Quick Hits

US DOJ, DHS Yet To Confirm Breach, Leak

Apparent names, job titles, contact information of 9,000 Department of Homeland Security employees posted on Twitter.

The US Department of Justice has yet to confirm a cyberattack that appears to have resulted in a leak of 9,000 US Department of Homeland Security employees' names, titles, email addresses, and phone numbers released on Twitter Monday with a pro-Palestinian message. The anonymous hacker told Motherboard Sunday that he has similar information on 20,000 FBI employees as well; 200 GB of data in total.

Motherboard obtained the database from the hacker Sunday, before it was leaked, dialed some of the numbers, and confirmed that some of them were the correct contacts for the individuals or departments listed. At one point they report they were connected to the Bureau's operations center.

The hacker told Motherboard his first step was compromising the email account of a DoJ employee -- which he then used to contact the reporter. When the email credentials did not enable him to obtain access to the DoJ Web portal, he turned to social engineering. He says he called the appropriate department claiming to be a new employee having trouble accessing the portal, and they allowed him to use their token.

The attacker also told Motherboard that when he ultimately compromised the user's entire machine, he had access to 1 T of data -- which he claims included credit card numbers and military emails -- but that although he could access it, he couldn't take all of it. Motherboard was never sent this data.

For more information, see Motherboard's story.