Kash Patel Hit by Hackers Again: First His Personal Email, Now His Merch Site 'Based Apparel'

FBI Director Kash Patel is facing a second major cybersecurity breach in as many months. His personal merchandise website, BasedApparel.com, was taken offline on Friday after hackers reportedly hijacked it to distribute malware to unsuspecting visitors.

The site, which sells 'K$H'-branded clothing, books, and accessories, was co-created by Patel and Andrew Ollis before Patel was confirmed as FBI director under the Trump administration. The FBI has since stated that Patel 'divested from any interest' in the brand and does not profit from its sales.

How the Attack Worked

Visitors to BasedApparel.com were met with what appeared to be a routine Cloudflare verification page — the kind commonly used to screen out automated traffic. This one, however, had been tampered with. It displayed a warning claiming the visitor's IP address had been flagged for 'irregular web activity.'

Users were then prompted to copy a line of text and paste it into their Mac's terminal. The visible text appeared innocuous, reading: 'I am not a robot: Cloudflare Verification ID: 801470.' Clicking 'copy,' however, secretly grabbed an entirely different string — a base64-encoded shell command that silently downloaded malware onto the device once executed. This technique is known in cybersecurity as a 'ClickFix' attack, and it works not by breaking through security systems, but by manipulating users into doing the attacker's work themselves.

Passwords, Crypto and Credit Cards at Risk

A security researcher known as 'WifiRumHam' published an analysis of the malicious code, identifying what they described as an infostealer — software built to quietly harvest sensitive data. The researcher found it was designed to collect login credentials, browser cookies, data from more than 200 cryptocurrency browser extensions, Apple Notes content, and passwords stored in each victim's keychain.

WifiRumHam also claimed to have uncovered a payment skimmer on the site's checkout page, apparently intended to capture credit card details from anyone who attempted to buy something. WifiRumHam said the attack was made possible through a malicious WordPress plugin installed by the attacker. How the attacker first gained access to the site remains unknown.

FBI Silent on Investigation

By Friday morning, BasedApparel.com had gone dark. Its homepage carried a message that read: 'We'll be right back. We're making improvements to better serve you. The store will be back online shortly — bolder than ever,' urging visitors to 'stay based.'

In a statement to Straight Arrow News, the FBI declined to say whether it is investigating the breach.

Two breaches in under two months involving the FBI director's personal accounts and affiliated platforms raise broader questions about digital security standards for senior government officials. The Based Apparel attack required no sophisticated intrusion — it exploited the trust of ordinary visitors through social engineering alone. Cybersecurity experts warn that ClickFix-style attacks are growing in frequency precisely because they bypass technical defences entirely, targeting human behaviour instead. For a sitting FBI director, the back-to-back incidents present an uncomfortable irony.

Not the First Time

The breach follows an earlier incident in late March, when the Iranian-linked hacker group Handala published more than 300 emails from Patel's personal Gmail inbox. The leaked messages included family photographs and his personal résumé — a significant embarrassment for the country's top law enforcement official.

The latest hack was discovered on Thursday by a social media user known online as 'debbie,' who described herself not as a security researcher but simply as a 'big time nerd.' Her findings quickly drew the attention of cybersecurity analysts who began digging deeper into what had been planted on the site.