A hacker has published the personal information of more than 9,000 employees at the Department of Homeland Security (DHS) ahead of a data dump involving 20,000 FBI officials. On Sunday, an account on Twitter posted the names, titles, email addresses, and phone numbers of 9,000 DHS employees.
The titles of those listed in the leaked data included program analysts, information security professionals, IT personnel, and directors. 100 staffers with an intelligence-related title were also included in the dump. Salted Hash reports that calls placed to the leaked phone numbers went to the voiceboxes of the listed employees. Additional checks against other public staff directories have also confirmed the list of employees. The data leak first came to light when a hacker contacted Motherboard on Monday using one of the compromised email accounts. The individual went on to explain that they had compromised a single Department of Justice (DOJ) email account and had attempted to log in to the DOJ web portal. When that didn't work, they resorted to social engineering a related department:
“So I called up, told them I was new and I didn't understand how to get past [the portal],” the hacker told Motherboard. “They asked if I had a token code, I said no, they said that's fine—just use our one.”
From there, the individual was able to gain access to the DOJ employee's work machine and download 200GB of information from a database of government workers hosted on the DOJ intranet. The Twitter account used by the hacker makes several references to Israel's ongoing conflict with Palestine, which could be a possible reason why the individual decided to post the information. The hacker has also stated that they intend to post the information of some 20,000 FBI officials they obtained from the DOJ intranet. This leak follows on the heels of hackers having gained unauthorized access to the private email accounts of both the CIA director and the U.S. Director of National Intelligence.
