Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

These hackers have breached FBI-affiliated websites and leaked data online

Hackers publish personal data on thousands of US police officers and federal agents Media outlet Techcrunch reported that a hacker group has breached several FBI-affiliated websites and leaked the stolen info online. A hacker group claims to have hacked dozens of websites affiliated with the FBI and leaked online dozens of files containing the personal […]

FBI data leaked

Hackers publish personal data on thousands of US police officers and federal agents

Media outlet Techcrunch reported that a hacker group has breached several FBI-affiliated websites and leaked the stolen info online.

A hacker group claims to have hacked dozens of websites affiliated with the FBI and leaked online dozens of files containing the personal details of thousands of federal agents and law enforcement officers,

The hacker claimed to have stolen “over a million data” belonging to employees across several U.S. federal agencies and public service organizations.

According to TechCrunch, the hacker has breached at least three websites associated with the FBI National Academy Association. The association promotes federal and law enforcement leadership and training located at the FBI training academy in Quantico, VA. The hackers exfiltrated the contents of each web server and uploaded the stolen files on their own website (the name of the site was not disclosed due to the sensitivity of the data).

The files contained roughly 4,000 unique records and many duplicates. Exposed records included member names, personal and government email addresses, job titles, phone numbers, and postal addresses.

TechCrunch spoke to one of the hackers, who didn’t identify his or her name, through an encrypted chat late Friday.

“We hacked more than 1,000 sites,” the hacker told TechCrunch through an encrypted chat. “Now we are structuring all the data, and soon they will be sold. I think something else will publish from the list of hacked government sites.”

When asked if the hackers were worried that the leakage of the files poses a serious risk to federal agents and law enforcement, they said: “Probably, yes,” .

Yesterday I wrote an article to announce the availability of a decryptor for the CryptoPokemon ransomware that was developed by EMSISOFT.

Shortly after the announcement,  the group that created the ransomware replied with a message that informed of the availability of the source code on GitHub:

https://twitter.com/PokemonGoICU/status/1116450904646004743

Follow the link published by the group in their Twitter profile it was possible to see a website containing (what’s the hacker claimed to be) a dump of leaked FBI data that was uploaded yesterday:

FBI data leaked

“It’s not uncommon for data to be stolen and sold in hacker forums and in marketplaces on the dark web, but the hackers said they would offer the data for free to show that they had something “interesting.”” states
TechCrunch.

“Unprompted, the hacker sent a link to another FBINAA chapter website they claimed to have hacked. When we opened the page in a Tor browser session, the website had been defaced — prominently displaying a screenshot of the encrypted chat moments earlier.”

The hacker claims to be member of a group that used public exploits, a circumstance that suggests the sites were poorly protected and probably not up-to-date.

The hacker also provided evidence to the journalists to have hacked other websites, including a subdomain belonging to manufacturing company Foxconn.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – FBI, Data leak)

[adrotate banner=”5″]

[adrotate banner=”13″]