Women’s magazines and gay women’s publications are the subject of a massive hack that compromised their online passwords, personal information, and other sensitive data, according to a report from the independent digital security firm Mandiant.
The hackers have released a PDF of the passwords of the top 50 female- and gay-themed websites in the United States and Canada, as well as personal information about some 20,000 readers, including personal phone numbers and email addresses, the report said.
The documents also included the email addresses of over 5,000 other subscribers.
The hack was carried out by the so-called “Deep Web” or “Dark Web,” a network of websites that users are typically unable to access.
Mandiant said the attackers are believed to have targeted at least 500 different websites.
The website names of the sites were revealed on a website for the U.S. government that includes passwords for many of the nation’s top institutions.
It’s not clear how many women’s or gay-related websites were compromised.
The sites listed in Mandiant’s report were not named in the breach.
The site addresses include a domain for the New York Times, a domain name for the Washington Post, and a domain that appears to be the name of the publication that the hackers had breached.
It is unclear if the compromised websites are part of the Times’ subscription service.
The Deep Web is a network where a wide range of sites are hosted, including a large collection of the largest blogs and news websites in one location, the Mandiant report said, citing unnamed sources familiar with the attack.
The list includes several major U.K. newspapers, the New Republic, the Guardian, Salon and others.
Mandiants report said the hackers used a variety of techniques to obtain the passwords for these sites.
The attacks appear to be linked to a massive cyberattack in January that crippled more than 60,000 computers at the Office of Personnel Management, the government’s primary information security department.
The U.N. Security Council called the attack “a global threat to our cybersecurity and human rights.”