PoliceOne confirms hack; thousands of forum accounts for sale on the dark web

The hacker targeted PoliceOne.com in 2015, stealing 715,000 members' accounts, including FBI and DHS staff.

(Image: file photo)

A data broker is selling hundreds of thousands of accounts used by police and federal agents from a hacked law enforcement forum.

The database is said to have been stolen in 2015, and contains 715,000 records on members who have registered with PoliceOne.com, a news site and community for police officers and law enforcement professionals.

Alex Ford, chief executive of Praetorian Digital, owner of PoliceOne.com, confirmed the breach in a phone call Tuesday.

Ford said that the company it will be notifying affected users and require them to change passwords.

According to a posting on a dark web marketplace, the stolen data includes usernames, passwords stored in MD5 (an algorithm that nowadays is easy to crack), email addresses, dates of birth, and other forum data, such as if a member is a verified law enforcement officer.

Many of the forums are private and can only be accessed by members, or in some cases verified law enforcement officials who have submitted their badge numbers or other identifying information, but this does not appear to be part of the leaked database.

The data is being sold for $400, according to the listing, which we are not linking to.

(Screenshot: ZDNet)

The seller of the data, who went by the name Berkut, reached out to me over encrypted chat and provided a sample of data for verification.

We reached out to a couple of dozen members by email who were listed in the breach, but we didn't immediately hear back. (We will update the story if that changes.)

Many of the accounts in the database included email addresses associated with the FBI and Homeland Security.

Berkut said the SQL database was dumped by using a known exploit for the forum software.

At the time of writing, the forums are powered by vBulletin software dating back to 2014, which is known to contain several easily exploitable vulnerabilities known by hackers.

The forums were pulled offline late on Friday after we informed the site of the breach.

Updated on February 7: with statement from chief executive.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All