CyberNews is reporting that a long standing political newspaper that has been around since 1967 accidently exposed their data.
There’s a difference between accidental disclosure and a flat out leak or breach.
- The reporting indicates the leak was discovered on the 9th of September.
- Initial disclosure: September 15th, 2025
- CERT contacted: September 24th, 2025
- Us seeing anything about it as part of the public of any kind, November 4th 2025 which was when this article was published.
I wonder if this was the certificate authority for the web site? I’m not clear on that.
If it took a month and a half for things to be fixed, that’s fine. But what about those who may have been impacted by the leak?
So … what has been leaked? No identifiable info like credit card or other info like that, thank goodness. Here are the 6 items that were exposed:
- Technical details regarding visitors’ devices
- Session tokens
- Email addresses
- IP addresses
- GeoIP information, accurate within 11 meters and:
- Identified referrers that revealed how readers found their way to the paper’s articles
Some of this could lead to exact coordinates of things like location, and things like email address and IP addresses could be concerning if put out for sale.
Session tokens could give the attackers leverage by giving them direct access to the account without doing anything else.
So … there could have been some concerning things that could be pilfered, but again, this was not a breach, it was leaked by the company itself.
If you know anyone who may be affected by this leak, pass this article titled Iconic Italian newspaper accidentally exposes its own readers and make sure they understand the difference between a leak which is accidental and a breach which this was not.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.