First Rhode Island suffered a breach, then the next day, attackers went clear across the country to hit California.
The group of attackers in question is an outfit called The Unknowns and they just hit the California Department of Forestry and Fire Protection, a subdomain hosted on ca.gov.
While it is not clear if the hackers leaked any sensitive data from Rhode Island, they did however offer proof of an attack in California.
They not only made available screenshots to prove they gained access to the administrator panel, but they’ve also published a number of usernames and clear text passwords.
Similar to other hacks, The Unknowns offer their information security “services” to the site’s webmaster.
“That was easy and simple, please protect your website, it’s for your own good. If you need any kind of help just contact us, The Unknowns, at: firstname.lastname@example.org,” MrSecurity wrote.
The hackers did publish database names and the tables contained within them.
From a table called bof.tbluser (bof probably stands for Board of Forestry) they’ve made available around a dozen usernames, clear-text passwords and user email addresses.
The same type and around the same quantity of data leaked from two other similar tables. One observation is some of these accounts appear to have CMS (content management system) administrator rights.
The Unknowns also dumped what appear to be four credential sets that belong to the site’s administrators. The passwords are not in clear text, but on the downside, they are encrypted using MD5.
The Unknowns said they breached the sites of the U.S. Navy, the German Federal Government and a couple of UK police servers.