Naked Security Naked Security

US feds’ names, home and email addresses hacked and posted online

A group of hackers that doxxed thousands of federal law enforcement employees last week has struck again.

A group of hackers that doxxed thousands of federal law enforcement employees last week has followed up with more posts offering even more victims’ personal information.

The hacking group, which we won’t name here, published the personal details of around 4.000 federal law enforcement employees last week after breaching three related websites. It had defaced at least two of the three websites, publishing its logo on them, which remained viewable until at least Sunday.

Employees at the FBI, Secret Service, Capitol Police, and US Park Police were among those doxxed, alongside police and sheriffs’ deputies in North Carolina and Florida, according to reports. Records posted on the group’s website included the individuals’ home addresses, phone numbers, emails and employers’ names.

The attackers harvested the information from websites associated with the FBI National Academy Associates (FBINAA), which is a non-profit organization of 17,000 law enforcement professionals. In a statement released Saturday, FBINAA said the attack had affected three of its chapters, all of which used an unnamed third party’s software. It added:

We believe we have identified the three affected Chapters that have been hacked and they are currently working on checking the breach with their data security authorities. We have checked with the national database server/data provider and they have assured us that the FBINAA national database is safe and secure.

The hacking group soon followed up with what it claimed were more hacked databases. On Saturday, 13 April, it posted a 1.1GB file containing what it said were dumps from six government databases. These appeared to be from three nonprofit associations for government professionals. Four of the hackers were from one group’s state-level chapters, according to information posted on the page.

On 14 April, the team struck again, this time posting what it said was an FBI watch list. It said:

A list of people being watched by the FBI. I advise these people to take care of their safety, I do not want you to go to jail)[sic]

Be careful