Nicholas Moore, of Springfield, Tennessee, plead guilty to hacking the U.S. Supreme Court’s electronic filing system and breaching the AmeriCorps U.S. federal agency and the Department of Veterans Affairs after bragging and posting victims’ info and screenshots on Instagram. Using stolen credentials, he also accessed the Supreme Court’s restricted electronic filing system at least 25 times between August and October 2023 and used the same compromised credentials to log in.
More details here: https://www.justice.gov/usao-dc/pr/tennessee-man-pleads-hacking-us-supreme-court-americorps-and-va-health-system
Jim Routh, Chief Trust Officer at Saviynt, commented:
“Three stakeholder groups support the current practice of two-factor authentication (ID + Password + OTP) used by the majority of enterprises:
- Auditors (internal and external)- because it is well known and established, making auditing practices scalable
- Regulators- there is a great deal of precedent for these controls, along with methods for testing the effectiveness in each enterprise
- Threat actors- It takes less skill and effort to use a compromised credential vs. attempting to attack system vulnerabilities
“It is not clear why more enterprises don’t choose passwordless authentication methods that are available, although the cost of this change is certainly a factor to consider. However, with an average industry cost of $10.2 million for breach remediation and recovery, it seems the business case for moving to advanced authentication is practical. This eliminates the need for storing passwords and risking their compromise.
“As long as enterprises continue with current authentication methods, they will deal with the costs of recovery and remediation from the use of compromised credentials. Most threat actors don’t brag about their exploits on Instagram, but if they did, social media users would be overloaded with exploit claims.”
I have to agree. Passwordless options should be the direction that most if not all organizations go towards. It would make life so much secure.
Like this:
Like Loading...
Related
This entry was posted on January 19, 2026 at 3:28 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
#Fail: Hacker Bragged He Stole Supreme Court Data on Instagram
Nicholas Moore, of Springfield, Tennessee, plead guilty to hacking the U.S. Supreme Court’s electronic filing system and breaching the AmeriCorps U.S. federal agency and the Department of Veterans Affairs after bragging and posting victims’ info and screenshots on Instagram. Using stolen credentials, he also accessed the Supreme Court’s restricted electronic filing system at least 25 times between August and October 2023 and used the same compromised credentials to log in.
More details here: https://www.justice.gov/usao-dc/pr/tennessee-man-pleads-hacking-us-supreme-court-americorps-and-va-health-system
Jim Routh, Chief Trust Officer at Saviynt, commented:
“Three stakeholder groups support the current practice of two-factor authentication (ID + Password + OTP) used by the majority of enterprises:
“It is not clear why more enterprises don’t choose passwordless authentication methods that are available, although the cost of this change is certainly a factor to consider. However, with an average industry cost of $10.2 million for breach remediation and recovery, it seems the business case for moving to advanced authentication is practical. This eliminates the need for storing passwords and risking their compromise.
“As long as enterprises continue with current authentication methods, they will deal with the costs of recovery and remediation from the use of compromised credentials. Most threat actors don’t brag about their exploits on Instagram, but if they did, social media users would be overloaded with exploit claims.”
I have to agree. Passwordless options should be the direction that most if not all organizations go towards. It would make life so much secure.
Share this:
Like this:
Related
This entry was posted on January 19, 2026 at 3:28 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.