Il Manifesto data leak exposes readers’ activity and email addresses

Il Manifesto, Italy’s long-standing leftist newspaper, inadvertently left a vast trove of reader information unsecured online, exposing the email addresses of paying subscribers and detailed website activity logs of its visitors.

An unprotected ClickHouse database linked to Il Manifesto contained roughly 150,000 entries with subscriber email addresses and about 11 million additional records tracking user interactions on the publication’s website. The exposed logs included detailed click and scroll data, revealing how readers engaged with specific articles.

Il Manifesto, founded in 1969 and operated today as a non-profit cooperative, has been a fixture of Italy’s radical political press for more than five decades. The publication, which maintains an estimated daily circulation of 15,000 copies, has previously faced political and physical challenges, including surviving a neo-fascist bombing attempt in 2000.

The leaked database did not include user passwords or direct account credentials. While session cookies were among the exposed records, they are not believed to allow full account access. The greater risk stems from the potential identification of individual readers and their political preferences, given the paper’s distinctly ideological focus.

Under European Union data protection laws, such information qualifies as “special category” data, requiring heightened safeguards to prevent unauthorized access or misuse. The exposure of this material could lead to privacy violations, harassment, or surveillance targeting readers or staff if obtained by hostile actors.

In addition to personal data, the leak contained internal analytics, revealing Il Manifesto’s audience metrics, article performance statistics, and traffic sources. These insights could be exploited by competitors or external entities seeking proprietary business intelligence.

Despite the seriousness of the incident, access to the exposed database reportedly remained open for an extended period, with no confirmation that corrective measures had been implemented. Cybersecurity specialists emphasize that organizations must secure their infrastructure by enabling authentication, limiting access to approved users through IP whitelisting, and regularly auditing exposed systems.