PoliceOne: One hacker is currently selling hundreds of thousands of police and federal employee accounts originating from one hacked police forum.
The database is said to have stolen 2015, and contains 715.000 member accounts of PoliceOne.com, a news site with a forum for police and law enforcement professionals.
According to a post on a Dark Web marketplace, the stolen sym data includes usernames, codeaccess codes encrypted with MD5 (an algorithm that these days is easy to crack), email addresses, dates of birth, and other forum data, such as whether a member is a verified police officer.
Please note that many of the forums are private and can only be accessed by members, or in some cases only, by verified police officers who have filed the signal number or other identification information. The latest data to help police officers do not appear to be in the leaked database.
Data is sold for $ 400, according to the publication. The data vendor, which uses the Berkut alias, also offers samples to verify the data.
Berkut reported to ZDNet the SQL database was stolen, using a known exploit for the forum software, which is vBulletin. It should be mentioned that until today the software they use on the forum has not been updated since 2014, which makes it extremely vulnerable to attacks.
At the moment the forum is offline and one millionfaceof PoliceOne reported contradictory things:
"We have confirmed the credibility of an alleged breach of the PoliceOne forum in which hackers were able to obtain usernames, emails and hashed passwords for some of our members."
"Although we have not yet verified the allegation, we are taking immediate steps to secure our user accounts and forum, which is offline, while we are investigating to gather more information."