PBS has suffered a data breach exposing the corporate contact information of its employees and those of its affiliates, BleepingComputer has learned.
Earlier this month, BleepingComputer was alerted to a file circulated on Discord servers that allegedly contained this information.
This data was not distributed on dark web sites, hacking forums, or other mediums frequented by threat actors. Instead, it was being shared on Discord servers for fans of “PBS Kids,” where young adults, teenagers, and younger kids can talk about the favorite shows they grew up watching.
“The young adults, teenagers, and kids sharing it seem to be doing it more out of a sense of novelty, rebellious curiosity, or simply to gain a bit of notoriety within their peer groups,” BleepingComputer was told.
“It’s less about exploiting the data for financial gain and more about the ‘cool factor’ of possessing it.”
“That being said, the potential for misuse is obviously there.”
BleepingComputer obtained the file and can confirm it includes the corporate contact information for 3,997 PBS employees and affiliates.
Each record in the JSON file contains an employee’s name, corporate email, title, timezone, department, location, job functions, hobbies, and their supervisor’s name.
After contacting PBS about the breach, the company confirmed that it was stolen from an internal service used for public television employees.
“After being notified that a file containing user data from MyPBS.org, an internal service for public television employees was posted online, we launched a thorough investigation of the incident, which is ongoing,” a PBS spokesperson told BleepingComputer.
“We have reached out to the users whose information was identified as involved to inform them of this incident and at this time, there is no evidence that this incident involves any other PBS systems.”
BleepingComputer has not learned of any malicious use of the data, but it continues to circulate among Discord communities as recently as this weekend.
The source who shared the data with BleepingComputer says they are concerned that the stolen data could draw unwanted attention to these communities that are designed simply for fans to talk about some of their favorite shows.
While the breach appears to have originated more from curiosity than criminal intent, the exposure of employee data, particularly amid ongoing political scrutiny of PBS and NPR, raises concerns about how the information could be misused for harassment or doxxing.
Malware targeting password stores surged 3X as attackers executed stealthy Perfect Heist scenarios, infiltrating and exploiting critical systems.
Discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.