A hacker, using Twitter handle CyberZeist, has claimed to have hacked the FBI’s website (fbi.gov) and leaked personal account information of several FBI agents publically.
CyberZeist had initially exposed the flaw on 22 December, giving the FBI time to patch the vulnerability in its website’s code before making the data public.
The hacker exploited a zero-day vulnerability in the Plone CMS, an Open Source Content Management software used by it to host its website, and leaked personal data of 155 officials to Pastebin, including their names, passwords, and email accounts.
Hacker also found that the website is hosted on a virtual machine running a customized older version of the open-source FreeBSD operating system.
According to another tweet, the Plone CMS zero-day exploit is up for sale on an unnamed dark web marketplace.
Not Just FBI, All Sites Using Plone CMS are Vulnerable
The Plone CMS is considered to be one of the most secure CMSes available today and is used by many major websites like Google, and major United States agencies including the FBI and the CIA.
The hacker also claimed the FBI officials contacted him and requested a copy of the stolen credentials, which they declined to provide.
The FBI authorities have yet to respond to the claims.
This is not the first time CyberZeist claimed to have hacked the website. In 2011, the hacker breached the website as a member of the infamous hacker collective known as “Anonymous.”