The massive breach of law enforcement data called BlueLeaks could have been prevented with the right security tools.
Earlier this month, a group of hackers published a massive dataset stolen from various local law enforcement agencies. The data has been labeled BlueLeaks and contains more than 269 GB of thousands of police reports that go back at least two decades from hundreds of agencies from around the US. The reports list private data including names, email addresses, phone numbers and bank accounts. The source is a group called Distributed Denial of Secrets or DDoSecrets, which like Wikileaks has been publishing various leaked datasets for many years. The data can be easily searched as shown in the screenshot below. (After the group tweeted a link to the data, Twitter suspended their account.)
The leak came about through a compromised account at the managed hosting provider Netsential.com based in Houston. The provider’s website has been changed to show very minimal information after the breach, but earlier versions found on Archive.org state the claim that they build sites that are easy to use: “If you can cut and paste - you can maintain and update your website with Netsential's browser-based software.” That doesn’t bode well for their security protocols however.
This provider has a number of police and public safety clients, including the U.S. Departments of Justice and Homeland Security, along with many local law enforcement agencies and what are called Fusion Centers. These are typically state-funded operations which were set ..
Support the originator by clicking the read the rest link below.
