US Homeland Security employee database leaked

An unknown hacker appears to have raided a database of employees at the United States Department of Homeland Security (DHS), and posted the contents of it on the web.

The data dump posted on one website with a pro-Palestinian message is encrypted, but with a very simple password. iTnews was able to decrypt the information, and the data dump has also been posted on other paste sites unscrambled.

Apart from the names of DHS employees and contractors working with the government agency, job titles, phone numbers, office locations and email addresses are found in the data dump.

The hacker told Motherboard that he obtained access by "first compromising the email account of a Department of Justice employee" and by simply phoning the help desk in order to be given a security token to log into the agency's web portal.

Logged in to the government agency intranet through the web portal, the hacker used the credentials stolen from the Justice Department employee and gained access to the staffer's work computer.

In total, the hacker claimed he had access to one terabyte of information stored in databases. He downloaded some 200 gigabytes of files, some of which might contain sensitive information. 

On top of the DHS staffer data dump, the hacker is threatening to post details of over 20,000 Federal Bureau of Investigation law enforcement agency employees.

iTnews has contacted DHS for comment.

Several US government agencies have been targetted by activists and allegedly state-sponsored hackers, including last year's attack on the Office of Personnel Management that may have leaked information on as many as 21.5 million people.