{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreiawzt5ihdtwh6c76n2kjbugjn6scuvca3bry26yhxphq6l7ge2yqa",
"uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mlv6ytatgbq2"
},
"path": "/t/twin-brothers-wipe-96-govt-databases-minutes-after-being-fired/37919#post_1",
"publishedAt": "2026-05-15T11:07:37.000Z",
"site": "https://discuss.privacyguides.net",
"tags": [
"Ars Technica – 12 May 26",
"Twin brothers wipe 96 gov't databases minutes after being fired"
],
"textContent": "Ars Technica – 12 May 26\n\n### Twin brothers wipe 96 gov't databases minutes after being fired\n\nArs Technica has been separating the signal from the noise for over 25 years. With our unique combination of technical savvy and wide-ranging interest in the technological arts and sciences, Ars is the trusted source in a sea of information. After...\n\nThere are so many takeaways from this article. It really feels like _everybody_ involved in this case screwed up in some way or another.\n\nSomehow these brothers were hired by a “Washington, DC, firm that sold software and services to 45 federal clients” even after their past convictions “involving wire fraud and computers”.\n\n> Muneeb and Sohaib Akhter, now both 34, had been in trouble before. Back in 2015, the brothers pled guilty in Virginia to a scheme involving wire fraud and computers. Muneeb was sentenced to three years in prison, while Sohaib got two.\n>\n> After their stints in jail, the brothers worked their way back into the tech world. In 2023, Muneeb got a job with a Washington, DC, firm that sold software and services to 45 federal clients; Sohaib got a job at the same company a year later.\n\nAmong the many other issues of this case, I would be negligent if I didn’t highlight the storage of passwords in plaintext.\n\n> On Feb. 1, 2025, Muneeb Akhter asked Sohaib Akhter for the plaintext password of an individual who submitted a complaint to the Equal Employment Opportunity Commission’s Public Portal, which was maintained by the Akhters’ employer. Sohaib Akhter conducted a database query on the EEOC database and then provided the password to Muneeb Akhter. That password was subsequently used to access that individual’s email account without authorization.\n\nAdditionally it would appear that system access not being properly revoke for **both brothers** was the main vector for this attack.\n\n> the brothers—who lived together in Virginia—were both called into a Microsoft Teams meeting and summarily fired.\n>\n> The call took place at the end of the day, wrapping up at 4:50 pm. Five minutes later, Sohaib was already trying to access his (now former) employer’s network—but found that his VPN access and Windows account were terminated.\n>\n> Muneeb’s account had been overlooked\n\nThus leaving Muneeb in a position to be able to delete the 96 government databases in question.\n\nObviously these two brothers are ultimately at fault here, but I find it interesting to analyze the failure of systems which led to this point.\n\nI would also heavily recommend folks read the original, linked article for a more full view of this situation, as in this post I’ve only extract a couple relevant parts for discussion in this community.",
"title": "Twin brothers wipe 96 gov't databases minutes after being fired"
}