Hackers responsible for stealing the account information of 5,000 government recruiters on GovJobs.com may be preparing to impersonate recruiters and gain access to classified information with the credentials of clearance-holding job seekers.
California security firm IntelCrawler discovered the security compromise of usernames, emails and passwords belonging to recruiters from every military service, multiple government agencies including NSA and some of the government’s top defense contractors.
IntelCrawler President Dan Clements told Bloomberg that “[h]ackers with such information could impersonate recruiters and tap job seekers who have knowledge of sensitive government projects, or seek damaging information about applicants to blackmail them into spying for them.”
According to the company, hackers could compare lists of job hunters against earlier hacks of commercial companies in order to obtain blackmail-worthy information like drug and alcohol abuse, pornography or financial transactions belonging to government workers.
IntelCrawler said that some recruiters recycle passwords across multiple government worksites and contracts, potentially jeopardizing their contacts beyond the compromised accounts that have been identified.
The breach occurred on Aug. 13 and the company has since reported their findings to Homeland Security’s U.S. Computer Emergency Readiness Team, which is investigating the hack.