What Happened
On May 2, 2024, The Post Millennial, a conservative Canadian news website, suffered a major data breach that also resulted in website defacement. Attackers accessed three separate databases containing approximately 57 million records, including subscriber information (names, emails, usernames, plaintext passwords, and phone numbers), details on hundreds of writers and editors (IP addresses, physical addresses, and email addresses), and tens of millions of email addresses from thousands of mailing lists allegedly used by the outlet. The exposed data also included physical addresses, genders, IP addresses, and political affiliation information, with the breach not being publicly revealed until January 2025 when it appeared on a darknet forum. The combination of plaintext passwords and personal information like home addresses and phone numbers created significant risks for affected individuals, enabling potential credential-stuffing attacks, phishing campaigns, and identity theft.
