#1254758: Hackers Publish AAF Member Data, Claim It's 'FBI Watchlist'

Description: After previously releasing the data of three FBI National Academy Associates (FBINAA) charters and leaking the personal information of thousands of FBI agents, a hacking group published what appears to be the information of tens of thousands of American Advertising Federation (AAF) members claiming it's an FBI watchlist.

As initially reported by TechCrunch, the hackers hosted multiple documents that allegedly contain the personal info of law enforcement agents on their own website, containing "about 4,000 unique records after duplicates were removed, including member names, a mix of personal and government email addresses, job titles, phone numbers and their postal addresses."

After the data breach report, FBINAA also issued a press release:

There are various reports that three websites associated with the FBI National Academy Associates Inc., (FBINAA) have been hacked and that personal information has been obtained to be sold on the web. We are working with Federal authorities to investigate this allegation. We believe we have identified the three affected Chapters that have been hacked and they are currently working on checking the breach with their data security authorities. We have checked with the national database server/data provider and they have assured us that the FBINAA national database is safe and secure.

As further detailed by FBINAA's press release, the hackers could have exploited a third-party software used by all affected Chapters on their websites but there is no conclusive evidence yet that a flaw in this software was behind the data breach.

"The FBINAA takes every action to secure the safety and security of our members and their personal information. If it is determined that there has been felonious activity, we will prosecute the culprits to the fullest extent of the law," FBINAA concluded.

Hackers post alleged FBI watchlist
Two days later, however, on April 14, the hackers released a new batch of stolen information which, this time, was "A list of people being watched by the FBI" as they said, containing over 20K entries with full names, companies, work area information, and email addresses.

Despite their claims, according to some reports and a number of hints found in the CSV file offered by the hacker group, the data contained in the leaked spreadsheet seems to be a previously leaked database of American Advertising Federation members.

After releasing the data and tweeting download links, the hacking group had its Twitter account suspended. Despite this, the leaked "FBI watchlist" is still available on the group's website, together with the alleged FBI agents' information TechCrunch reported on and the data supposedly swiped after breaching six government websites.

While the group's website does not provide any information on the reasons behind their recent actions, reports say that they demanded the release of Peter Levashov, a Russian national currently detained in the U.S. for controlling and operating "multiple botnets, including the Storm, Waledac and Kelihos botnets" according to a Department of Justice press release from September 12, 2018.

Obviously, we will not provide links to the hackers' website or name the hacking group due to the leaked information's potential highly sensitive nature.
More info: https://www.bleepingcomputer.com/news/security/hackers-publish-aaf-member-data-claim-its-fbi-watchlist/

Date added April 16, 2019, 7:49 a.m.
Source Bleeping Computer
  • FBI - US Federal Bureau of Investigation
  • Government USA
  • Latest Global Security News
  • Major breaches - New Reports in
  • News USA
Country USA