CORRECTION: The massive hack that wasn’t
UPDATE 9-21-2016 Over the past two days, DataBreaches.net provided the First Bank of Ohio with samples from two files that “Fear” claimed were from them. They have firmly denied that either file is theirs:
These have nothing to do with us. The second group are businesses that are applying for liquor licenses in Ohio.
The second file they are referring to is the file that had been mentioned in my first post on the claimed hack. The newer file is a file “Fear” has described elsewhere as “Ohio_transactions_2016.csv.”
So once again, “Fear’s” claims have been refuted.
Yesterday, DataBreaches.net posted a report concerning claims of a massive hack by a teenager known as “Fear” (@hackinyolife on Twitter). In the headline, and throughout the report, this site attempted to note what proof Fear had provided, and as importantly, what proof he hadn’t provided, despite being asked for it.
Last night, after a lengthy chat with him in which he provided more files that still did not support the claims he had previously made, DataBreaches.net informed Fear that this site would be issuing a correction to its report. Fear subsequently issued a statement in which he says he trolled the media, but still claims to be in possession of banking information and millions of SSNs in a hack. He admits that he did not hack Neustar (a claim he had made to other news outlets), and now claims that he used an exploit to access approximately 30 states’ ftp servers.
You can read his latest claims in the correction and update, here. To date, the only evidence Fear ever provided of banking data was the limited (and old) material he provided back in March when he claimed to have hacked the Bank of North Dakota, and some files he provided this site over the weekend that appear to relate to the First Bank of Ohio. This site has not seen any evidence that he acquired massive amounts of SSNs. Indeed, one file that he offered as proof that he had acquired SSNs had no SSNs in it at all.
It’s not fun finding out you’ve been lied to, although anyone reporting on hackers knows that hackers will lie, which is why we use caution in repeating claims and why we make serious efforts to try to verify reports. Does this site regret reporting his claims? Of course, even though the report used a lot of qualifiers and even though it appears that some states’ ftp servers are probably not as secure as they should be and he was able to access them. If states improve their security as a result of all this, well, that would be one positive outcome.