Jump to content

Stolen Government Agency Passwords Easy to Find Online - See more at: https://threatpost.com/stolen-government-agency-passwords-easy-to-find-online/11


Recommended Posts

The real takeaway from this article is that not only have government computers systems and databases been compromised but the passwords and names of folks that access them were also obtained.


The takeaway? If you use the same password for important things over and over you could very likely be a prime candidate for complete Identity and monies thefts.




"Credentials stolen in breaches and sundry hacks belonging to close to 100 unique U.S. government domains are scattered among a number of paste sites and are searchable in other locations online.


Analysts at Recorded Future said on Wednesday that through open source intelligence gathering and analysis, they found either clear text or hashed email-password combinations belonging to individuals at 47 agencies. The credentials were found mostly on 17 different paste sites, including Pastebin, and were posted there between November 2013 and November 2014.


All of the affected agencies were informed, Recorded Future said. The lengthy exposure of the credentials—most of which afforded access to non-classified networks—put government employees and agencies at risk for a number of attacks ranging from identity theft to social engineering, phishing, and espionage.


“The presence of these credentials on the open Web leaves these agencies vulnerable to espionage, socially engineered attacks, and tailored spear-phishing attacks against their workforce,” Recorded Future said in its report, “Government Credentials on the Web.” “While some agencies employ VPNs, two-factor authentication, and other tokens to provide a safety net, many agencies lag behind as cited by the OMB report to Congress.”


While Recorded Future’s analysis took place prior to the recently disclosed Office of Personnel Management (OPM) hack during which millions of federal employees’ personal records, background checks and security clearance applications were accessed, a number of OPM credentials were also found in the clear on a number of paste sites.


Most of the paste sites removed the stolen credentials once they were informed, Recorded Future said, but added that the government agencies were not informed of the exposed passwords or hashes."


Much more in the article at: https://threatpost.com/stolen-government-agency-passwords-easy-to-find-online/113469#sthash.5RedghPN.dpuf

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

This topic is now closed to further replies.
  • Create New...