One Sunday in February 2016, millions of people in America crowded around their TVs and into local bars to watch the Super Bowl. It was the perfect moment for an anonymous hacker to dump the emails, phone numbers, and names of 29,000 different FBI and Homeland Security Agents. The news broke during the Super Bowl, with Motherboard independently confirming they had seen the info dump themselves. They reported that the information had not yet been made public. The hacker claimed he had access to a wide range of data, up to 1 terabyte of data, including credit card numbers and classified military data. He did not release that information to the public.
That Monday, the list was released as an encrypted text dump, completing the dump with an additional 20,000 FBA agents. The hacker appeared to have a sense of humor as the password to the encrypted text dump was “lol,” and he initially contacted the press through a Department of Justice email he commandeered.
The hacker got access to the information by manipulating a department representative into handing over an access token. He gained access to a hidden portal with the token, and he opened and dumped as much information as he could. The hacker apparently accessed up to three different computers while in the system.
This news has sparked two different responses. First, an official statement from the Department of Justice claims that the information leaked out was not personally identifiable, even though it contained non-public email address and agent names. In response, a former security expert with US Special Operations claimed that such a security breach was unacceptable and demonstrated the federal government’s failure to keep such breaches from happening in the first place meant they were missing some fundamentals of information security. The investigation has not yielded any results different from the statement given by the Department of Justice.