When Fired Employees Go Rogue: The Akhter Database Wipe

Most of us have had a bad day at the office. We might vent to a friend or update our resume in a huff. But we don't usually decide to burn the whole building down on the way out.

That is exactly what happened with the Akhter brothers last year. They were fired from their jobs and immediately turned to digital sabotage. It is a wild, messy, and frankly terrifying look at what happens when disgruntled staff keep their keys to the kingdom.

You really have to wonder how this was possible. How does one person delete 96 government databases in under an hour? It sounds like a bad movie, but it is very real.

A history of playing with fire

Muneeb and Sohaib Akhter were not new to the world of crime. Back in 2015, they faced charges for wire fraud and computer crimes in Virginia. They served time, paid their dues, and eventually found their way back into the tech industry. It is common for people to get a second chance, but these two clearly didn't learn their lesson.

By 2023, Muneeb landed a role at a D.C. firm. This company gave software and services to 45 federal clients. Sohaib joined him at the same firm a year later. On paper, it looked like a redemption story. Behind the scenes, they were just waiting for another chance to pull off a hack.

The brothers were already busy stealing data long before they were let go. They were harvesting usernames and passwords from their own company network. They even built custom scripts to test these stolen logins against hotel and airline accounts. They were living a double life.

The clock starts ticking down

The company finally caught on to their past in February 2025. They called the brothers into a Microsoft Teams meeting on February 18. It was a short, brutal call. They were fired at 4:50 pm. The company made a fatal mistake that day.

They cut off Sohaib immediately. His VPN and Windows access died within five minutes. But someone forgot to kill Muneeb's access. That five-minute gap was all he needed to start the destruction. He went to work at 4:56 pm.

He started by locking out other users. Then he issued the command to drop the databases. He hit the Department of Homeland Security servers just two minutes later. He was efficient, cold, and clearly had a plan. He wanted to leave nothing behind.

He even used an AI tool to ask how to clear system logs. He wanted to wipe his tracks clean. He managed to delete 96 databases in sixty minutes. He also stole files from the EEOC and tax records for 450 people. It was pure chaos.

The brothers kept chatting while the data vanished. Sohaib watched the progress and encouraged the mess. They discussed deleting the filesystem to make it worse. They even debated blackmailing the company for a moment before deciding it was too risky.

After the carnage, they wiped their corporate laptops. They had help from an outside friend to clear the OS. They thought they were smart enough to hide their digital fingerprints forever. They were very wrong.

The technical cost of oversight

The damage was massive. Deleting 96 databases isn't just a minor glitch. It is a total failure of identity and access management. When you fire someone with high-level admin rights, you must kill their access instantly. Not in five minutes. Not tomorrow.

The brothers used standard SQL commands to wreck the systems. The command "DROP DATABASE" is simple, yet it carries immense power. When an admin uses it, the system assumes they know what they are doing. There are no safety nets for a rogue employee with root access.

Log files are the only way to track such an attack. By trying to wipe those logs, the brothers showed they knew exactly how to hide. They wanted to turn a targeted attack into a "mystery" failure. They failed because digital trails are almost impossible to fully erase.

What happens after the dust settles

The feds showed up at Sohaib's home in March. They found tech gear, seven guns, and hundreds of rounds of ammo. He wasn't supposed to have any of that. It added a new layer of danger to an already grim case.

They stayed free for months while the investigation dragged on. Eventually, the law caught up to them in December. Muneeb folded and signed a plea deal. Sohaib tried his luck at trial and lost. The consequences are now permanent.

This case is a warning for every tech firm in the country. Your employees are your biggest risk. You can't just trust them because they have a badge or a login. You have to verify, monitor, and revoke access the second they are out the door.

Quick questions answered

How did they get hired with a criminal record? Many firms don't perform deep background checks after a certain amount of time passes. They clearly slipped through the cracks.

Was the data recovered? The government hasn't disclosed the full extent of the recovery. Daily backups helped, but the breach was deep and malicious.

Why did the company wait to fire them? They likely only learned about the past criminal history in February. The decision was likely immediate once the truth came out.

What is the lesson for IT teams? Revoke access before the termination meeting starts. If the employee is in the room, they should be locked out of the network already.

How did they get caught? Even with their attempts to wipe logs, they left enough breadcrumbs for the FBI to trace the commands back to their hardware.