Jump to content

Stolen Government Agency Passwords Easy to Find Online - See more at: https://threatpost.com/stolen-government-agency-passwords-easy-to-find-online/11

RV_

By RV_
in Computers and Software

Recommended Posts

RV_ Grand Master

RV_

Posted
Posted

The real takeaway from this article is that not only have government computers systems and databases been compromised but the passwords and names of folks that access them were also obtained.

 

The takeaway? If you use the same password for important things over and over you could very likely be a prime candidate for complete Identity and monies thefts.

 

Excerpt:

 

"Credentials stolen in breaches and sundry hacks belonging to close to 100 unique U.S. government domains are scattered among a number of paste sites and are searchable in other locations online.

 

Analysts at Recorded Future said on Wednesday that through open source intelligence gathering and analysis, they found either clear text or hashed email-password combinations belonging to individuals at 47 agencies. The credentials were found mostly on 17 different paste sites, including Pastebin, and were posted there between November 2013 and November 2014.

 

All of the affected agencies were informed, Recorded Future said. The lengthy exposure of the credentials—most of which afforded access to non-classified networks—put government employees and agencies at risk for a number of attacks ranging from identity theft to social engineering, phishing, and espionage.

 

“The presence of these credentials on the open Web leaves these agencies vulnerable to espionage, socially engineered attacks, and tailored spear-phishing attacks against their workforce,” Recorded Future said in its report, “Government Credentials on the Web.” “While some agencies employ VPNs, two-factor authentication, and other tokens to provide a safety net, many agencies lag behind as cited by the OMB report to Congress.”

 

While Recorded Future’s analysis took place prior to the recently disclosed Office of Personnel Management (OPM) hack during which millions of federal employees’ personal records, background checks and security clearance applications were accessed, a number of OPM credentials were also found in the clear on a number of paste sites.

 

Most of the paste sites removed the stolen credentials once they were informed, Recorded Future said, but added that the government agencies were not informed of the exposed passwords or hashes."

 

Much more in the article at: https://threatpost.com/stolen-government-agency-passwords-easy-to-find-online/113469#sthash.5RedghPN.dpuf

RV/Derek
http://www.rvroadie.com Email on the bottom of my website page.
Retired AF 1971-1998


When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius

 

“Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
RVers Online University

mywaggle.com

campgroundviews.com

RV Destinations

Find out more or sign up for Escapees RV'ers Bootcamp.

Advertise your product or service here.

RVTravel.com Logo



×
×
  • Create New...