Last Friday, the Federal Bureau of Investigation’s (FBI) email servers were targeted by hackers. They sent thousands of fake messages claiming that recipients were cyberattack victims.
The threat actor known as “Pompompurin” is suspected of being behind this attack.
A Privacy Affairs investigation revealed that Pompompurin is likely behind the recent attack against Robinhood.
Highlights
- Hackers have breached an FBI email server sending out fake emails to over 100,000 recipients.
- A threat actor known as “Pompompurin” claimed responsibility for this attack.
- Last week, the same threat actor released previously unknown information about a data breach against Robinhood and claimed accountability for the attack.
- Robinhood later confirmed the authenticity of this information, indicating that Pompompurin was likely also responsible for the Robinhood data breach.
Last Friday, hackers managed to send out emails from an FBI server to more than 100,000 addresses claiming that the recipients were victims of a cyberattack.
The hackers attempted to insinuate that the attacker was the recognized security researcher Vinny Troia. The emails also falsely claimed that Troia is associated with the hacker group The Dark Overlord.
On November 14, the FBI released a statement acknowledging the security breach, adding that “the impacted hardware was taken offline.”
Security researcher Brian Krebs reports that the plausible perpetrator of the hack was an individual going by the pseudonym “Pompompurin.”
Krebs reports that “Pompompurin” messaged him from an FBI email address when the attacks were launched, asking him to check the headers of the email to see that the email was indeed coming from an FBI server.
Pompompurin told Krebs via email that the attacks were carried out to reveal a glaring vulnerability in the FBI’s system.
Pompompurin sent the following to Krebs: “I could’ve 1000% used this to send more legit looking emails, trick companies into handing over data, etc. And this would’ve never been found by anyone who would responsibly disclose, due to the feds’ notice on their website.”
Vinny Troia is also of the belief that Pompompurin was responsible for this attack.
Last week, Robinhood revealed in a blog post that it experienced a severe security breach earlier the month.
The data breach resulted in the theft of the personal data of around 7 million individuals.
On November 10, a known dark web hacker forum user going by the nickname “Pompompurin” posted a thread taking credit for the data breach and announcing the sale of the stolen data.
Pompompurin also posted evidence showing that they were the party behind the hack.
Privacy Affairs reported at that time that Pompompurin claimed that ID card data was also accessed and downloaded, something Robinhood did not disclose in their initial blog post.
This information was not public at that time anywhere. However, Pompompurin was the first party to reveal that ID cards were also exposed.
Privacy Affairs, therefore, contacted Robinhood inquiring about the affected ID cards.
A Robinhood representative confirmed via email that ID cards were indeed exposed but affected only a minimal number of individuals (less than ten total).
Robinhood confirming this information indicates that Pompompurin’s claims on the hacker forum appear to be accurate and that he or they were behind the attack.
Therefore, there are strong indications that the attacks against the FBI’s email server and the earlier Robinhood data breach were carried out by the same individual or group.
We believe security online security matters and its our mission to make it a safer place.