Who’s Been Impersonating This ProPublica Reporter?

April 13, 2026
aisecurityopen-sourcegovernment
Young woman with long hair takes selfie using smartphone indoors, neutral background.
Photo by Valeri Mak on Pexels

The impersonations

A ProPublica reporter discovered someone else posing as him on encrypted messaging apps and social platforms. It has been reported that the impostor used the reporter’s ProPublica headshot and a Miami phone number to message a Canadian military official, accusing the real reporter of trying to contact him on WhatsApp. Weeks later, a Latvian businessman who helps equip Ukrainian forces told the reporter he had been contacted on Signal by the same fake account, which asked technical questions about UAVs and pressed for written or recorded answers rather than a phone call. The impostor allegedly tried to steer the Latvian toward a “secure” video setup that, according to the businessman, appeared designed to harvest access to his email.

The emotional oddity here is sharp: the reporter, momentarily unnerved, found himself reflexively working his would‑be source — asking questions, collecting screenshots — even as he figured out he was the subject of an investigation of a different sort. How do you prove you’re the real you when someone else is using your face and credentials as bait? Welcome to modern identity friction: unsettling and, frankly, a little invasive.

Security response and wider stakes

ProPublica’s security team advised reporting the accounts to WhatsApp and, beyond that, had limited options. It has been reported that the impostor’s tactics — headshot reuse, social engineering on Signal and WhatsApp, and an attempt at an email‑phishing vector — are variations on well‑known scams, but scaled into a more targeted, journalists‑and‑sources context. That raises bigger questions for newsrooms: how do journalists protect their credibility and the safety of confidential contacts when impersonators weaponize access to sources in conflict zones like Ukraine?

This isn’t just an annoyance; it’s a risk to reporting and to people’s safety. Journalists are a trusted bridge to sources; when that bridge is faked, the downstream damage can be real. Companies running encrypted apps and platforms can and should do more to make reporting impersonation easier and to block repeat offenders. Meanwhile, reporters and sources need basic operational hygiene: verify identities with official channels, prefer video calls with visible cues, and be skeptical when a “secure” setup suddenly requires credential hand‑offs. It’s tedious. It’s necessary. And until platforms step up, the game of cat‑and‑mirror impersonations will keep spinning.

Sources: propublica.org, Hacker News