The data from the hack of The Post Millennial conservative news website has been added to Have I Been Pwned, which recently uncovered the information of 26,818,266 people whose data had been stolen. Human Events Media Group is a conservative Canadian media group that runs the American news platform 'Human Events' and The Post Millennial, a conservative Canadian online news magazine
It was reported earlier this month that both news platforms were hacked, leaving their sites' front pages defaced with fake messages that claimed to have been written by Andy Ngo, The Post Millennial's editor.
During the data breach, which also affected the affiliated online news platform Human Events, the site's front pages were defaced and sensitive data, including mailing lists and subscriber details, as well as the information about the writers and editors of the site, was stolen. It has been reported that the exposed data contains full names, email addresses, usernames, passwords, IP addresses, phone numbers, physical addresses, and genders of individuals who have been affected by the cyber-attack.
This could present significant privacy and security risks. It is unclear why Troy Hunt, the founder of Have I Been Pwned, decided to add the leaked data to the service, despite the unknown origin of the leak. It has not been reported that The Post Millennial has released any public statements regarding the breach, nor has Human Events responded to a request for comment regarding the breach.
According to the data, 26,818,266, or 262,666, were compromised, but it has yet to be confirmed that all the compromised accounts are Post Millennial subscribers. It has been suggested that part of the data dump might have been taken from third-party email marketing service providers, according to HIBP. As soon as the hackers took down The Post Millennial and its sister site, Human Events, the attack was spotted. In the letter, they portrayed Andy Ngo as a senior editor at The Post Millennial, rebranded as Angelina Ngo, and used this as a segue to announce the data leak.
As a result, the attackers replaced the homepage with a fake letter that was purported to be from this senior editor. There were brief times when both sites were taken offline and their Twitter accounts were made private, either as a result of the owners' protective measures or possibly by the hackers themselves, as a protective response. Several hours after the defaced content and hacker's note had been removed, a maintenance message was replaced with the message. It soon became clear that the incident wasn't just about defacing websites.
Among the data dumps that were shared by the attackers, there were a large number of unidentified users who downloaded them and later uploaded them to hacking forums and torrent sites to share with other users. In more recent attacks, it has been reported that the attackers have stolen the company's mailing lists, subscribers' database, and writers' and editors' details, including links to those stolen files shared on the defaced pages, which they claim were stolen as part of the attacks.
As soon as the data became available on the Internet, it spread quickly through torrents and hacking forums, making it highly accessible to threat actors and others who wanted to download the information. Developed by the Human Events Media Group, a Canadian company that currently also runs the Human Events news platform in the United States, the Post Millennial is a conservative online news magazine belonging to the Human Events Media Group. Earlier this month, both The Post Millennial and The Post Millennial experienced cyberattacks that caused phoney messages to appear on the front pages of the sites of the victim publications.
The messages appeared to be written by Andy Ngo, the editor of the Post Millennial. They also claim that they have taken the company's email lists, subscriber database, writer and editor details, and a database of the company's email subscribers as part of their attacks as well as links to the stolen material shared on the vandalized pages. This information was quickly published on hacker forums and torrents on the Internet, resulting in the information being easily accessible to threat actors as well as others who may want to use it.
As it stands, the exposed data is believed to belong to writers, editors, and subscribers to the sites, which poses substantial privacy and security risks for the individuals who have been exposed to it. As Troy Hunt reported in his report yesterday, the data was added to the Have I Been Pwned data breach notification service, which notes that the theft of the data from Human Events and The Post Millennial is not confirmed to have taken place directly. HIBP decided to add the leaked data to HIBP to inform affected users of the potential exposure since the leaked data belongs to a considerable number of users.