【AI前沿】Twin brothers wipe 96 gov't databases minutes after being fired

“smart idea”Twin brothers wipe 96 gov’t databases minutes after being firedA case study in why credentials are revoked before firings.Nate Anderson–May 12, 2026 3:12 pm|125Credit:

      Getty ImagesCredit:

      Getty ImagesText
    settingsStory textSizeSmallStandardLargeWidth*StandardWideLinksStandardOrange* Subscribers onlyLearn moreMinimize to navIn the US, fired and laid-off workers often have their digital credentials deactivated before they learn about the loss of their jobs; indeed, the inability to log in to a corporate system may be the first an employee knows of the situation.Although not a generous or humane approach to staff reduction, it does follow from the simple fact that a fired employee with access to company systems is a security risk.Just ask the Akhter twin brothers,accused of wiping out 96 databaseshosting US government information in the minutes after both were fired last year from their shared employer.DROP DATABASEMuneeb and Sohaib Akhter, now both 34, had been in trouble before. Back in 2015, the brothers pled guilty in Virginia to a scheme involving wire fraud and computers. Muneeb was sentenced to three years in prison, while Sohaib got two.After their stints in jail, the brothers worked their way back into the tech world. In 2023, Muneeb got a job with a Washington, DC, firm that sold software and services to 45 federal clients; Sohaib got a job at the same company a year later.According to the government, however, the two couldn’t stay out of trouble. For instance:On Feb. 1, 2025, Muneeb Akhter asked Sohaib Akhter for the plaintext password of an individual who submitted a complaint to the Equal Employment Opportunity Commission’s Public Portal, which was maintained by the Akhters’ employer. Sohaib Akhter conducted a database query on the EEOC database and then provided the password to Muneeb Akhter. That password was subsequently used to access that individual’s email account without authorization.This was not a one-off. Muneeb had been assembling usernames and passwords—5,400 of them taken from his own company’s network data. He then built custom Python scripts to try these logins against common websites; for instance, his “marriott_checker.py” application tested the logins against Marriott’s hotel chains. Muneeb managed to log in successfully hundreds of times, including to DocuSign and airline accounts. Sometimes, if victims had airline miles stored, Muneeb would book travel for himself.The brothers’ employer appears to have learned about their criminal past at some point in February. On February 18, 2025, the brothers—who lived together in Virginia—were both called into a Microsoft Teams meeting and summarily fired.The call took place at the end of the day, wrapping up at 4:50 pm. Five minutes later, Sohaib was already trying to access his (now former) employer’s network—but found that his VPN access and Windows account were terminated.Muneeb’s account had been overlooked, however, and he immediately embarked on a campaign of destruction.At 4:56 pm, Muneeb accessed a US government database that his company maintained. He “issued commands to prevent other users from connecting or making changes to the database, and then issued a command to delete the database,” the government said.At 4:58 pm, he wiped out aDepartment of Homeland Securitydatabase using the command “DROP DATABASE dhsproddb.”At 4:59 pm, he asked an AI tool, “How do i clear system logs from SQL servers after deleting databases?” He later asked, “How do you clear all event and application logs from Microsoft windows server 2012?”In the space of a single hour, Muneeb deleted around 96 databases with US government information. He downloaded 1,805 files belonging to the EEOC and stashed them on a USB drive, then grabbed federal tax information for at least 450 people.Smart ideasWhile this was going on, the brothers held a running conversation. (The government is not clear about whether this took place over text, instant message, or in person.)“I see you cleaning out their database backups,” Sohaib said as he watched Muneeb’s work. As the database casualty list grew, Sohaib said, “Alright—if you have good plausible deniability.”Muneeb didn’t appear to consider his actions a big deal. “Eh, they can recover from yesterday,” he said, referring to daily database backups.“Yeah, they could,” Sohaib agreed.Muneeb noted that an employee they knew would “have some work to do” when the destruction was revealed.Sohaib fed Muneeb more suggestions.“Delete their filesystem as well?” he said.“Smart idea,” said Muneeb.Sohaib then wondered if they had been too hasty. Perhaps, he said, “You shoulda had a kill script. Like, blackmailing them for some money would have been—”“No, you do not do that, that’s proof of guilt, man,” Muneeb said.“No, but the thing was, you always have your opinion,” Sohaib complained, and the two then bickered about whether they might try to blackmail their company’s custo