The hacker targeted PoliceOne.com in 2015, stealing 715,000 members’ accounts, including FBI and DHS staff.
A data broker is selling hundreds of thousands of accounts used by police and federal agents from a hacked law enforcement forum.
The database is said to have been stolen in 2015, and contains 715,000 records on members who have registered with PoliceOne.com, a news site and community for police officers and law enforcement professionals.
According to a posting on a dark web marketplace, the stolen data includes usernames, passwords stored in MD5 (an algorithm that nowadays is easy to crack), email addresses, dates of birth, and other forum data, such as if a member is a verified law enforcement officer.
Many of the forums are private and can only be accessed by members, or in some cases verified law enforcement officials who have submitted their badge numbers or other identifying information, but this does not appear to be part of the leaked database.
The data is being sold for $400, according to the listing, which we are not linking to.
The seller of the data, who went by the name Berkut, reached out to me over encrypted chat and provided a sample of data for verification.
We reached out to a couple of dozen members by email who were listed in the breach, but we didn’t immediately hear back. (We will update the story if that changes.)
Many of the accounts in the database included email addresses associated with the FBI and Homeland Security.
Berkut said the SQL database was dumped by using a known exploit for the forum software.
At the time of writing, the forums are powered by vBulletin software dating back to 2014, which is known to contain several easily exploitable vulnerabilities known by hackers.
The forums were pulled offline late on Friday after we informed the site of the breach.
A spokesperson for PoliceOne said it had “confirmed the credibility of a purported breach,” but was working on verification.
“We have confirmed the credibility of a purported breach of the PoliceOne forums in which hackers were potentially able to obtain usernames, emails and hashed passwords for a portion of our members,” the spokesperson said.
“While we have not yet verified the claim, we are taking immediate steps to secure user accounts and our forums, which are currently offline while we investigate and gather more information.”