Light shed on Michelle Obama hacking case

An investigation by an independent journalist has revealed how computer hackers were able to access the personal information of several US public figures, including First Lady Michelle Obama, US media reports.

On Wednesday, independent journalist Brian Krebs published an investigation which exposed how hackers infiltrated major data aggregators and collected Social Security numbers, birth records, credit card and background reports of millions of Americans, the Washington Post reported.

According to Krebs’ investigation, the hackers had access to LexisNexis, the world’s largest electronic database of legal and public record information, for months, as well as to other US-based electronic databases, enabling them to collect the information about millions of people.

They then sold the collected personal data on the Website ssndob.com, which markets itself on underground cybercrime forums as a service that customers can use to look up Social Security numbers, birthdays and other personal data on any US resident.

Available on ssndob.com, the personal information of Michelle Obama – as well as other public figures such as CIA Director John Brennan, then-FBI Director Robert Mueller and performers Beyonce and Jay Z – was collected by other hackers and republished online. 

The FBI confirmed to Krebs they were looking into the breaches, and a vice-president at LexisNexis parent company Reed Elsevier told him the company “identified an intrusion targeting our data but to date has found no evidence that customer or consumer data were reached or retrieved”, but because it is the subject of an active investigation couldn’t provide any further information.

Other companies were less willing to discuss the issue but both told Krebs how data security is a company priority.

FBI Spokesperson Lindsay Godwin confirmed to Krebs that the FBI is “aware of and investigating this case”. LexisNexis confirmed that the compromises appear to have begun in April of this year, adding that it found “no evidence that customer or consumer data were reached or retrieved” but that it was still investigating the extent of the intrusion.