DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Congress aides warned of email login security breach after @OpLastResort tweets notice of hack

Posted on July 18, 2013 by Dissent

While many of us were watching the House Judiciary Committee oversight hearing on FISA, @OpLastResort tweeted:

While the House Judiciary Committee held #FISAOversight hearings today, we’ve been doing some oversight of the House pic.twitter.com/obWimEBjTf

— OpLastResort (@OpLastResort) July 17, 2013


oplastresort1

Today, Richard Cowan reports:

Congressional aides in the Senate and House of Representatives said on Thursday that they were notified of a potential security risk involving email and other accounts.

“There have been reports online of Senate and House email accounts being exposed and hacked,” said an email warning sent to all Senate staff.

The memo added, “no account or data has been accessed or stolen.” But the memo warned that the posting of congressional email addresses often leads to “future targets of spear phishing,” a type of electronic fraud targeting specific organizations.

Congressional employees were warned to forward suspicious emails to security officials so they could be screened.

A long list of congressional email accounts, some belonging to former employees, was posted on at least one website. Many of the email addresses also listed what appeared to be passwords.

A tweet by OpLastResort warned: “Dear #Congress: We are paying very, very close attention to how you handle #NSA #FISA & #PRISM Don’t.. Fuck.. Up….”

Read more on WKZO

In the paste of e-mail addresses and alleged passwords, @OpLastResort writes:

“NOTE: FOR THE PURPOSES OF BEING FAR TOO GENEROUS WITH YOU GUYS, WE HAVE REMOVED SOME OF THE PASSWORDS AND SHUFFLED THE ORDER OF THE REMAINING ONES. THESE ARE ALL CURRENT, VALID CREDENTIALS BUT THEY ARE NOT IN THE ORIGINAL PAIRINGS. WE RESERVE THE RIGHT TO SPONTANEOUSLY DECIDE THIS RESTRAINT WAS UNJUSTIFIED.”

The Hill, however, reports that the data may not have been stolen from House’s email system:

An email that was sent to congressional offices, obtained by The Hill, said House Security believes the leaked staffer emails and passwords were poached from another online service rather than the House network’s email system.

A separate email sent to House offices said the breach was traced to the iConstituent newsletter product, which is typically used by press staffers to communicate with constituents.

The email urged staffers to change their password for the iConstitutent service and said their email accounts on the House network were not affected by the breach.

Read more on The Hill.

Update: @OpLastResort just confirmed to DataBreaches.net that the iConstituent service was the source of the data they dumped.

No related posts.

Category: Government SectorHackU.S.

Post navigation

← Scottish Borders Council data breach fine decision overturned
St. Mary’s Bank notifies more than 115,000 customers after malware infection discovered →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.