SafetyDetectives’ cybersecurity team has discovered a forum post on the clear web where a threat actor claimed to be selling a database connected to The Epoch Times. The dataset reportedly includes 32 million records.
The Epoch Times is a multilingual media company founded in 2000. It was launched to provide uncensored news, particularly for readers in China, where access to independent media has long been restricted. Its first English-language edition appeared in 2003. Today, the publication is accessible in 35 countries, though it remains blocked in mainland China.
The data was advertised on a well-known, clear web forum that hosts posts about database leaks, cracked software, and other gray-area content. These forums are publicly accessible; there is no need to visit the dark web to find them.
The leak follows a series of reports by The Epoch Times about being targeted by attackers allegedly linked to the Chinese Communist Party (CCP). Earlier this year, the U.S. Department of Justice charged 12 Chinese nationals in connection with a long-running cyber campaign.
Eight of them reportedly worked for i-Soon, a Chinese tech company accused of hacking global targets since 2016, including The Epoch Times.
Just days after those articles were published, a new post appeared on the forum claiming to offer a dataset containing subscriber information from The Epoch Times.
What’s in the Alleged Leak?
The bad actor didn’t reveal the full dataset, but provided sample files and a screenshot of the database headers. According to the post, the leaked records contain full names and usernames, phone numbers and emails, physical and billing addresses, subscription details, device and OS information, and IP addresses and GPS coordinates.
Despite claims that the leak includes credit card details, no payment data was found in the shared samples. Still, even without financial info, the data is sensitive and could be misused in phishing or social engineering attacks.
The sample included information from users in the U.S., Canada, the UK, France, Russia, and other regions across Europe, the Americas, and Asia.
The SafetyDetectives team reviewed the sample and said that while it looked authentic, they couldn’t verify whether it definitively belonged to The Epoch Times’ subscriber base.
What’s at Risk?
If the dataset is real, there are several potential risks. Firstly, scammers could send emails pretending to be The Epoch Times to trick recipients into clicking malicious links or sharing more information. Also, with details like names and addresses, attackers could tailor their tactics to seem more credible.
There’s also the danger of social engineering. The more a scammer knows, the easier it becomes to manipulate someone into taking the wrong actions.
What to Do If You Think You’re Affected
If you’re a subscriber and think your data might be included, the first thing to do is watch for suspicious activity and contact The Epoch Times if you see anything unusual, and be cautious with any unexpected emails or messages.
SafetyDetectives also advises checking privacy settings and how much personal info is publicly visible on social media and other accounts. Be aware of phishing, and wary of messages that seem unusual or suspicious, particularly any that ask for sensitive details or payment. Also, understand social engineering. The more you know how these scams work, the better you can protect yourself.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.