A threat actor has allegedly leaked the user database of Kstati.net, a prominent Russian-American news outlet. The data, which reportedly contains information on 8,000 users, was posted on a popular hacking forum on September 13, 2025. The actor claims to have breached the website and exported the user data in its entirety.
Kstati.net is a well-known weekly Russian-language newspaper and digital publication based in San Francisco, California, serving the Russian-speaking community in the United States since 1994. The outlet is a significant source of news and cultural information, making this alleged breach a notable event for its dedicated readership. The leaked data could potentially expose journalists, subscribers, and community members who have registered on the site.
The compromised information allegedly includes a range of sensitive user data. While the passwords appear to be hashed, they could still be vulnerable to decryption attempts. The exposure of this information puts users at risk of targeted phishing campaigns, spam, and potential identity theft. The leaked data fields reportedly include:
- user_login
- user_pass
- user_nicename
- user_email
- user_url
- user_registered
- user_activation_key
- user_status
- display_name
