FBI director emails breached by Iran-linked hackers — what happened and how to protect yourself

As the U.S.-Iran war drags on into its fourth week, a group of Iranian-backed hackers have claimed that they accessed FBI Director Kash Patel's personal emails. The group has even published photos and some documents that were allegedly pulled from Patel's emails as proof.

The hacker group, Handala Hack Team, said Patel "will now find his name among the list of ​successfully hacked victims." The posted images appear to be older photos of Patel smoking and sniffing cigars, posing next to a classic car, or generally enjoying international vacations.

According to Reuters, the Justice Department confirmed that Patel's email had been hacked and the photos seemed to be authentic.

In a message seen by Reuters, the hack was a response to the Iran war and an announced $10 million award by the FBI for Handala members.

"The so-called 'impenetrable' systems of the FBI were brought to their knees within hours by our team," the group claimed.

It's doubtful that Handala accessed Patel's official government emails and the materials appear to be from between 2010 and 2019. That said, plenty of government officials have been caught using personal emails as part of their official duties.

Who are Handala?

The Handala Hack Team is a pro-Palestinian hacker group that has been linked to Iran's Ministry of Intelligence and Security. The group started popping up in 2023.

According to a profile on Handala from the cybersecurity firm Cyble, the group is focused on disruption and reputational damage. It also likes to use malware that permanently deletes data or exposes sensitive information.

In general, Handala is mostly focused on attacking Israeli businesses, government agencies, and Western entities connected to Israel. In recent years, the group hacked senior members at Lockheed Martin and the massive Stryker hack that disrupted the medical tech giant's supply chain and manufacturing was also attributed to Handala.

How to protect your emails

While Handala's claims are a bit overblown in terms of bringing the FBI and its security systems to their knees, it's still a good reminder to protect your own emails.

Kash Patel's personal email was a Gmail account. One way to protect your Gmail is to setup two-factor authentication (or 2-Step Verification as Google dubs it).

Doing so means you won't have to rely on a single password to protect your account; you'll have an added layer of protection in the form of a security code obtained via text message, phone call, security key, or a mobile authentication app.

Alongside 2FA, you can also add backup codes and the Google Authenticator app for extra protection.

If you're on iPhone, you should consider enabling Apple's Lockdown Mode, especially if you believe you could be targeted. However, it does limit certain functions (like link previews in messages).

There's also Google's Advanced Protection Program which is designed to protect you from phishing attempts and harmful downloads. Like Lockdown Mode, it does introduce some limitations and extra requirements for using your Google account though.

If you find your email has been compromised, here's what to do if your email has been hacked.

Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.

More from Tom's Guide

• I thought this credit card alert was real — ChatGPT told me it was a scam in seconds
• 'Darksword' exploit just went global: Millions of iPhones now wide open to hackers
• We put the best identity theft protection to the test to protect your entire digital life — these are the services I recommend