FireEye: “31337 Hackers” did not breach network or analyst’s computers or devices
On July 31, a group calling themselves ” 31337 Hackers” leaked data and files purportedly hacked from an analyst working for Mandiant, the breach investigation division of FireEye. Why they had targeted the one analyst was not revealed, but it was presented as just the opening salvo in what was described as a campaign, #LeakTheAnalyst.
Today, FireEye provided an update on the incident and their investigation into it. Steven Booth summarizes their investigation to date and their preliminary conclusions:
- The Attacker did not breach, compromise or access our corporate network, despite multiple failed attempts to do so.
- The Attacker did not breach, compromise or access the Victim’s personal or corporate computers, laptops or other devices.
- We confirmed the Victim’s passwords and/or credentials to his personal social media and email accounts were among those exposed in at least eight publicly disclosed third party breaches (including LinkedIn) dating back to 2016 and earlier.
- Starting in September 2016, the Attacker used those stolen passwords and/or credentials to access several of the Victim’s personal online accounts, including LinkedIn, Hotmail and OneDrive accounts
- The Attacker publicly released three FireEye corporate documents, which he obtained from the Victim’s personal online accounts.
- All of the other documents released by the Attacker were previously publicly available or were screen captures created by the Attacker.
- A number of the screen captures created by the Attacker and posted online are misleading, and seem intentionally so. They falsely implied successful access to our corporate network, despite the fact that we identified only failed login attempts from the Attacker.