Identity Finder's analysis indicates that the hack contains the following information:
-- 199 Email Addresses, most of which belonged to state.gov, and a few universities
-- About 207 Possible Hashed Passwords. The seemingly hashed strings were unidentified
-- Zero Home Addresses
-- 194 names
The breached database is named "test_hrwg_careers_usa_ctc_com," which seems to be related to http://careers.hrwg-careers.usa-ctc.com/, which has been taken offline. A cached version indicates that it is a State Department career website, and not likely tied into sensitive State Department systems. The attack appears to be a SQL Injection attack, where a hacker tricks a website into exposing the entire contents of a database.
"This appears to be a legitimate breach," said Aaron Titus, Chief Privacy Officer at Identity Finder. "Although the total risks associated with this breach appear low, if the hashes in the breach are actually passwords, and they are cracked, and the state department employees re-use those passwords on sensitive State Department systems, those systems could be compromised."
"We recommend that the State Department reset the passwords for all affected employees as a precaution," said Titus.
Identity Finder's data discovery and protection software provides companies the ability to prevent data leakage and find sensitive information. They have quickly grown to become a leader in identity protection and Data Loss Prevention
(DLP) by helping millions of consumers, small businesses, and enterprises across the world. You may download the free version of Identity Finder DLP Software