Cyber Incident Victim: nius.de

On Saturday, the nius.de portal operated by former Bild editor-in-chief Julian Reichelt experienced a cyberattack. The attack resulted in a defacement of the website where all article headlines were replaced. Each headline was substituted with a uniform resource locator that directed visitors to a file hosted on the domain direction.center. The referenced file contained JSON‑formatted data. According to the published file, the data set includes information from approximately 5700 subscribers of the nius.de service. The subscriber records comprise first names, email addresses, truncated credit‑card details and subscription particulars. The file also contains references to Squidex, the content management system employed by nius.de. The presence of Squidex information suggests that the attackers may have gained unauthenticated access to the CMS and its associated customer database. The authenticity of the disclosed data has not been verified by independent sources. No details regarding the identity of the attackers or the origin of the leaked subscriber information have been made public.

Following the defacement, the nius.de site was subsequently restored to display its normal layout. After restoration, no visible indicators of the attack or the published data file remain on the portal’s pages. The origin of the leaked data set continues to be unclear, and investigators have not identified a definitive source. Statements from nius.de regarding the incident have not been provided to heise online, as the outlet’s requests for comment were declined. Consequently, public knowledge of the incident is limited to the observations reported by heise online and the contents of the direction.center file.