Brian Krebs has verified a massive, 269-GB trove of potentially sensitive information, including internal memos, photos, emails, videos, intelligence documents, financial records, PII and more from over 200 state, local and federal agencies leaked by Distributed Denial of Secrets (DDOSecrets).
It appears that a threat actor leveraged exposed customer user credentials of a web design and hosting company, Netsential, that maintains state law enforcement data-sharing portals. The platform also had an upload feature that enabled malicious content and the exfiltration of other Netsential customer data belonging to law enforcement "fusion centers".
The exposure of this information can potentially compromise law enforcement investigations, sensitive operations and expose undercover police.
“Additionally, the data dump contains emails and associated attachments,” the alert reads. “Our initial analysis revealed that some of these files contain highly sensitive information such as ACH routing numbers, international bank account numbers (IBANs), and other financial data as well as personally identifiable information (PII) and images of suspects listed in Requests for Information (RFIs) and other law enforcement and government agency reports.” “Preliminary data analysis from this leak suggests that Netsential, a web services company used by multiple fusion centers, law enforcement, and other government agencies across the United States, was the source of the compromise,” the NFCA wrote. “Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the application’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data.”