PoliceOne: A hacker is currently selling hundreds of thousands of police and federal employee accounts coming from a hacked police forum.
The database is said to have stolen 2015, and contains 715.000 member accounts of PoliceOne.com, a news site with a forum for police and law enforcement professionals.
According to a post posted on a Dark Web online market, stolen data includes user names, passwords encrypted with MD5 (an algorithm that is now easy to break), e-mail addresses, birthdates, and other data of the forum, such as if a member is a verified police officer.
Please note that many of the forums are private and can only be accessed by members, or in some cases only by verified police officers who have filed the number signalor other identifying information. The latest data to help verify the officers does not appear to be in the leaked database.
The data sells for $ 400, according to the post. The data seller in fact, who uses under the pseudonym Berkut, also offers samples for data verification.
Berkut reported to ZDNet the SQL database was stolen, using a known exploit for the software of the forum, which is vBulletin. It should be mentioned that until today the software they use on the forum has not been updated since 2014, which makes it extremely vulnerable to attacks.
At the moment the forum is offline and one millionfaceof PoliceOne reported contradictory things:
"We have confirmed the credibility of an alleged breach of the PoliceOne forum in which hackers were able to obtain usernames, emails and hashed passwords for some of our members."
"Although we have not yet verified the allegation, we are taking immediate steps to secure our user accounts and forum, which is offline, while we are investigating to gather more information."
