More than 26 million people have had their personal data exposed on the dark web following a cyberattack on Post Millennial and Human Events.
Post Millennial and Human Events are conservative media publications – the former for the Canadian market, and the latter for the US, owned by the Human Events Media Group.
Earlier this month, a threat actor defaced both websites, left a message impersonating the editor, and stole employee and subscriber data, including full names, email addresses, usernames, account passwords, IP addresses, phone numbers, postal addresses, and genders.
Various campaigns
Since both websites target those with far-right, or conservative political views, ahead of the US presidential elections, the repercussions of this data breach could be severe, from simple identity theft, to different ways the data can be used to alter the outcome of the elections. In total, 26.8 million people have had their data stolen.
Troy Hunt, the owner and maintainer of the Have I Been Pwned? website said the database was added, but questioned where it actually came from:
“The breach resulted in the defacement of the website and links posted to 3 different corpuses of data including hundreds of writers and editors (IP, physical address, and email exposed), tens of thousands of subscribers to the site (name, email, username, phone and plain text password exposed), and tens of millions of email addresses from several thousand mailing lists alleged to have been used by The Post Millennial (this has not been independently verified),” he said.
“The mailing lists appear to be sourced from various campaigns not necessarily run by The Post Millennial and contain a variety of different personal attributes including name, phone and physical address (depending on the campaign).”
Via BleepingComputer