Hackers have stolen data from “several FBI-affiliated websites” and are distributing it across the web, TechCrunch reported on Friday, with details on “thousands of federal agents and law enforcement officers” now floating around on the web.
According to TechCrunch, the hackers identified and exploited flaws on three websites associated with the FBI National Academy Association (FBINAA), a training program for U.S. law enforcement personnel based out of Marine Corps Base Quantico in Virginia, allowing them to download the contents of their web servers.
That included roughly 4,000 unique records of people including FBINAA members, as well as “a mix of personal and government email addresses, job titles, phone numbers and their postal addresses.” The websites in question appear to have been run by local chapters, rather than the FBI itself.
TechCrunch wrote that they had contacted the hacker through an encrypted chat service, whereupon they claimed to have hacked over 1,000 sites:
“We hacked more than 1,000 sites,” said the hacker. “Now we are structuring all the data, and soon they will be sold. I think something else will publish from the list of hacked government sites.” We asked if the hacker was worried that the files they put up for download would put federal agents and law enforcement at risk. “Probably, yes,” the hacker said.
The hacker claimed to have “over a million data” [sic] on employees across several U.S. federal agencies and public service organisations.
The hackers used publicly known exploits, TechCrunch wrote, which means that the websites in question were likely not up to date. The hackers provided evidence to TechCrunch they had hacked other organisations, like Taiwanese manufacturer FoxConn. They also updated one of the FBINAA
The news was independently confirmed by the Associated Press, which said it found at least 1,400 unique records of personnel with the “FBI, Secret Service, Capital Police, and other federal agencies, as well as police and sheriffs’ deputies in North Carolina and Florida” in the files. A Twitter account associated with the hackers stated they are located in Ukraine.