Muneeb and Sohaib Amin wiped 96 government databases seconds after termination, were convicted on computer fraud and related charges in May 2026.
Key Takeaways
Muneeb executed DROP DATABASE dhsproddb at 4:58 pm, then immediately queried an AI tool on clearing SQL Server logs – all within minutes of being fired.
The brothers reinstalled OS on corporate laptops with a co-conspirator’s help and wiped event logs, attempting to destroy forensic evidence.
A federal raid three weeks later recovered seven firearms and 370 rounds at Sohaib’s home – a separate felony given his prior record.
Muneeb took a plea deal (April 15, 2026); Sohaib went to trial and was found guilty May 7, 2026 on conspiracy to commit computer fraud, password trafficking, and illegal firearm possession.
The hiring company Opexus fired the managers responsible for bringing the twins on – a downstream accountability cascade triggered by the incident.
Hacker News Comment Review
Core security failure: commenters flagged that any employee able to instantly wipe 96 databases represents a standing risk, not just a termination-timing risk – least-privilege enforcement is the real fix.
Credential revocation before or simultaneous with the termination meeting has been standard offboarding practice for 20+ years; the fact this wasn’t done likely also implicates SOC2 compliance gaps.
Skepticism about access scope: commenters doubted the twins held clearance sufficient for DHS prod DBs and suspected stolen credentials explain the 5,000 passwords and cross-agency reach.
Notable Comments
@giantg2: Raises two concrete gaps – how 5k passwords were accessible (cleartext storage implied?) and how SOC2 certification survived without simultaneous access termination on offboarding.
@eviks: “Employees that can wipe 96 databases are a security risk, even when they’re employed” – argues reactive offboarding theater misses the structural overprivilege problem.
