WASHINGTON, DC - JANUARY 17: Director of the FBI, James Comey (L), Director of the Central Intelligence Agency (CIA) John Brennan (2L), Director of National Intelligence James Clapper (2 R) and Secretary of Homeland Security Jeh Johnson (R) wait before the arrival of US President Barack Obama on January 17, 2014 in Washington D.C.
Photograph by Aude Guerrucci — Getty Images
By Robert Hackett
October 19, 2015

The Federal Bureau of Investigation and Secret Service are investigating reports that a hacker has gained access to the personal email accounts associated with both CIA Director John Brennan and Department of Homeland Security Secretary Jeh Johnson, CNN reports, citing unnamed sources.

The New York Post reported on Sunday that a self-described “stoner high school student” claimed to have breached the non-governmental accounts, which contained Social Security numbers, a 47-page security clearance application, “personal information of more than a dozen top American intelligence officials,” and more. On Monday afternoon, the alleged hacker tweeted that a data dump was imminent.

Screenshot of tweet.

Soon after, the administrator of the account posted a redacted version of a spreadsheet bearing the personal data for U.S. officials and others (see below). An non-redacted version soon followed (not pictured).

 

The list, if genuine, is likely not a recent document, Newsweek notes. “One security firm that appears on the list was sold in 2009 and now operates under a new name.” The spreadsheet does seem to contain sensitive Social Security number data, however.

The CIA, Department of Homeland Security, and Secret Service did not immediately return Fortune‘s request for comment. A spokesperson for the FBI declined to comment.

The CIA said they were aware of the report, CNN reports. And the Department of Homeland Security said, “We don’t discuss the Secretary’s security information. We have forwarded this matter to the appropriate authorities.”

 

The attack itself was apparently not sophisticated. The alleged hacker claimed to have gained access to an Aol email account associated with Brennan through social engineering attempts, a method wherein an attacker fools the workers at a company’s call center into divulging information on a customer. The alleged hacker apparently duped Verizon employees into revealing information, then tricked its Aol division into resetting the account’s password and sending the new code to an account accessible to the culprit.

The purported hacker presumably used a similar method to gain access to the Comcast account allegedly associated with Johnson. (The current Secretary had previously described his use of a personal Gmail account at work as a “whoops” moment.)

Verizon (VZ) and Comcast (CMCSA)did not immediately reply to Fortune’s request for comment.

In case you’re wondering how this attack works, journalist Mat Honan wrote about his experience getting royally hacked this way for Wired a few years ago.

The report comes as revelations about former Secretary of State and current presidential candidate Hillary Clinton using a personal email account and server for her work-related email continue to unfold.

Subscribe to Data Sheet, Fortune’s daily newsletter on the business of technology.

For more on email security, watch this video.

SPONSORED FINANCIAL CONTENT

You May Like

EDIT POST