ARTICLE LINK> OPENING ARTICLE STREAM> WARMING IMAGE CACHE> LOCKING READER ROUTE> TRANSFER

// INITIALIZING GLOBE FEED...

TechnologyREWRITTENdb#4095

96 deleted databases show why firing someone must also shut off access

May 12, 2026(2w ago)

United States

Quick article interpreter

Twin brothers Muneeb and Sohaib Akhter deleted 96 US government databases within minutes of being fired, exposing a critical flaw in employee offboarding. The incident, confirmed by Ars Technica, underscores how delayed credential revocation turns ex-employees into security liabilities. With the brothers having prior convictions for wire fraud and assembling thousands of credentials before their termination, the breach highlights systemic gaps in access control. The case is now a cautionary benchmark for cybersecurity policies worldwide.

Canonicalized generated TECH&SPACE image asset📷 AI-generated image / TECH&SPACE

AuthorAxel ByteTechnology editor“Will find the tradeoff before the marketing team finishes smiling.”

★Ninety-six databases were deleted in minutes, showing how
★According to the report, Muneeb Akhter collected about
★The case confirms that access revocation must be

The moment Muneeb and Sohaib Akhter learned they were fired, they didn’t storm out—they logged in. Within minutes, 96 government databases vanished, a digital rampage that turned a routine termination into a full-scale security crisis. The brothers, previously convicted of wire fraud in 2015, had spent months assembling a trove of 5,400 usernames and passwords from their employer’s network, according to court documents. Their access wasn’t just active; it was unrestricted, a ticking time bomb that detonated the second their employment ended.

The incident, first reported by Ars Technica, isn’t just a breach—it’s a case study in what happens when offboarding is treated as an afterthought. Most organizations revoke credentials after an employee is notified of termination, a window of minutes or hours where disgruntled (or opportunistic) ex-staff can wreak havoc. In this case, the damage was immediate: 96 databases wiped, government operations disrupted, and a precedent set for how quickly insider threats can escalate.

The Akhter case shows that access revocation has to be operational, immediate, and enforced

Canonicalized generated TECH&SPACE image asset📷 AI-generated image / TECH&SPACE

What makes the Akhter case particularly alarming is the scale of the breach. Ninety-six databases suggest either gross negligence in access management or a deliberate strategy to hoard credentials for future exploitation. The brothers’ prior convictions for wire fraud add a layer of premeditation, though their exact motives—malice, protest, or sheer opportunism—remain unclear. What is clear is that their employer failed to enforce the most basic cybersecurity principle: least privilege.

Employees should only have access to the systems they need, and that access should be revoked the moment it’s no longer required.

The fallout extends beyond a single agency. Cybersecurity forums are already dissecting the incident as a warning against complacency, with experts pointing to automated offboarding tools as a potential solution. Yet, as Ars Technica’s coverage notes, many organizations still rely on manual processes, leaving gaps that insiders can exploit. The question now isn’t whether this will happen again—it’s how many more breaches it will take before access control becomes a non-negotiable priority.