Cyber Hit List: 23,000 Leaders Targeted on ‘LuigiWasRight’ Vigilante Site

In a recent event that blurred the lines between data breach and targeted harassment, a website named "LuigiWasRight.com" appeared in April 2025, publishing a searchable database of personal and professional information of over 23,000 corporate executives.
This was not a breach in the conventional sense where a company's defenses are compromised; instead, the website itself was the weapon, a maliciously curated collection of data designed for intimidation.
The site's name is a disturbing homage to Luigi Mangione, the individual arrested in connection with the December 2024 killing of a UnitedHealthcare CEO, suggesting a clear antagonistic motive.
The operators of the site compiled a sensitive database featuring executives' full names, job titles, corporate and mobile phone numbers, email addresses, and LinkedIn profile URLs.
While the precise origin of all the data remains unconfirmed, analysis suggests it was aggregated from publicly accessible sources like social media and business directories, and potentially enriched with information from previous, unrelated data breaches and data brokers.
The discovery of this leak was made by cybersecurity intelligence firms Flashpoint and ZeroFox, who observed the site and its clone, "theceodatabase.com," in late May 2025, just before they were taken offline. The site's creator stated an intention to "empower ordinary citizens" to directly contact "decision makers," framing the doxxing as a form of activism.
LuigiWasRight.com was a short-lived but provocative website that functioned as a publicly accessible database of executive information. Its emergence is part of a rising trend of online hostility and ideologically motivated threats directed at corporate leaders, ranging from doxxing to threats of physical violence. The site represented a digital infrastructure for targeting individuals.
Breach Timeline
April 2025: The website "LuigiWasRight.com" is registered and goes live, hosting a database of executive PII.
May 29, 2025: Cybersecurity firm ZeroFox observes the website and a copycat domain, "theceodatabase.com." On the same day, Flashpoint analysts note the original site appeared to go offline, with the new site appearing with even more data.
An Unconventional Response
Since LuigiWasRight.com was not a registered company that was breached but rather a website created to disseminate information, there is no traditional corporate response or remediation effort to analyze. The responsible parties are the site's anonymous creators, and their actions prompted a response from the cybersecurity community and law enforcement rather than a company.
An investigation into the creators of the site is implied, though no public details of a lawsuit or settlement are available.
The primary "remediation" has been the removal of the live websites, although the exposed database continues to exist in web archives, meaning the data is still accessible to motivated individuals.
The incident serves as a powerful reminder of how publicly available data can be weaponized. The focus for affected executives now shifts to personal cybersecurity hygiene and being vigilant against potential phishing schemes or harassment campaigns.
Analysts believe that while the database may not pose a direct physical threat, it significantly increases the risk of privacy terrorism - the malicious exploitation or exposure of private personal information with the intent to instill fear, manipulate behavior, cause reputational harm or exert coercive control.















