Click to Skip Ad
Closing in...

Passwords From 47 Government Agencies Leaked Online

Published Jun 25th, 2015 4:45PM EDT
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Stolen email and passwords belonging to individuals from nearly 50 Government agencies have leaked online, according to a CIA backed startup out of Boston. According to a report from Recorded Future, login credentials from 47 agencies were found to have been leaked on upwards of 89 unique domains.

Compounding matters is that 12 of the affected agencies, including the Department of Energy, do not implement two-factor authentication. As a result, the report notes that “the presence of these credentials on the open Web leaves these agencies vulnerable to espionage, socially engineered attacks, and tailored spear-phishing attacks against their workforce.”

DON’T MISS: T-Mobile’s New Uncarrier Move Kills Lump Payments, Offers iPhone 6 for $15/Month

CBS has since revealed that the 12 agencies who haven’t yet implemented two-factor authentication include “the General Services Administration, USAID, and the departments of State, Veterans Affairs, Agriculture, Housing and Urban Development, Transportation, Treasury, Health and Human Services, Energy, Interior and Homeland Security.”

In compiling their report, Recorded Future notes that they used proprietary technology to scan over 680,000 different websites across seven languages. The report details that most credentials were compromised when Federal workers logged into third-party websites using the same credentials used to log in at work.

The report reads in part:

In many cases, our research identified the immediate removal of the credentials by sites such as pastebin.com. However, to Recorded Future’s knowledge, no efforts are made to contact government agencies whose credentials may be posted on a paste site. Further, while the information may be removed from a paste site, it likely still circulates in private circles and is available to the original attackers.

What makes this report all the more worrisome is that it’s wholly unrelated to recent the hack on the Office of Personnel Management where hackers made off with the personal information of at least 4 million federal workers. The compromised data in that particular security breach included social security numbers, birth dates, addresses, job and pay history, health insurance information, and much more.

Yoni Heisler Contributing Writer

Yoni Heisler has been writing about Apple and the tech industry at large with over 15 years of experience. A life long expert Mac user and Apple expert, his writing has appeared in Edible Apple, Network World, MacLife, Macworld UK, and TUAW.

When not analyzing the latest happenings with Apple, Yoni enjoys catching Improv shows in Chicago, playing soccer, and cultivating new TV show addictions.