A hacker is selling hundreds of thousands of accounts that were allegedly used by police and federal agents on a hacked law enforcement forum. The database being sold in the dark web contains over 715,000 user accounts. The breached site, PoliceOne, is a news site and community reportedly used by verified police officers and investigators to discuss specialist topics.
Using this account information, “criminals may be able to access ‘private messages and posts,’ the hacker who goes by the handle Berkut” told Motherboard.
PoliceOne.com is the #1 resource for up-to-the-minute law enforcement information online. More than 500,000 police professionals nationwide are registered PoliceOne members and trust us to provide them with the most timely, accurate and useful information available anywhere.
Berkut’s listing in the dark web marketplace claims that the forum was hacked in 2015 when this police data was stolen. “Emails from NSA, DHS, FBI and other law enforcement agencies as well as other US government agencies” is included in this database which is currently going for $400. The data includes usernames, email addresses, dates of birth, other forum data, and passwords stored in MD5, an encryption algorithm that is now considered relatively easier to crack.
The hacker responsible for the breach claimed that he breached the site using an exploit for vBulletin, a software widely known for its easily exploitable vulnerabilities, that has been leveraged in a number of forum breaches.
PoliceOne has confirmed the breach and is currently investigating the claim of stolen data. The site released the following statement:
We have confirmed the credibility of a purported breach of the PoliceOne forums in which hackers were potentially able to obtain usernames, emails and hashed passwords for a portion of our members. While we have not yet verified the claim, we are taking immediate steps to secure user accounts and our forums, which are currently offline while we investigate and gather more information.
While we store only limited user data and no payment information, we take any breach of data extremely seriously and are working aggressively to resolve the matter. We will be notifying potentially-affected users as a matter of priority and requiring them to change their passwords.