BrianKrebsDec 13, 2022

Small scoop that I'm breaking here first. InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum.

Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online -- using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself.

https://krebsonsecurity.com/2022/12/fbis-vetted-info-sharing-network-infragard-hacked/?v=2

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked – Krebs on Security

Show threadgrecsDec 14, 2022
@briankrebs Yeah, did Infragard for a few years but then just let it lapse. At the time the value-add didn't fit my role. But I remembering signing up and thinking "What's to stop anyone from signing up as someone else?" Of course, I wasn't going to "test" it ... you know ... the whole permission thing. I just figured they had some controls on the backend that would prevent it from happening. Guess not. On the bright side, there are definitely going to be controls going forward. Thanks for the article.
Show threadSara D
@grecs @briankrebs
I would not be so optimistic as to say “definitely.”
Dec 15, 2022 at 3:02pmMetatext