User claiming responsibility for recent bomb threats may have hacked city of Cincinnati government

Posted at 2:12 PM, Sep 14, 2016
and last updated 2016-09-14 18:55:40-04

CINCINNATI -- A person or persons taking responsibility for a recent spate of threats around the Tri-State now appears to have posted a list of outdated city government passwords online.

Whoever's behind the online account has worked to get media attention since the bomb threats began last week and claimed responsibility for some of them, including threats against Mason High School on Friday and the Cincinnati Bell Connector on Saturday.

The lists posted Wednesday include nearly 300 city of Cincinnati email addresses and passwords, a Cincinnati Fire Department email address and password, as well as some accounts of media outlet

Tiffaney Hardy, Cincinnati police spokeswoman, said the password posted with her account is several years old. And the list includes the email address of at least one city worker who retired several years ago, indicating the lists may be mostly outdated data.

City Manager Harry Black said the city's information technology department is monitoring the situation and does not believe city systems were breached in any way. 

He said the passwords were possibly obtained during a hack of a "popular social media site" from "a few years ago."

Although the information is "outdated," Black said the city's IT team is taking every precaution to protect city employees from hack attempts. 

"This group, and those like them, are committed to causing disruption and harm and represent a threat we take seriously," Black said in a news release. 

Law enforcement officials from two counties are working together and with the FBI to figure out who's responsible for past threats, which have targeted schools and the Cincinnati Zoo in addition to the city's brand-new streetcar system.

Todd Lindgren, FBI spokesman, said an active investigation is underway.