Hackers bragged that pretty vanilla breach included FBI watchlist? Well, colour us shocked

It didn't, by the way – it's a bunch of ad industry folk

A hacker collective calling itself Pokemongo that published what it claimed to be personal data of US FBI agents has followed up by breaching the American Advertising Federation.

The Pokemongo group published a 22,000-row CSV file containing names, email addresses, employers and other data relating to what appears to be several thousand AAF members spread across the US.

Although the information in the spreadsheet is relatively sparse, the data includes lines such as "AAF D-10", "AAF-FW", "Fort Worth" and "Central Region" – all of which correspond to AAF districts and other organisational units.

Neither AAF District 10 nor the AAF national HQ bothered replying to The Register's enquiries about the security of its membership database. From what was released by the hackers, the data they got their hands on appears to be the same sort of details you'd find on a business card – or that popular business networking website that firehoses you with emails you physically can't unsubscribe from.

The people whose details are included in the CSV file range from those working for ad agencies big and small, large corporates including Dell, ESPN and Yahoo!, students and more. No other identifying information other than zip codes (post codes) were included, and no financial data appeared to have been published either.

Excitable news outlets gleefully repeated the hackers' claims that they had released an FBI watchlist, though by the time of publication only BleepingComputer had done the same work as El Reg to verify where the data truly came from.

Hackers also published what they claimed to be a list of actual FBI workers. This also contained business card-grade contact information and not a great deal else. The FBI National Academy Associates, a business offering training and professional networking services to FBI-affiliated persons, said in a statement that three of its chapters had been breached but its national database was intact: "We have checked with the national database server/data provider and they have assured us that the FBINAA national database is safe and secure." ®

Sponsored: Your Guide to Becoming Truly Data-Driven with Unrivalled Data Analytics Performance




More from The Register

Looking down on an FBI agent

F-B-Yikes! FBI bod allegedly hid spy camera under desk to snap coworker's upskirt pics

Of all the places to allegedly try this, the J Edgar Hoover HQ ain't one. In fact, no, no building is good. None of them
Facial recognition

FBI and immigration officials trawling US driving licence databases for suspects

Maybe time to put 4th amendment-bothering facial recog on ICE?

Ignore that FBI. We're the real FBI, says the FBI that's totally the FBI

Don't open that malware mail from the Feds that's not from the Feds, Feds warn
Someone enjoying a spliff

FBI, NSA to hackers: Let us be blunt. Weed need your help. We'll hire you even if you've smoked a little pot in the past

Black Hat Now that's what we call a joint task force: Uncle Sam chills out, relaxes recruitment rules on drugs
Facial recognition

Auditors slam FBI for shoddy testing of facial-recog tech. But no big deal. It only has 641m images on its systems

No one has complained so far, fed honcho protests
Wray

Backdoors won't weaken your encryption, wails FBI boss. And he's right. They won't – they'll fscking torpedo it

Give it a Wray, give it a Wray, give it a Wray now: Big Chris steps in to defend blowing a hole in personal crypto
facial_recognition

Ohio state's top legal eagle just made it harder for the FBI, ICE, cops to snoop around its DMV DB for people's faces

Reminder: They're not allowed to do that without permission
wray

FBI boss: Never mind Russia and social media, China ransacks US biz for blueprints, secrets at 'surprisingly' huge scale

RSA 'Espionage and criminal investigations ... almost all of which lead back to Beijing'

Biting the hand that feeds IT © 1998–2019