More than 116,000 instances of employee data linked to The New York Times, The Wall Street Journal and The Washington Post were exposed on the dark web, according to a report by Semafor citing a study by Proton and Constella Intelligence.
The report said more than 35,000 email addresses linked to employees across the three organizations were found in data exposures over the past five years.
According to Proton, more than half of the exposed records included personal information such as names, phone numbers, dates of birth and addresses. Thousands of passwords were also reportedly exposed.
The company said the leaked information could increase risks related to phishing, blackmail and harassment targeting journalists and media organizations.
Security Risks
Proton said it alerted the chief technology officers of all three organizations and advised journalists to change passwords and use password managers.
"The reporters and their organizations are not to blame here," Proton said in comments shared with Semafor. "It's a structural problem that affects everyone who uses the internet."
The Washington Post said the report did not indicate the newspaper itself had suffered a direct security breach.
The findings come amid broader cybersecurity concerns across the technology sector. Last week, GitHub, owned by Microsoft Corp (NASDAQ:MSFT) said it was investigating unauthorized access to internal repositories after hackers claimed to have stolen source code and internal data tied to thousands of repositories.
Earlier this year, hackers also claimed to have stolen nearly 80 million records linked to Rockstar Games through a third-party vulnerability involving Snowflake Inc. (NYSE:SNOW) and analytics provider Anodot. Reports said the breach was tied to compromised external systems rather than Snowflake's own infrastructure, highlighting growing cybersecurity risks tied to vendors and cloud platforms.
Image via Shutterstock
Login to comment