It’s the latest security breach for those who use military and government e-mail accounts. P0keu, a rather quiet hacker compared to others, has dumped 290 user accounts and passwords of a small business online. A vast majority end in the .gov and .mil accounts.
In a tweet just a few hours ago, P0keu posted a link to PasteBin which appears to be e-mail accounts and passwords to a small business. In theory, if the users of these military and government accounts used the same password as their actual e-mails, then the contents of their e-mail account will also be exposed.
The PasteBin dump says it contains 290 accounts. A large number of them end in .mil and .gov. Just a point of clarification, this doesn’t appear to be actual e-mail accounts and passwords, but rather, a website that uses people’s e-mail accounts as a log-in name. So the account to the website is exposed. If the password used with the e-mail is the same as the password for that actual e-mail address, then that e-mail might also be exposed along with who knows what else that is tied to that account.
Amongst those accounts that are exposed, there appears to be accounts from the Department of Justice, the FBI, the Deparment of Homeland Security, the NSA, the Pentagon and several others. Also in the mix are a number of .mil accounts which would be the military accounts. There also appears to be a number of .edu accounts as well. Sprinkled throughout the document are also a number of generic free accounts like gmail, AOL, Yahoo, Hotmail and several others. There’s not that many compared to the government and military accounts though.
The website that was exposed was A Rifkin Co. which describes itself as “a family-owned manufacturer and international distributor of security and multi-use reusable fabric bags and related products. Our products can be used in virtually every department of a business.”
As of this writing, the website is still up.
Have a tip? Want to contact the author? You can do so by sending a PM via the forums or via e-mail at firstname.lastname@example.org.