An anonymous hacker claims to have breached CIA Director John Brennan‘s personal email account and has posted documents online, including a list of email addresses purportedly from Brennan’s contact file.
The CIA said it referred the matter to the proper authorities, but would not comment further.
The hacker spoke to the New York Post, which described him in an article published Sunday as “a stoner high school student,” motivated by his opposition to U.S. foreign policy and support for Palestinians. His Twitter account, @phphax, includes links to files that he says are Brennan’s contact list, a log of phone calls by then-CIA deputy director Avril Haines, and other documents.
The Post said he didn’t reveal his name or where he lived.
One document purporting to come from Brennan’s AOL email account contains a spreadsheet of people, including senior intelligence officials, along with their Social Security numbers, although the hacker redacted the numbers in the version he posted on Twitter. It’s unclear why Brennan would have stored such a document in his private email account. Based on the titles, the document appears to date from 2009 or before.
When people visit the White House and other secure facilities, they are required to supply their Social Security numbers. Brennan could have been forwarding a list of invitees to the White House when he was President Barack Obama‘s counter terrorism adviser, the job he held before he became CIA director in 2013.
Security experts advise people not to email Social Security numbers, and some companies have software that automatically blocks an email if it detects characters in the format of a Social Security number.
The hacker told the Post he had obtained a 47-page version of Brennan’s application for a security clearance, known as an SF86. That document — millions of which were stolen from the federal personnel office last year by hackers linked to China — contains detailed information about past jobs, foreign contacts, finances and other sensitive personal details.
No such document appears to be posted on the hacker’s Twitter account, but it’s not clear whether the hacker posted it elsewhere.