The breach came after FBI-linked websites were hacked.
Three websites belonging to the Federal Bureau of Investigation’s (FBI) National Academy Association (FBINAA) were hacked apparently by three hackers after they managed to breach their security, steal and upload data online.
Part of the uploaded content was dozens of documents containing personal information of federal agents and law enforcement officers. The information includes email IDs (both private and government), names, job titles, contact numbers, and postal addresses.
Reportedly, thousands of officials have their private information leaked online since there are around 4,000 unique records of personal credentials of federal officials. The data was stolen from three of the many chapter websites affiliated with the FBINAA across the US.
These websites are used for promotional purposes primarily for the FBI training academy in Quantico, VA. The hackers identified and exploited several flaws in the three websites and stole the entire contents of the yet unnamed websites. Afterward, the hackers transferred the data on their personal website.
While speaking with one of the hackers, TechCrunch learned that the trio has managed to hack over 1,000 websites so far and the cybercriminals are now trying to organize and structure the acquired information.
“Soon they will be sold. I think something else will publish from the list of hacked government sites,” the unidentified hacker told TechCrunch.
When asked if the hackers were aware of the fact that uploading such sensitive data online would endanger the security of federal agents and law enforcement officials, the hacker plainly replied “Probably, Yes,” adding that they have more than a million employees’ data belonging to various federal agencies and public service organizations in the US.
“We hacked more than 1,000 sites,” said the hacker. “Now we are structuring all the data, and soon they will be sold. I think something else will publish from the list of hacked government sites.” We asked if the hacker was worried that the files they put up for download would put federal agents and law enforcement at risk. “Probably, yes,” the hacker said.
The hackers do not intend to sell the stolen data on hacker forums or the Dark Web marketplace but will be offering it for free just to prove the legitimacy of the claim that they have the data and for the sake of experience. TechCrunch reported that there are over ten hackers involved and they mainly use public exploits to target websites that haven’t been updated or contain outdated plugins.
While having an encrypted chat session with TechCrunch, the hacker gave proof of some of the other websites that they have breached, which included Foxconn’s subdomain too.
Update: 14th April, 2019:
FBINAA issued a brief statement Saturday confirming the breach. The association further stated that they are investigating the issue, however, the statement also maintains that third-party software may have played a vital role in the breach.