14 DAY TRIAL // A hacker has leaked almost 300 logins consisting of .gov and .mil email addresses and passwords from the website of a secure bag manufacturer.
The 290 emails and passwords were dumped on Pastebin by a hacker known as p0keu who is affiliatied with Anonymous' Operation AntiSec.
"And a lil' special one .. >:3 containing .mil and .gov e-mails A. Rifkin Co. #exploited http://t.co/FfACDvI 'sup #antisec?" the hacker wrote on Twitter.
The compromised website, www.governmentsecuritybags.com, belongs to a company called A. Rifkin Co. and allows customers to register accounts and place orders.
Considering that the company manufactures anything from dual-locked bags for carrying classified material to heavy duty courier sacs, it's no surprise that many of its customers are government and military employees.
Of course, it doesn't necessarily mean that affected individuals used the same password for their work email, especially since government agencies have special requirements in this respect, however, they might have used it for other personal accounts.
With the work email addresses and information potentially obtained from other accounts belonging to the victims attackers have all the ingredients to craft believable emails that carry or lead to malware.
Rogue emails appearing to originate from work colleagues or friends are a constant source for serious data breaches in government and military departments. Deputy Secretary of Defense William Lynn revealed that a foreign nation has managed to steal 24,000 confidential and secret files in a single intrusion at the Pentagon in March.
Two national labs temporarily shut down email and Internet service on their networks at the beginning of this month after their employees were the target of spear-phishing attacks. Earlier this month p0keu released emails and passwords stolen from five seemingly random websites in support of Operation AntiSec.