Boasting on a Twitter account, a hacker has claimed that he accessed over 9,000 Department of Homeland Security employees’ demographic information, including names, email addresses, telephone numbers, and titles.
The hacker claims that he obtained access to 1TB of data directly from the Department of Justice. The hacker explained that he gained access to a compromised DOJ email account and he tried to log on to the staff portal, but was denied. So he called the appropriate department at the DOJ, and told them he was a new employee and didn’t know how to log on to the portal.
The helpful person on the other end of the line asked him if he had a token code, and when he said no, “they said that’s fine—just use our one.”
The hacker was given a code that allowed him access to the DOJ intranet, which contained personnel files of almost 10,000 employees.
The hacker further boasted that he will be releasing details about over 20,000 FBI employees today.
Social engineering is getting easier and easier, which is why it is so important for everyone in the company and/or department to understand why it is essential to verify identities before providing essential log on information, wire transfer instructions, or other activities that have been used to defraud companies.