Hackers bragged that pretty vanilla breach included FBI watchlist? Well, colour us shocked
It didn't, by the way – it's a bunch of ad industry folk
A hacker collective calling itself Pokemongo that published what it claimed to be personal data of US FBI agents has followed up by breaching the American Advertising Federation.
The Pokemongo group published a 22,000-row CSV file containing names, email addresses, employers and other data relating to what appears to be several thousand AAF members spread across the US.
Although the information in the spreadsheet is relatively sparse, the data includes lines such as "AAF D-10", "AAF-FW", "Fort Worth" and "Central Region" – all of which correspond to AAF districts and other organisational units.
Neither AAF District 10 nor the AAF national HQ bothered replying to The Register's enquiries about the security of its membership database. From what was released by the hackers, the data they got their hands on appears to be the same sort of details you'd find on a business card – or that popular business networking website that firehoses you with emails you physically can't unsubscribe from.
The people whose details are included in the CSV file range from those working for ad agencies big and small, large corporates including Dell, ESPN and Yahoo!, students and more. No other identifying information other than zip codes (post codes) were included, and no financial data appeared to have been published either.
Excitable news outlets gleefully repeated the hackers' claims that they had released an FBI watchlist, though by the time of publication only BleepingComputer had done the same work as El Reg to verify where the data truly came from.
Hackers also published what they claimed to be a list of actual FBI workers. This also contained business card-grade contact information and not a great deal else. The FBI National Academy Associates, a business offering training and professional networking services to FBI-affiliated persons, said in a statement that three of its chapters had been breached but its national database was intact: "We have checked with the national database server/data provider and they have assured us that the FBINAA national database is safe and secure." ®