Attackers have released data supposedly taken from a conservative US think tank. Researchers believe that malicious actors could exploit the data for targeted attacks.
Hacktivist collective SiegedSec, who describe themselves as “gay furry hackers,” published data about members of the Heritage Foundation, a think tank behind a controversial plan to overhaul the US federal government.
“We have gained access to the Heritage Foundation’s database, with user data, logs, and other juicy info. We also accessed 200GB+ of other, mostly useless, files on their server. These useless files won’t be leaked,” the attackers said.
However, the hacker group shared several gigabytes of data on their Telegram channel. The Cybernews research team investigated the data sample and found that it includes heritage.org user data, including names, email addresses, and hashed passwords. In total, the leak exposes around 5,000 users.
“The dump was made in late November 2022. The attackers likely found it after it was made by a system admin and insecurely stored somewhere. They likely did not get access to the database themselves,” researchers said.
However, Heritage denied the hack, calling it a troll-led attention-seeking campaign.
“The story of a “hack” is a false narrative and exaggeration by a group of criminal trolls trying to get attention,” Heritage’s spokesperson said.
However, according to the team, the public policy organization’s password encryption method was outdated, which means that a persistent attacker could unencrypt the passwords for malicious purposes.
For example, attackers could match de-hashed passwords with names and try checking whether individuals reused them for other accounts. Since some of the users whose data was leaked were US government employees, malicious actors could be additionally motivated to conduct such affairs.
“Some authors of articles and posts also had their IPs leaked, which could open them up for targeted malware attacks. But the data being almost two years old somewhat mitigates the dangers since the leaked data could no longer be accurate,” the team said.
Founded in 1973, Heritage is among the most influential think tanks in the US. In September 2015, the organization was breached, and attackers took information on its donors.
Updated on July 11th [08:00 a.m. GMT] with Heritage's statement.
Your email address will not be published. Required fields are markedmarked