FireEye: Some hacking claims exaggerated, others false

FireEye: Some hacking claims exaggerated, others false
© Getty

Security firm FireEye says many of the claims made by a hacker or hackers that breached one of its analyst's third-party accounts were exaggerated or false.

"The Victim supports a very small number of customers. Two customer names were identified in the Victim’s personal email and disclosed by the Attacker. We believe these are the only two customers impacted by this incident," FireEye Vice President and Chief Security Officer Steven Booth wrote in a blog post on Monday.

Last week, a hacker or hackers adopting the nickname "31337" released 32 megabytes of files purportedly from FireEye and its analyst. 

According to the preliminary findings of an internal investigation, the analyst's information and passwords were among millions of those stolen from social media and other sites and leaked online. 

ADVERTISEMENT
Despite claims of internal leaks, the 31337 document dump contained only three private FireEye documents, according to the investigation. The rest were either publicly available or fabricated. 

The group used dumped lists of usernames and passwords from attacks at third-party sites to access his LinkedIn, Hotmail and OneDrive accounts starting in 2016.

Its name, 31337, is a rendering of the word "elite" in an old hacker vernacular now largely considered passe that used numbers to represent letters, in this case spelling "eleet."

According to the blog post, FireEye has notified affected customers and communicated the importance of password security and two-factor identification to its staff.