PBS recently confirmed a data breach after a file containing the corporate contact information of thousands of its employees and affiliates began circulating on Discord. The file, which was stolen from an internal service called MyPBS.org, includes sensitive details like names, corporate emails, job titles, departments, and even hobbies for nearly 4,000 individuals. While the company stated that a thorough investigation is underway, they have already begun notifying the affected employees.
Interestingly, this data did not appear on typical cybercriminal forums or dark web sites. Instead, it was found on Discord servers dedicated to fans of “PBS Kids” shows. These communities are typically made up of young adults, teenagers, and kids who grew up watching these programs. The individual who leaked the data to expressed concern that the breach could bring unwanted attention to these fan-based communities.
According to a source who spoke with the investigators, the individuals sharing the data seem to be doing so out of a sense of “rebellious curiosity” and for the “cool factor” of possessing it, rather than for financial gain.
This motivation stands in stark contrast to the typical goals of cybercriminals, who primarily seek to exploit data for profit. However, the source also noted that the potential for misuse is still very much present.
Despite the seemingly innocent intentions of those initially sharing the data, the potential for harm is significant. The exposed information could be used for a variety of malicious purposes, including harassment or doxxing. This is particularly concerning given the ongoing political scrutiny of PBS and NPR, which could make employees targets for individuals or groups with malicious intent.
At this time, there is no evidence of the data being used for malicious purposes, but it continues to circulate among various Discord communities. PBS has confirmed that the breach appears to be limited to the MyPBS.org system and does not involve any of their other systems. As the investigation continues, the focus remains on preventing further misuse of the data and protecting the employees whose information has been compromised.
Reference:
