“`html

Hacker Bragged on Instagram and Got Probation. Here’s the Real Problem.

A 24-year-old from Tennessee broke into federal systems at least 37 times, posted stolen Social Security numbers and medical records on Instagram, and walked away with probation. That’s not justice. That’s a warning about how badly the government protects your data.

What Actually Happened

Nicholas Moore, from Springfield, Tennessee, pleaded guilty in January 2026 to one count of computer fraud. He’s 24 years old. His Instagram handle was @ihackedthegovernment. I’m not making that up.

According to the U.S. Department of Justice, Moore used stolen login credentials to access the U.S. Supreme Court’s electronic filing system at least 25 times between August and October 2023. He also accessed AmeriCorps servers seven times and the VA’s MyHealtheVet system on five separate days between September and October 2023.

Then he posted the stolen data publicly on Instagram. We’re talking names, dates of birth, home addresses, security question answers, phone numbers, the last four digits of Social Security numbers, veteran status, and prescribed medications belonging to real people, including veterans, according to the DOJ press release.

Judge Beryl A. Howell is set to sentence Moore on April 17, 2026. The maximum penalty is one year in prison and a $100,000 fine. Moore cited mental health issues and the inability to work or drive. He pleaded remotely.

He told the judge, “I made a mistake.”

The Real Story Isn’t About One Kid

I want you to stop focusing on Moore for a second. Yes, he did something stupid and harmful. But the bigger story here is that he got in at all.

Moore didn’t write sophisticated malware. He didn’t hire a hacking crew. He used stolen credentials. That’s it. Someone else’s username and password, plugged into a federal login page, and boom. He was inside the U.S. Supreme Court’s filing system. Dozens of times.

This is called credential stuffing. It’s one of the oldest tricks in the book. And according to Verizon’s 2025 Data Breach Investigations Report, over 80% of all data breaches involve stolen or reused credentials. Over 80%. The federal government isn’t some startup with a shoestring budget. These are agencies with billions in IT spending, and a 24-year-old with stolen logins walked right through the front door.

According to a 2025 CISA report, federal hacks increased 25% year over year. That number should scare you. It tells me the government is losing ground, not gaining it.

Think about what Moore accessed. Medical records. Prescribed medications. Veteran health data. A Supreme Court filing victim’s personal information. This wasn’t corporate data. This was the most sensitive category of personal information that exists, and it was sitting behind a door that one person with a stolen key could open.

The Change Healthcare breach in 2024 followed the same pattern. Stolen credentials were used to expose health data on roughly one third of all Americans, according to published reports, and the company paid a $22 million ransom. One third of Americans. From stolen logins. This is a pattern, not a series of flukes.

Now here’s my contrarian take. The sentence Moore is likely to receive, probation for a Class A misdemeanor, reflects how the legal system values data. It doesn’t value it much. If Moore had stolen $100,000 in cash from a federal building, he’d be looking at serious federal time. But stealing medical records from veterans and posting them online? Misdemeanor territory. That’s backwards. Data is money. In many cases, data is more damaging than money when it gets into the wrong hands. You can replace stolen cash. You can’t un-expose someone’s HIV medication or their home address.

I think the light charge also reflects something else. Prosecutors may have gone light because the underlying system failures are embarrassing. A more aggressive case would put the government’s own security failures under a microscope in open court. Nobody in a federal agency wants that.

If you’re a content creator or small media operator covering stories like this, tools like InVideo AI can help you turn written breakdowns into short-form video fast. This type of story plays well in video format, and speed matters when news is moving.

What This Means for You

Here’s what I’d do right now if I were reading this as a regular person.

First, assume your data is already out there. Seriously. If you’ve ever used a government portal, a healthcare system, or any federal service, your credentials may be sitting in a database that someone has already sold. Act accordingly.

Second, stop reusing passwords. This is so basic it’s almost embarrassing to say, but it’s the root cause of what Moore exploited. Use a password manager. Change your government portal passwords today. Use a unique password for every account.

Third, turn on multi-factor authentication everywhere it’s available. According to Gartner’s 2025 data, MFA adoption in finance and government sits at only 65%, up 15% year over year. That means 35% of systems in those sectors still don’t require it. If a system gives you the option and you’re not using it, you’re leaving a door open.

Fourth, if you’re a veteran, check your VA MyHealtheVet account. Review what’s stored there. Look at login history if the portal shows it. Report anything suspicious immediately.

Fifth, if you run a small business and you’re storing client data, audit your login security now. You don’t need an enterprise budget to do this. There are solid tools available at accessible price points. AppSumo regularly lists lifetime deals on security and productivity software that small operators can actually afford.

The government will not protect your data the way you’d protect it yourself. That’s not cynicism. That’s a documented fact based on 25 unauthorized logins to the Supreme Court’s own system.

The Bottom Line

Nicholas Moore bragged about hacking the government on Instagram with a public account. He accessed federal systems 37 times with stolen passwords. He posted veterans’ medical records online. And he’s likely getting probation. The story here isn’t about one reckless 24-year-old. It’s about a federal infrastructure so poorly secured that a misdemeanor charge is the worst outcome from a months-long breach of the Supreme Court, AmeriCorps, and the VA. Your data lives in those systems. Start treating that like the threat it actually is.

Frequently Asked Questions

What did Nicholas Moore actually do in the government hacking case?

Moore used stolen login credentials to access three federal systems without permission: the U.S. Supreme Court’s electronic filing system, AmeriCorps servers, and the VA’s MyHealtheVet portal. He then posted the stolen personal data, including health records and partial Social Security numbers, on his public Instagram account @ihackedthegovernment, according to the Department of Justice.

Why is Moore only charged with a misdemeanor for hacking federal systems?

Moore pleaded guilty to one count of computer fraud as a Class A misdemeanor, which carries a maximum of one year in prison and a $100,000 fine. The charge reflects the plea agreement reached with prosecutors. Many legal observers and security professionals argue that existing laws don’t treat data theft as seriously as physical theft, even when the personal harm is comparable or worse.

How did Moore get into the Supreme Court and VA systems?

Moore used a technique called credential stuffing, where stolen usernames and passwords from other breaches are tried against new login pages. He didn’t build custom hacking tools. He simply used credentials someone else had already stolen. According to Verizon’s 2025 Data Breach Investigations Report, over 80% of breaches involve stolen or reused credentials.

What information was posted publicly on the @ihackedthegovernment Instagram account?

According to the DOJ, posted data included a Supreme Court victim’s name, filing records, date of birth, address, and security questions. AmeriCorps victim data included name, date of birth, email, address, phone number, the last four digits of their Social Security number, and veteran or service status. VA data included a veteran’s prescribed medications and other health information.

What should I do if I think my government account credentials were compromised?

Change your passwords immediately on any federal portal you use, including VA, IRS, and Social Security accounts. Enable multi-factor authentication wherever it’s offered. Check your account login history for unfamiliar activity and report anything suspicious to the relevant agency’s security or fraud line right away.

“`