StarTribune

In October 2019 the Minnesota news service known as the Star Tribune suffered a significant data breach that was later identified on dark web marketplaces. The incident involved the unauthorized access and extraction of a user database containing information on approximately 2.1 million individuals. The compromised data included personal identifiers such as full names and physical addresses along with account security details including email addresses and passwords stored as bcrypt hashes. The breach exposed sensitive demographic information like dates of birth and gender as well. This security failure allowed threat actors to monetize the database within the cybercriminal ecosystem posing a long term risk for credential stuffing and phishing attacks against the affected subscribers.