Connect with us

Hi, what are you looking for?



Claims of Plone Zero-Day and FBI Hack Likely False

Claims that the FBI’s website has been hacked using a zero-day vulnerability in Plone are false, according to the developers of the open source content management system (CMS).

Claims that the FBI’s website has been hacked using a zero-day vulnerability in Plone are false, according to the developers of the open source content management system (CMS).

On January 1, an individual using the online moniker CyberZeist (aka le4ky) leaked roughly 150 email addresses and what appeared to be SHA-1 password hashes and their associated salts. CyberZeist claimed to have obtained the information after exploiting a Plone zero-day flaw that has allegedly been sold on a dark net website.

Plone developers have analyzed the screenshots and information made available by CyberZeist and determined that it’s likely just a “hoax.”

Plone is considered a highly secure CMS and the fact that it has been used by the FBI and various other U.S. government organizations is not a secret. However, that may be the only truth in the post published on Pastebin by CyberZeist, who claimed to have carried out the attack on behalf of the Anonymous hacktivist movement.

The developers of Plone said some of the screenshots have been faked, while others simply don’t back the hacker’s claims. Furthermore, the leaked email addresses show up in several older leaks, and the password hashes and salts are not consistent with ones generated by Plone. The credentials were allegedly obtained from .bck backup files, but this extension is not used by the Plone backup system.

“It is extremely easy to fake a hack like this. It takes only rudimentary Photoshop skills or use of the Chrome JavaScript developer console,” said Nathan Van Gheem of the Plone security team.

Plone also pointed out that the so-called zero-day exploit is up for sale for 8 bitcoins ($9,000), but since it’s not possible to obtain refunds on such transactions, experts believe it’s likely a scam.

Advertisement. Scroll to continue reading.

“We don’t believe the FBI is his target; it is more likely that he is using this high profile site as a way of advertising fake exploits for sale,” Plone representatives said. “There is no reason to believe that his claims are genuine and we remind all website administrators to be wary of social media users claiming to have bugs for sale.”

CyberZeist has claimed to have found vulnerabilities in the websites of several major organizations in the past months, but he hasn’t provided any solid proof to back his claims. Furthermore, he has been known to fake data leaks.

Related Reading: News or Ruse? How Cyber Situational Awareness Can Help You to Distinguish

Related Reading: Hundreds Access Fake Bank Account Data “Leaked” to Dark Web

Related Reading: eBay, Security Experts Say Database Dump is Fake

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.