Earlier today, a hacker group named 31337 Hackers has leaked personal details and files belonging to a security researcher working for Mandiant, FireEye’s breach investigation unit.
The leak came to light today after hackers posted a message on PasteBin. Two download links for the stolen data were included.
The password-protected archives contained information taken from the security researcher’s personal computer. Bleeping Computer will not be naming the researcher, even if his name was included in the breach.
Hackers appear to have hacked the researcher, not FireEye
The leaked data included more screenshots than documents. Images showed that the hackers might have gained access to the researcher’s Microsoft (Hotmail, OneDrive) and LinkedIn accounts. Earlier in the day, when Bleeping Computer was alerted of the leak, the researcher’s LinkedIn account had been defaced.
The leaked data also included work files related to the researcher’s activity at Mandiant, but these files could have very easily been taken from the researcher’s OneDrive account and not FireEye servers.
In their brash statement, the hackers claimed they had access to FireEye’s internal network, but no file in the leak suggests this might have happened. No other evidence or proof of access to FireEye’s internal network was included.
“We are aware of reports that a Mandiant employee’s social media accounts were compromised,” a FireEye spokesperson told Bleeping Computer in an email today. “We immediately began investigating this situation and took steps to limit further exposure. Our investigation continues, but thus far it, we have found no evidence FireEye or Mandiant systems were compromised.”
FireEye acquired Mandiant in 2014 for $1 billion. FireEye shares were down today 4.85%.
Leak part of operation #LeakTheAnalyst
31337 Hackers said the leak was part of a larger operation named #LeakTheAnalyst during which they plan to hack and leak data from security researchers, the people who hunt hackers alongside law enforcement officials.
For a long time we – the 31337 hackers – tried to avoid these fancy [EXPLETIVE] “Analysts” whom trying to trace our attack footprints back to us and prove they are better than us. In the #LeakTheAnalyst operation we say [EXPLETIVE] the consequence let’s track them on Facebook, Linked-in, Tweeter, etc. let’s go after everything they’ve got, let’s go after their countries, let’s trash their reputation in the field. If during your stealth operation you pwned an analyst, target him and leak his personal and professional data, as a side job of course ;).