OPM data offered for sale on the Dark Web

Government records stolen in the recent data breach at the US OPM (Office of Personnel Management) are surfacing from the Dark Web.

While security experts speculate on the possible responsible for the recent data breach at US the Office of Personnel Management (OPM) the alleged data appeared in the dark web. I have personally found it on a popular black market available for sale.

According to a number of colleagues that noticed the same OPM DB dump for sale, the information is being traded actively.

We are speaking of more than 4.1 million federal government employee records dating back to the 1980s.

“The recent OPM breach was identified, noted and the credentials and identities have been discovered online and are being traded actively,” said Chris Roberts, founder and CTO at OneWorldLabs (OWL).

Robert is the same expert that was criticized a few weeks ago to have worried IT community about the presence of security vulnerabilities exploitable in commercial airlines. The FBI accused Roberts of hacking a commercial airplane.

“When these accounts are posted on the darker side of the net, they are usually ‘live’ and are part of a larger breach,” Roberts explained to FoxNews. “They are typically parsed out and sold and distributed to interested parties, something OWL tracks.”


Criminal organizations and intelligence agencies could find many other sensitive data available for sale in the Deep Web, Roberts added that his team has uncovered another 9,500 government log-in credentials that were stolen this week from a number government offices across the US.

Roberts reported to the FBI his discovery, but the presence of the data in the black market is a bad news because it means that the sensitive information are rapidly circulating from hands to hands.

We cannot ignore that this information stolen in the OPM data breach could be used for further attacks by a plethora of threat actors in the wild, as I have highlighted many times they could be used for spear phishing attacks against other Government Agencies.

“Whoever now holds OPM’s records possesses something like the Holy Grail from a [counter-intelligence] perspective,” Schindler said. “They can target Americans in their database for recruitment or influence. After all, they know their vices, every last one — the gambling habit, the inability to pay bills on time, the spats with former spouses, the taste for something sexual on the side perhaps with someone of a different gender than your normal partner — since all that is recorded in security clearance paperwork.” said the former Counterintelligence Officer John Schindler.

“Perhaps the most damaging aspect of this is not merely that four million people are vulnerable to compromise, through no fault of their own, but that the other side now so dominates the information battlespace that it can halt actions against them,” Schindler said. “If they get word that a American counterintelligence officer, in some agency, is on the trail of one of their agents, they can pull out the stops and create mayhem for him or her: run up debts falsely – they have all the relevant data, perhaps plant dirty money in bank accounts -they have all the financials too, and thereby cause any curious officials to lose their security clearances. Since that is what would happen.”

The data disclosed as a sample of the member of the Hell Dark Market place appears as legitimate, if the news is confirmed I think that we have reviewed the initial hyphotesys made on Chinese state-sponsored hackers.

I’m starting to have some doubts … why Chinese hackers hack into OPM system and then offer for sale the data on the black markets?

Is it possible that the attack is organized by a criminal gang?

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase