A massive data leak has been reported at the Oklahoma Securities Commission, millions of records — including files related to sensitive FBI investigations over the last seven years, emails dating back 17 years and thousands of Social Security numbers — have all been exposed.
The breach was revealed last month by Greg Pollock, a cybersecurity researcher at UpGuard, who stated he found that millions of files were publicly available on an online server and didn’t require any password to access them. Exposing the complete lack of security for sensitive information by U.S. government officials.
“It represents a compromise of the entire integrity of the Oklahoma Department of Securities’ network,” UpGuard’s Chris Vickery told Forbes, the first outlet that reported the breach. “It affects an entire state level agency. … It’s massively noteworthy.”
Vickery told Forbes that the exposed FBI documents included “all sorts of archive enforcement actions” from the last seven years. He added that the records also contained various files with agent-filled timelines of interviews related to investigations, bank transaction histories, and emails from individuals related to the cases.
The FBI files also named notable companies and banks such as — AT&T, Goldman Sachs, and Lehman Brothers. Although, Forbes didn’t comment on whether the organizations were under investigation.
The leak further contained emails that date back 17 years, Social Security numbers and other data stretching back to the 1980s, according to Forbes.
The breach was due to leaving an open rsync server. Such servers are traditionally used to back up large batches of data. But that information is supposed to be secure and should be protected by a username and password. Which this server lacked making it accessible to anyone with an internet connection.
If that’s not enough, passwords for computers on the Oklahoma government’s network were also revealed by the breach.
While this isn’t reported to be a hack and only a slight exposure a mysterious file appeared on the private Pastebin like website, privatebin.net. The file posted by Anonymous claiming to be from CgAN (https://cyberguerrilla.info) contains purported leaked information of all current FBI agents, their professions, phone numbers, and email addresses. As well as IP addresses for several intelligence services including the CIA, GCHQ, and many others.
The encrypted message opens up, stating “its time to unite against the system and fight the intelligence agencies.”
“UNITE AGAINST SYSTEM! Eye is watching you every single second of time!
Become Anonymous! Strike against intelligence services!
Targeted and leaked intelligence services: DGSE (France), MI6 (UK), CIA and FBI (USA)
defense.gouv.fr ||| DGSE ||| Direction générale de la sécurité extérieure ||| 184.108.40.206
sis.gov.uk ||| MI6 – The Secret Intelligence Service (SIS) ||| 220.127.116.11
cia.gov ||| Central Intelligence Agency ||| 18.104.22.168
fbi.gov ||| Federal Bureau of Investigation ||| 22.214.171.124 , 126.96.36.199 , 188.8.131.52 , 184.108.40.206 , 220.127.116.11
Citizens of the world, you have just few time to ACT for your future and freedom!
Governments are submitting new laws that human rights of all citizens will be suspended forever!
Intelligence services are preparing to arrest all activists, whistleblowers, freedom organizations, hackers and hacktivists all around the world in a year!
All activists who are acting for freedom and peace,
All hackers who are on the side of internet freedom,
All citizens who do not want to be as a slave in future,
Act against them save Anonymous and Wikileaks,
They are preparing to destroy all freedom activists and peace defenders,
We have to unite!
Take action to free all Anons, to free all activists, to save Anonymous
to free Julian Assange, to save Wikileaks,
to free Timothy Justen French, free James E. Robinson, free Jeremy Hammond, free Martin Gottesfeld, free Matt Dehart.
Save freedom activists for peace and our future!
We are Anonymous
We do not forgive,
We do not forget,
Expect us!,” Anonymous writes.
There is no information available on how Anonymous obtained the list of FBI officials or what FBI server was reached to obtain the data. However, this continues to expose that security is a joke even when taken seriously, if a hacker wants to find a vulnerable entry point they will.