Loading...
Loading...
A jury convicted Virginia contractor Sohaib Akhter for his role in a scheme that led to the deletion of about 96 databases containing U.S. government data after he and his twin, Muneeb, were fired from a vendor supplying software to at least 45 agencies. Prosecutors say Sohaib supplied a plaintext password that let Muneeb access an EEOC complaint account, then, within minutes of their termination, Muneeb issued commands to prevent access and delete databases, including a DHS production database.
Insider misuse of retained credentials and simple plaintext passwords enabled rapid, large-scale deletion of sensitive government databases, highlighting risks to system integrity and availability. Tech teams must reassess access controls, credential hygiene, and incident response for AI-assisted log and command activity.
Dossier last updated: 2026-05-13 02:31:21
Two twin brothers, Muneeb and Sohaib Akhter, were fired from a contractor that managed federal systems and minutes later allegedly deleted about 96 US government databases and exfiltrated sensitive files. After their termination call on Feb. 18, 2025, Sohaib’s access was cut but Muneeb retained credentials and executed DROP DATABASE commands — including against a DHS database — downloaded 1,805 EEOC files and tax records for at least 450 people, and queried an AI tool about clearing logs. The brothers had prior convictions for computer-related fraud and had harvested thousands of credentials to automate account takeovers. The incident highlights insider risk, credential hygiene, and the need for rapid access revocation and audit controls in government contracting.
Two twin brothers, Muneeb and Sohaib Akhter, were fired from a contractor that hosted federal systems and minutes later Muneeb used retained credentials to delete about 96 U.S. government databases and exfiltrate files. The brothers had prior convictions for computer and wire fraud and were alleged to have harvested 5,400 credentials, tested them with Python scripts against third‑party sites, and accessed victims’ accounts. After being terminated in a Teams call, Sohaib lost access but Muneeb’s account remained active; between 4:56–4:59 pm he issued DROP DATABASE commands (including on DHS systems), downloaded EEOC files and tax data, and asked AI tools how to erase logs. The incident highlights insider risk, credential hygiene, and offboarding gaps at vendors handling sensitive government data.
Two twin brothers, former convicts Muneeb and Sohaib Akhter, are accused of deleting 96 US government databases minutes after being fired from a contractor in February 2025. The siblings had reentered federal contracting roles; prosecutors say Muneeb harvested 5,400 credentials, used automated Python scripts to break into consumer and corporate accounts, and after termination exploited an overlooked corporate account to issue DROP DATABASE commands — including for a Department of Homeland Security database. He also downloaded thousands of files from the EEOC and federal tax records, and queried AI tools about clearing logs. The incident underscores insider risks, credential reuse, and the damage a single privileged account can cause.
A jury convicted Virginia contractor Sohaib Akhter for his role in a scheme that led to the deletion of about 96 databases containing U.S. government data after he and his twin, Muneeb, were fired from a vendor supplying software to at least 45 agencies. Prosecutors say Sohaib supplied a plaintext password that let Muneeb access an EEOC complaint account, then, within minutes of their termination, Muneeb issued commands to prevent access and delete databases, including a DHS production database. The indictment describes exfiltration of files, attempts to erase logs (including queries to an AI tool about clearing logs), theft of IRS data, and efforts to wipe devices; Muneeb remains awaiting trial. The case highlights insider risks to government supply-chain software and post-termination threat activity.