Posted 06/26/2015 at 9:26 AM
Posted 2 years ago
A security company’s research has discovered a trove of logins for websites belonging to various United States government agencies online.
Recorded Future filed the report making the claim after spending the past year scanning 680,000 sources on the Internet.
In that search, they found 705 distinct log-ins stolen from approximately 47 different government agencies that ranged from the Justice Department to the CIA to the Treasury.
The sensitive information was found on public websites hackers normally use as data dump sites, like Pastebin for example.
Recorded Future commented on the find by saying: “The presence of these credentials on the open web leaves these agencies vulnerable to espionage, socially engineered attacks, and tailored spear-phishing attacks against their workforce.”
They had no further details on how many of the passwords that they found were still active, but they surmised that they were stolen in part because individuals used them to log into third-party websites.
That action left them vulnerable to the cyber-theft.
The firm did recommend that the agencies formally adopt two-party authentication as a security measure among others.