It seems like the FBI has been hacked, once again! A hacker, using Twitter handle CyberZeist, has claimed to have hacked the FBI’s website (fbi.gov) and leaked personal account information of several FBI agents publically.
CyberZeist had initially exposed the flaw on 22 December, giving the FBI time to patch the vulnerability in its website’s code before making the data public. The hacker exploited a zero-day vulnerability in the Plone CMS, an Open Source Content Management software used by FBI to host its website, and leaked personal data of 155 FBI officials to Pastebin, including their names, passwords, and email accounts.
The FBI site intrusion involving the Plone CMS is both funny and alarming in equal measure. Such sites contain the public facing information of the agency and a few hundred accounts of the people involved in its updating. I’m former Infragard, from what I know of the FBI they are very strict about password discipline, and the intruder got nothing more than a roster of agency employees who do PR.