What happened
According to public breach records, the The Post Millennial data breach on May 2, 2024 is reported to have exposed the personal information of 56,973,345 accounts.
In May 2024, the conservative news website The Post Millennial suffered a data breach. The breach resulted in the defacement of the website and links posted to 3 different corpuses of data including hundreds of writers and editors (IP, physical address and email exposed), tens of thousands of subscribers to the site (name, email, username, phone and plain text password exposed), and tens of millions of email addresses from thousands of mailing lists alleged to have been used by The Post Millennial (this has not been independently verified). The mailing lists appear to be sourced from various campaigns not necessarily run by The Post Millennial and contain a variety of different personal attributes including name, phone and physical address (depending on the campaign). The data was subsequently posted to a popular hacking forum and extensively torrented.
Passwords in this breach were reportedly stored in plaintext.
In early May 2024, the conservative news site The Post Millennial (along with sister site Human Events) was taken offline and its homepage defaced with a fake letter purportedly from a senior editor, which the attackers used to announce a data leak. The exposed data spanned three groups: staff writers and editors (IP addresses, physical addresses, and emails), tens of thousands of site subscribers (names, emails, usernames, phone numbers, and plaintext passwords), and tens of millions of email addresses drawn from mailing lists. The attackers linked to the dumps, which were then shared on hacking forums and torrented; Have I Been Pwned cataloged the incident on May 10, 2024.
What data was exposed
The following types of personal data were compromised:
- Email addresses
- Genders
- IP addresses
- Names
- Passwords
- Phone numbers
- Physical addresses
- Usernames
Breach details
| Detail | Value |
|---|---|
| Breach name | The Post Millennial |
| Date | May 2, 2024 |
| Accounts affected | 56,973,345 |
| Domain | thepostmillennial.com |
This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.
We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by The Post Millennial; it reflects a publicly reported security incident.
What to do now
Based on the data exposed in this breach, here are the steps you should take:
- Change your The Post Millennial password immediately, and change it anywhere you reused it — subscriber passwords were exposed in plaintext, so any reused credential is now compromised.
- Enable two-factor authentication on your email and any accounts that shared this password to block credential-stuffing attempts.
- Treat unexpected emails, calls, and texts as potential phishing — your name, email, and phone number were exposed and can be used to craft convincing, targeted lures.
- Use a password manager to generate a unique password per site so a single plaintext leak can never cascade across your accounts.
Check your exposure
Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.
Sources
- Have I Been Pwned: The Post Millennial Data Breach
- The Post Millennial Data Breach and Leak Hits 26 Million Accounts | CyberInsider
Find out what data brokers know about you
Run a free scan to see which sites are exposing your personal information — name, phone, address, email, and more.
Start your free scan →