deleting or hiding social media posts. Keep inappropriate or out-of-date content out of the wrong hands.
You can protect yourself from tracking that isn't necessary by disabling invasive cookies and website domains from harvesting your data.
Earlier last month, three databases connected to the news outlet The Post Millennial revealed over 87 million user’s information, including over 57 million unique email addresses and over 39,000 passwords.
The Post Millennial is an online far-right Canadian publication that is available in English. Established in 2017, it distributes both local and national news along with a substantial volume of opinion pieces. Since 2022, it has been owned by Human Events Media Group, the parent organization of the right-wing American website Human Events.
If the service you use has notifications, turn them on and keep an eye out for any unusual login attempts. Watch out for emails and texts purporting to be password retrieval scams, and only update your account information by visiting the official website.
Malicious actors gain access to your network if they know your login and password combination. Because most people repeat their passwords, hackers can access email, websites, bank accounts, and other forms of personally identifiable information (PII) or financial information by using hacking attacks.
Millions of users' private information was compromised in the Post Millennial data breach, underscoring the critical necessity for strong cybersecurity protections for user data.
This incident highlights the need to give online safety a top priority and highlights the potential consequences of careless data handling practices.