Official emails and plain text passwords of close to one-quarter of people working in Congress have been compromised. A joint investigation by Constella Intelligence, a digital risk firm, and Proton, a privacy provider, found data of nearly 3,200 people on the dark web.
The investigation uncovered 3,191 out of 16,543 official email addresses exposed to a hack or breach, as well as 1,848 plain text passwords. The most common reason for the breaches was that staffers used their official work emails to sign up for online services like dating websites. According to the team, this highlights “a critical security lapse where work-related emails became entangled with less secure third-party platforms.”
“In today’s digital landscape, robust cybersecurity practices are crucial, especially for those with access to sensitive information,” said Proton Head of Account Security Eamonn Maguire. “The volume of exposed accounts among U.S. political staffers is alarming, and the potential consequences of compromised accounts could be severe.”