fbi_naa
Image Source: fbinaa.org
  • Three FBINAA sites hacked, and 4000 spreadsheets were given away for download.
  • A hacker who supposedly participated claims another 1000 hacks, and a million PII data to be on the pipeline.
  • No official response on the revelations has been given out yet, while the allegations seem to be valid.

Hackers have managed to breach three websites that were directly associated with the FBI National Academy Association (FBINAA), a coalition of U.S. officers, federal and law enforcement leadership and training. The data found in the servers was exfiltrated and then uploaded on an unnamed hacking website. Since then, several people have already downloaded the neatly packaged information, which included about 4000 spreadsheets that contain the names of the FBI agents and Police officers, the email addresses, their phone numbers, postal addresses, and job titles. The revelation came through TechCrunch, who claim to have reached one of the hackers and got more information about the incident.

According to the hacker, the group hacked more than 1000 sites, so the bundle that derived from the three FBINAA websites is just a sample. The rest of the data is still in the process of getting structured, and at a second phase, they will be put up for sale on several dark web marketplaces. According to the hacker, the sensitivity of the data is such, that they will probably put federal agents and police officers at risk. The number of people who are about to be affected by this upcoming leak was set to be over a million.

The way for hackers to “get in” the vulnerable servers was by exploiting obsolete software, outdated plugins, and long-standing and documented flaws. This means that they have not carried out a particularly sophisticated attack that managed to pass through robust protection layers. The incident goes to show that the FBI cannot afford to maintain lesser security protection on their affiliate websites, as those can still introduce severe risks to their agents. Until now, the FBINAA has not published anything about the breach, or the data leaks, and we will likely have to wait until Monday for that. Until then, agents and officers who are worried about their data having been leaked and downloaded by malicious actors may rejoice in Spring’s arrival with the most recent FBINAA’s tweet.

Is it likely that the hacker’s statement for the upcoming data sale is faux? No one can rule this out, but the evidence shown in the form of screenshots on the encrypted chat of the unnamed website suggests that there’s really something in the hands of the hackers.

Do you think that the FBI should be more careful with how they handle their agents’ data? Share your thoughts in the comments below, and don’t hesitate to join the discussion on our socials as well, on Facebook and Twitter.