The FBI's email system was hacked over the past weekend, where hundreds of thousands of spam messages were sent that alerted users to the alleged possibility that they were victims of a data leak.
According to official press release, the United States government confirmed that the messages sent were false, where moments later the FBI reported that due to a “bad software configuration” allowed temporary access by attackers to the Law Enforcement Enterprise Portal (LEEP), which is the infrastructure used by the agency to communicate with authorities and partners.
"Although the illegitimate email originated from a server operated by the FBI”, the affected server “was dedicated to sending notifications to LEEP and not part of the FBI's corporate email service”, advances the agency, where it added that data was not compromised, that the software vulnerability was corrected and that the integrity of the networks was and is intact.
As reported by Spamhouse, an international organization that monitors cases of spam and associated threats, the incident is said to have been part of a campaign to tarnish the reputation of Vinny Troia, cybersecurity specialist at NightLion Security, who, in the fake emails is presented as a cybercriminal associated with The Dark Overlord.
We have been made aware of "scary" emails felt in the last few hours that purport to come from the FBI/DHS. While the emails are indeed being felt from an infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails *are* fake.
— Spamhaus (@spamhaus) November 13, 2021