A hacker going by the name KillCode has leaked over 5208 account credentials allegedly stolen from the IT Service Desk domain of the National Institutes of Health website (itservicedesk.nih.gov).
The leak comprises data found from the “dbo.User_Staff_JOIN” table of the “Remedy Mirror” database, and it includes password hashes, email addresses and usernames in the dump. Luckily, the passwords appear to be decently encrypted.
At the time of this post, the site is down. It appears like the admin of the site is patching the security flaw.
The hacker also revealed a XSS Vulnerability in a couple of high profile sites which includes Federal Aviation Authority (faa.gov) site, United States Air Force (airforce.com).