DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Congress aides warned of email login security breach after @OpLastResort tweets notice of hack

Posted on July 18, 2013 by Dissent

While many of us were watching the House Judiciary Committee oversight hearing on FISA, @OpLastResort tweeted:

While the House Judiciary Committee held #FISAOversight hearings today, we’ve been doing some oversight of the House pic.twitter.com/obWimEBjTf

— OpLastResort (@OpLastResort) July 17, 2013


oplastresort1

Today, Richard Cowan reports:

Congressional aides in the Senate and House of Representatives said on Thursday that they were notified of a potential security risk involving email and other accounts.

“There have been reports online of Senate and House email accounts being exposed and hacked,” said an email warning sent to all Senate staff.

The memo added, “no account or data has been accessed or stolen.” But the memo warned that the posting of congressional email addresses often leads to “future targets of spear phishing,” a type of electronic fraud targeting specific organizations.

Congressional employees were warned to forward suspicious emails to security officials so they could be screened.

A long list of congressional email accounts, some belonging to former employees, was posted on at least one website. Many of the email addresses also listed what appeared to be passwords.

A tweet by OpLastResort warned: “Dear #Congress: We are paying very, very close attention to how you handle #NSA #FISA & #PRISM Don’t.. Fuck.. Up….”

Read more on WKZO

In the paste of e-mail addresses and alleged passwords, @OpLastResort writes:

“NOTE: FOR THE PURPOSES OF BEING FAR TOO GENEROUS WITH YOU GUYS, WE HAVE REMOVED SOME OF THE PASSWORDS AND SHUFFLED THE ORDER OF THE REMAINING ONES. THESE ARE ALL CURRENT, VALID CREDENTIALS BUT THEY ARE NOT IN THE ORIGINAL PAIRINGS. WE RESERVE THE RIGHT TO SPONTANEOUSLY DECIDE THIS RESTRAINT WAS UNJUSTIFIED.”

The Hill, however, reports that the data may not have been stolen from House’s email system:

An email that was sent to congressional offices, obtained by The Hill, said House Security believes the leaked staffer emails and passwords were poached from another online service rather than the House network’s email system.

A separate email sent to House offices said the breach was traced to the iConstituent newsletter product, which is typically used by press staffers to communicate with constituents.

The email urged staffers to change their password for the iConstitutent service and said their email accounts on the House network were not affected by the breach.

Read more on The Hill.

Update: @OpLastResort just confirmed to DataBreaches.net that the iConstituent service was the source of the data they dumped.

No related posts.

Category: Government SectorHackU.S.

Post navigation

← Scottish Borders Council data breach fine decision overturned
St. Mary’s Bank notifies more than 115,000 customers after malware infection discovered →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ransomware in Italy, strike at the Diskstation gang: hacker group leader arrested in Milan
  • A year after cyber attack, Columbus could invest $23M in cybersecurity upgrades
  • Gravity Forms Breach Hits 1M WordPress Sites
  • Stormous claims to have protected health info on 600,000 patients of North Country Healthcare. The data appear fake. (1)
  • Back from the Brink: District Court Clears Air Regarding Individualized Damages Assessment in Data Breach Cases
  • Multiple lawsuits filed against Doyon Ltd over April 2024 data breach and late notification
  • Chinese hackers suspected in breach of powerful DC law firm
  • Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities
  • CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch
  • McDonald’s McHire leak involving ‘123456’ admin password exposes 64 million applicant chat records

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Here’s What a Reproductive Police State Looks Like
  • Meta investors, Zuckerberg to square off at $8 billion trial over alleged privacy violations
  • Australian law is now clearer about clinicians’ discretion to tell our patients’ relatives about their genetic risk
  • The ICO’s AI and biometrics strategy
  • Trump Border Czar Boasts ICE Can ‘Briefly Detain’ People Based On ‘Physical Appearance’
  • DeleteMyInfo Wins 2025 Digital Privacy Excellence Award from Internet Safety Council
  • TikTok Loses First Appeal Against £12.7M ICO Fine, Faces Second Investigation by DPC

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.