Threat Actor Who Hacked FBI Email System Appears to Be Responsible for Recent Attack Against Robinhood

Updated: 15 November 2021
Updated: 15 November 2021

Fact-checked by

Last Friday, the Federal Bureau of Investigation’s (FBI) email servers were targeted by hackers. They sent out thousands of fake messages claiming that recipients were victims of a cyberattack.

The threat actor is known as “Pompompurin” is suspected of being behind this attack.

A Privacy Affairs investigation revealed that Pompompurin is also likely behind the recent attack against Robinhood.

Highlights

  • Hackers have breached an FBI email server sending out fake emails to over 100,000 recipients in total.
  • A threat actor known as “Pompompurin” claimed responsibility for this attack.
  • Last week, the same threat actor released previously unknown information related to a data breach carried out against Robinhood and claimed accountability for the attack.
  • Robinhood later confirmed the authenticity of this information, indicating that Pompompurin was likely also responsible for the Robinhood data breach.

Last Friday, hackers managed to send out emails from an FBI server to more than 100,000 addresses claiming that the recipients were victims of a cyberattack.

The hackers attempted to insinuate that the attacker was the recognized security researcher Vinny Troia. The emails also falsely claimed that Troia is associated with the hacker group The Dark Overlord.

On November 14, the FBI released a statement acknowledging the security breach, adding that “the impacted hardware was taken offline.”

Who was responsible?

Security researcher Brian Krebs reports that the plausible perpetrator of the hack was an individual going by the pseudonym “Pompompurin.”

Krebs reports that “Pompompurin” messaged him from an FBI email address when the attacks were launched, asking him to check the headers of the email to see that the email was indeed coming from an FBI server.

Pompompurin told Krebs via email that the attacks were carried out to reveal a glaring vulnerability in the FBI’s system.

Pompompurin sent the following to Krebs: “I could’ve 1000% used this to send more legit looking emails, trick companies into handing over data etc. And this would’ve never been found by anyone who would responsibly disclose, due to the notice the feds have on their website.”

Vinny Troia is also of the belief that Pompompurin was responsible for this attack.

Connection to the Robinhood data breach

Last week, Robinhood revealed in a blog post that it experienced a severe security breach earlier the month.

The data breach resulted in the theft of the personal data of around 7 million individuals.

On November 10, a known hacker forum user going by the nickname “Pompompurin” posted a thread taking credit for the data breach and announcing the sale of the stolen data.

Pompompurin also posted evidence showing that they were the party behind the hack.

FBI Data Breach

Privacy Affairs reported at that time that Pompompurin claimed that ID card data was also accessed and downloaded, something Robinhood did not disclose in their initial blog post.

This information was not public at that time anywhere. However, Pompompurin was the first party to reveal that ID cards were also exposed.

Privacy Affairs, therefore, contacted Robinhood inquiring about the affected ID cards.

A Robinhood representative confirmed via email that ID cards were indeed exposed but affected only a minimal number of individuals (less than ten total).

Robinhood confirming this information indicates that Pompompurin’s claims on the hacker forum appear to be accurate and that he or they were indeed behind the attack.

Therefore, there are strong indications that both the attacks against the FBI’s email server as well as the earlier Robinhood data breach were carried out by the same individual or group of individuals.

Written by: Miklos Zoltan

Connect with the author:

Founder & CEO Privacy Affairs

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography.

Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and "geeky" topics into easy-to-understand guides and tutorials.

Leave a Reply

Your email address will not be published.