Details of over one million Forbes readers leaked online (including mine)

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

ForbesOver one million readers of the Forbes website might be wise to change their password, and keep an eye open for suspicious emails, after a group of notorious hackers gained access to user information and published it online.

The Syrian Electronic Army hacked Forbes a few days ago, defacing its website and hijacking some Twitter accounts.

But now they have taken things a step further, posting details of 1,071,963 users they stole from the Forbes servers – including their usernames, email addresses and encrypted versions of passwords they use to access the website.

The file starts by listing details of Forbes staffers who were, understandably, the site’s earliest users.

Forbes data leak

However, it quickly becomes members of the public – including, I discovered, an entry for myself.

My details in Forbes leak

So now online criminals have access to over a million email addresses and usernames of Forbes readers – information that could be exploited in phishing attacks and spam campaigns designed to hoodwink unsuspecting internet users.

Sign up to our free newsletter.
Security news, advice, and tips.

Forbes hasn’t contacted me to advise me to change my password as a precaution (fortunately I don’t use the same password anywhere else, so even if it was cracked it wouldn’t be of much use to anyone), and I can find no advisory on their website warning users of the potential risks.

However, as Softpedia reports, the company has published a warning on its official Facebook page:

Forbes Facebook page

Security message: Forbes.com was targeted in a digital attack and our publishing platform was compromised. Users’ email addresses may have been exposed. The passwords were encrypted, but as a precaution, we strongly encourage Forbes readers and contributors to change their passwords on our system, and encourage them to change them on other websites if they use the same password elsewhere. We have notified law enforcement. We take this matter very seriously and apologize to the members of our community for this breach.

It’s sensible advice from Forbes, and hopefully Forbes will make more efforts to spread the message to affected users.

After all, it was the magazine’s sloppy practices in the first place which allowed the Syrian Electronic Army to break into their systems and cause this mess.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Details of over one million Forbes readers leaked online (including mine)”

  1. Robert Waters

    I did receive an email from Forbes, with the very helpful suggestion to change passwords on other systems, where the password is the same (which, like you, is not the case for me) in case my Forbes password was cracked.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.