Twitter has banned a group that appeared to leak years of records from 200 police departments. The platform removed the account of Distributed Denial of Secrets (DDoSecrets), a collective that recently published nearly 270 gigabytes of data under the title “BlueLeaks.” Twitter also added a warning page that appears if you click an existing link to the dataset, and it’s blocking new tweets that include the link, warning that it’s been identified as “potentially harmful.”
DDoSecrets member Emma Best tweeted the news from a separate account earlier today. Twitter confirmed it in a statement to The Verge, saying that DDoSecrets violated rules against posting hacked materials and was permanently suspended. As Ars Technica notes, this hasn’t always been the site’s policy — better-known leaks site WikiLeaks maintains an account, for instance, despite releasing hacked data from the Democratic National Committee and other sources.
Best wrote on Twitter that they were more worried about the link blocking than the ban itself. “DDoSecrets has worked with dozens of major news outlets across the world and published terabytes of data uncovering money laundering schemes, corruption, and more,” Best tweeted. “While some of the data we host was hacked, much of it was (and will continue to be) leaked. Twitter has silenced those whistleblowers.”
The leaked data is only intermittently available through DDoSecrets’ site, but so far it’s apparently yielded details like a police department’s interest in protesters using Stingray-detecting app SnoopSnitch. Some of these details have now been removed as Twitter deletes tweets sharing DDoSecrets data.
According to a report obtained by security researcher and writer Brian Krebs, the BlueLeaks dataset contained some “highly sensitive information” — including bank routing numbers — alongside emails and other material from police departments across several countries. It was reportedly leaked after a breach at Netsential, a web development company that worked with government agencies. Best told Wired that the data was provided by someone identifying as a member of the Anonymous hacktivism movement and that DDoSecrets removed around 50 gigabytes of data including details about crime victims and health information.