Muneeb and Sohaib Akhter, fired IT contractors, used retained credentials to DROP 96 government databases including DHS and EEOC systems, then wiped logs and reinstalled laptops; both convicted in 2026.
Key Takeaways
Credentials were not revoked before or during termination, giving the brothers live database access minutes after being fired.
Muneeb executed DROP DATABASE dhsproddb against a DHS production database; the destruction spanned 96 databases across multiple government systems.
EEOC plaintext user passwords were stored in the database and were queried and exfiltrated before destruction.
After wiping event logs and reinstalling OS on corporate laptops, the brothers discussed blackmail, then abandoned it; Muneeb correctly noted it would be proof of guilt.
A federal raid three weeks later found seven firearms and 370 rounds at Sohaib’s home, adding a felon-in-possession charge; Sohaib was convicted May 7, 2026 on all counts.
Hacker News Comment Review
Commenters flagged the plaintext password storage as the most alarming technical detail, treating it as a SOC 2 compliance failure independent of the termination process breakdown.
Consensus is that revoking access simultaneously with or before notifying the employee is a baseline standard for any privileged IT role, not a harsh overreach; the employer’s failure here was straightforward incompetence.
The brothers querying an AI tool mid-rampage for SQL log-clearing commands and Windows event log deletion was cited as evidence of low operational sophistication, making the scale of damage even more striking.
Notable Comments
@game_the0ry: Mid-destruction, Muneeb asked an AI how to clear SQL Server logs and Windows event logs, confirming no pre-planned tradecraft.
@taffydavid: Flags a logical gap in the indictment: a verbatim conversation transcript exists without clarity on whether it was text, IM, or in-person.
