Government Accounts Breached
Recent reports claim the police forum, PoliceOne, was successfully breached, leaving over 700,000 user accounts exposed. These accounts included contacts from the NSA, DHS and FBI. The breached files reportedly contained usernames, passwords and email addresses. A PoliceOne official made the following statement to IB Times regarding the breach,
“While we store only limited user data and no payment information, we take any breach of data extremely seriously and are working aggressively to resolve the matter. We will be notifying potentially-affected users as a matter of priority and requiring them to change their passwords.”
What Impact Does This Have?
There are several concerns that have been brought to light with this potential breach. First, there are concerns that this data can be used to exploit private details from conversations within the forums. Second, this breach creates a serious security issue for two reasons.
- Anyone who uses the same password for multiple accounts, just granted the hackers limitless access.
- The hackers now have roughly 700,000 government employee email addresses. This makes phishing scams targeted at the government sector incredibly easy. Which leads to a whole new can of worms–ransomware. CSO Online reported 93% of all phishing attacks include ransomware. Therefore, this breach has provided hundreds of thousands of government email addresses to execute phishing attacks. Hopefully, cyber security training will be provided to help individuals spot malicious emails before someone falls victim and our government systems are held for ransom.
For anyone who may have used the PoliceOne forum, PC Matic suggests the following:
- Change your password immediately.
- If you used the same password for multiple accounts, be sure to change those passwords as well.
- If you happened to use the same username for multiple accounts, it is best advised to change them.
- Be extra cautious opening any links or attachments within emails. Now that your email address has been exposed, you will likely be targeted.
- Do you know the sender?
- Confirm with the sender that you were supposed to receive the correspondence
- Confirm the link is going to a secure site (https:// not http://)
- Double check the email for grammatical errors
- Double check the “from” address