PBS has suffered a data breach exposing the corporate contact information of its employees and those of its affiliates, BleepingComputer has learned.
Earlier this month, BleepingComputer was alerted to a file circulated on Discord servers that allegedly contained this information.
This data was not distributed on dark web sites, hacking forums, or other mediums frequented by threat actors. Instead, it was being shared on Discord servers for fans of "PBS Kids," where young adults, teenagers, and younger kids can talk about the favorite shows they grew up watching.
"The young adults, teenagers, and kids sharing it seem to be doing it more out of a sense of novelty, rebellious curiosity, or simply to gain a bit of notoriety within their peer groups," BleepingComputer was told.
"It's less about exploiting the data for financial gain and more about the 'cool factor' of possessing it."
"That being said, the potential for misuse is obviously there."
BleepingComputer obtained the file and can confirm it includes the corporate contact information for 3,997 PBS employees and affiliates.
Each record in the JSON file contains an employee's name, corporate email, title, timezone, department, location, job functions, hobbies, and their supervisor's name.
After contacting PBS about the breach, the company confirmed that it was stolen from an internal service used for public television employees.
"After being notified that a file containing user data from MyPBS.org, an internal service for public television employees was posted online, we launched a thorough investigation of the incident, which is ongoing," a PBS spokesperson told BleepingComputer.
... continue reading