Hackers Reveal NFL Prospect Wearing Gas Mask Bong, Infect Mich. Utility’s Office Systems & Manipulate Students’ GPAs

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches.

NFL Prospect Laremy Tunsil's Hacked Twitter Account Shows Creepy Gas Mask Bong Video

A video posted to Tunsil's verified Twitter account showed the former Ole Miss offensive tackle wearing a gas mask and smoking a substance from a bong. The tweet was deleted minutes after it was posted.

Then, Tunsil, who at one point was considered a likely No. 1 overall pick, was picked No. 13 overall by the Miami Dolphins. Tunsil confirmed it was him in the video.

"It is B.S. Somebody hacked into his account," agent Jimmy Sexton said

Tunsil said he has no control over his social media accounts.

Dolphins general manager Chris Grier said: "The video is two years old. So from all the information we have, we are comfortable with it."

The Miami Dolphins believe Tunsil’s former financial adviser is responsible for the leak of the bong video. Tunsil reportedly fired the adviser prior to the draft. 

Hacker Gave Away 272M Credentials from Pretty Much Every Email Provider

The discovery of stolen usernames and passwords from various big name email providers – Gmail, Yahoo Mail, etc. – also affects a majority of users of Mail.ru, Russia's most popular email service.

Fortunately, Mail.ru's initial checks found no active combinations of user names and passwords. It is unclear how many of the other stolen credentials are old as well.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Identifying the hacker who spread the trove of data, or disclosing the sources of the stolen accounts, could expose the investigative methods used to find the trove. Because the hacker vacuumed up data from many sources, security researchers have dubbed him "The Collector".

The researchers happened upon the stash when they spotted a young Russian hacker bragging in an online forum that he had collected and was ready to give away a far larger number of stolen credentials that ended up totaling 1.17 billion records.

Discounting duplicates, the cache contained nearly 57 million Mail.ru accounts, which is a big chunk of the 64 million monthly active email users Mail.ru claims to have.

Yahoo Mail credentials numbered 40 million, or 15 percent of the 272 million unique IDs discovered. Meanwhile, 33 million, or 12 percent, were Microsoft Hotmail accounts and 9 percent, or nearly 24 million, were Gmail.

The hacker asked merely 50 rubles – less than $1 – for the entire data set, but gave up the cache after the researchers agreed to post favorable comments about him in hacker forums.

Ransomware Infects Michigan Utility Provider’s Business Systems

A water and electricity authority in Lansing shut down its enterprise systems after someone in the company was tricked into clicking on a malicious link. The phishing attack, which deposited malware, only affected data on the utility’s corporate systems.

Lansing's BWL – Board of Water & Light – first noticed the successful breach early April 25, and has since kept most information technology systems, including phone servers, offline.

The company says customer data has not been stolen (rather, only locked with encryption technology).

It took until May 2 for the utility’s customer service lines to return to normal service.

Grades Manipulated in Illinois School District; Employee Placed On Leave

The Abingdon-Avon School District says it discovered unauthorized changes to student grade point averages along with other data breaches, including someone who broke into and copied emails. 

Officials say an unnamed employee has been placed on leave. 

The following is a school district statement that was posted to its website:  

Around the first of the year, the school district discovered several changes to its student information management system which resulted in unauthorized changes to student grade point averages. While the changes were tracked down and resolved, the unauthorized nature of the changes caused the school administration and board concern, and the school hired a consulting firm to investigate the changes.

During the investigation, other unauthorized activity was uncovered, including unauthorized access and copying of certain employees’ emails. The school district has placed an employee on leave and has begun the process of assuring school district data is safe. The school district is working with professional technology assistance to assure its data systems are secure for the future, and has begun the process of notifying those whose data was breached.