The law enforcement authorities in Germany have located and seized the web server that hosted the “BlueLeaks” database, which contained 269 GB of files that exposed over 200 US police departments, their personnel, and cases. The data was up for about three weeks, so it has already been accessed and copied by thousands, but a server containing such sensitive documents couldn’t just be ignored. The incident was announced by the group that published the breach, “DDoSecrets,” via its member Emma Best.
https://twitter.com/NatSecGeek/status/1280523375065083904
DDoSecrets has already been banned by Twitter, only four days after the publication of the “BlueLeaks” collection, rejecting the ethical aspect of the so-called “leaktivism” of the group. Twitter deemed the sharing of the particular data as a risk to the police, the people working in the exposed departments, or even the informants or arrested individuals. Twitter has even banned accounts that re-posted links to the “BlueLeaks,” based on policy violations. DDoSecrets responded by saying their mission will stay unchanged, and silencing the whistle-blowers is on the wrong side of history.
The US authorities obviously worked feverishly towards the locating of the server that held the BlueLeaks data, as well as to investigate the breach incident itself. Whether or not they provided a tip to the German police remains unclear, but this likely is what happened. Of course, this doesn’t make any difference essentially, as the data is already circulating on the dark web. DDoSecrets previously stated that the files were retrieved from the “Anonymous” group of hackers, so the leaktivists were merely distributing them. The data weren’t published in their raw form, as DDoSecrets tried to filter out some highly-sensitive details, but due to the large volumes involved, they failed to clean everything out.
RELATED: Hundreds of US Police Departments Had Their Sensitive Data Leaked
From the very beginning, it was clear that hackers had hit a central point of data and not 200 police departments simultaneously. Now, we know that the trove of data was stolen from a Houston-based web hosting services provider who was contracted by the US law enforcement agencies. The things that have been exposed through “BlueLeaks” include officers’ PII, suspect RFIs, IBANs used by the police departments, ACH routing numbers, phone numbers, email addresses, and quite a lot of sensitive PDF and CSV documents. The exposed data covers a full decade, so there’s a lot to dig through.