日本語
한국어
Tiếng Việt
简体中文
Defense Secretary Pete Hegseth’s handling of digital security is under scrutiny after reports surfaced revealing he reused passwords across multiple personal email accounts. This revelation follows earlier concerns about his use of a messaging app to discuss sensitive military operations.
An investigation by The New York Times revealed that some of Hegseth’s passwords, used for registering on various websites, were exposed in previous cyberattacks. While there’s no evidence these compromised passwords secured sensitive financial accounts, the repeated use across different personal email accounts raises significant security risks. A breach in one email account could potentially give hackers access to other services through password resets.
Like many individuals, Hegseth apparently chose password re-use for ease of recall. At least one of his passwords consisted of a simple combination of letters and numbers, possibly representing initials and a date. This particular password was compromised in separate data breaches in 2017 and 2018.
These security concerns are heightened by Hegseth’s previous use of the encrypted messaging app Signal to share sensitive details about planned U.S. airstrikes against Houthi targets in Yemen. This information, if intercepted, could have endangered U.S. pilots.
Cybersecurity experts emphasize that a readily available phone number, like Hegseth’s, makes him a prime target for hackers and foreign intelligence agencies. Even with encrypted apps like Signal, a compromised device can expose typed messages if malware is installed.
Kristin Del Rosso, a breach data monitor at DevSec, highlights the ease with which exposed passwords can be found, emphasizing the large amount of stolen data available. This data allows adversaries to build detailed profiles, potentially guessing other passwords or gaining access to further sensitive information.
The digital security practices of other officials have also come under scrutiny. Passwords belonging to Michael Waltz, former national security adviser, were also exposed in past breaches. Similarly, leaked passwords linked to multiple personal accounts used by Director of National Intelligence Tulsi Gabbard were discovered. Gabbard’s spokeswoman stated her passwords have been changed multiple times since a breach nearly a decade ago.
Michael C. Casey, former director of the National Counterintelligence and Security Center, stressed the importance of senior national security officials assuming their devices are compromised from day one. The use of personal phones by government officials has been a long-standing security concern, with officials often preferring the convenience of personal devices over more secure, but less user-friendly, government-issued phones.
These incidents underscore the critical need for robust digital security practices among government officials, especially those handling sensitive national security information.