Hack that hit Fish & Game involved 6.5 million users in four states

Including Idaho. Bottom line: never reuse a password across various websites. Get a password vault and use a different generated password on every site. 

Oh, and the government has the worst record for being hacked. And they contain the most sensitive info. 

The first indication that a hacker might have accessed personal data on the online licensing website used by Idaho’s Department of Fish & Game came late on Monday, Aug. 25. The vendor that runs the service for the state patched the vulnerability the same day.

Separately, Idaho Fish & Game learned of the potential breach through the Department of Homeland Security on Tuesday. The site was promptly shuttered and the public put on notice.

By then, authorities and site operators knew that the hacker, using the handle “Mr. High,” had boasted of accessing personal information for as many as 6.5 million people who had used one of four such state licensing sites in Washington, Oregon, Idaho and Kentucky. 

Mr. High had actually announced his gambit the Friday before, Aug. 19, on a cheekily-named online forum accessible from any web browser. 

Read more