A forum dedicated to law enforcement personnel named PoliceOne was hacked in 2015 by a hacker named Berkut. The dump was just now offered for sale on the Tochka dark market. PoliceOne’s forum is a law enforcement networking and discussion resource with over 500,000 police registered nationwide.
The immense data breach has put the usernames, emails and hashed passwords for thousands of international police at risk. Unfortunately, MD5 was used to hash the passwords, an algorithm relatively easy to crack. There are dozens of exploits readily available for use on outdated services similar to PoliceOne. It is believed the forum was able to be compromised through an outdated, and grossly insecure version 4.2.3 of vBulletin.
Motherboard was able to convince Berkut to provide samples of the data; t hey found, “The files did indeed contain valid email addresses from the NSA and other US government agencies; one file allegedly contained over 3,000 account details for Homeland Security staffers.” Berkut now has the full database up for sale for $400 with approximately 700 thousand user information from the 2015 breach.
A spokesman for PoliceOne told the publication “We have confirmed the credibility of a purported breach of the PoliceOne forums in 2015 in which hackers were potentially able to obtain usernames, emails and hashed passwords for a portion of our members.” The forum is currently offline as the team investigates takes the proper steps to ensure the forum’s user information is secure in the future.