Minneapolis Police Department Hack Likely Fake, Says, Researcher

Minneapolis Police Department Hack Likely Fake, Says, Researcher

As protests continue to proliferate across the globe in the wake of George Floyd’s death, the Minnesota Police Department is making news for something else: A supposed hack, perpetrated at the hands of the Anonymous hacktivist group.

According to Troy Hunt at Have I Been Pwned (HIBP), the group of allegedly ill-gotten email addresses and passwords has been circulating in multiple forums, with most of them attributing the credential leak to Anonymous, which is a loose affiliation of individuals that carry out hacking to send political messages. According to multiple social-media posts, Anonymous supposedly carried out the breach/leak in response to the MPD’s role in Floyd’s death:

However, Hunt’s review of the situation comes to a different conclusion.

“Don’t spread disinformation and right now, all signs point to just that – the alleged Minneapolis Police Department ‘breach’ is fake,” he wrote, in an analysis posted on Monday, adding that the data is likely not from the MPD at all, but rather a collection of widely available credentials from earlier breaches, and possibly some made-up combinations, that have been assembled into a new database for the purpose of perpetrating this hoax.

He said that looking into the data set, there are 689 unique email addresses that are included; and as a warning flag, some of them are associated with multiple passwords.

“It’s extremely unusual to see the same email address with multiple different passwords in a legitimate data breach as most systems simply won’t let an address register more than once,” Hunt explained.

Another red flag is the fact that 654 of the addresses can already be found in Have I Been Pwned – meaning that 95 percent of the credentials have already been compromised.

This rate is “massively higher than any all-new legitimate breach,” Hunt pointed out. “If you have a browse through the HIBP Twitter account, you’ll see the percentage of previously breached accounts next to each tweet and it’s typically in the 60 percent to 80 percent range for services based in the U.S.”

Yet another aspect that points to a fake breach is just how many incidents the addresses appear in. The average in HIBP is two breaches per email address. In this case, the emails appear in an average of 5.5 breaches.

“In other words, these accounts are breached way more than usual. When we look at which incidents they’ve been breached in, they’re very heavily weighted towards data aggregators,” Hunt explained. “The conclusion I draw from this is that a huge amount of the data is coming from aggregated lists known to be in broad circulation.”