Serious security concerns have been raised about the incoming Trump administration after it was revealed that 13 top staffers including the new cybersecurity advisor have had log-in credentials compromised in past data breaches.
Breaches at sites including Yahoo, LinkedIn, MySpace and others over the past four years have exposed the personal details of billions of global netizens.
According to Channel 4 News, the passwords used on such sites by the likes of cybersecurity advisor Rudy Giuliani, national security advisor, Michael Flynn and other including Trump’s head of social media, press secretary, chief trade negotiator, and secretaries of the interior and labor, are also publicly available.
If any of these staffers reuse their passwords across multiple accounts there’s a risk that highly sensitive government services could be accessed by determined hackers.
However, Channel 4 wasn’t able to verify if this was the case without breaking UK law by trying to access these accounts with the publicly available credentials.
Trump is apparently still boasting about how Republicans have better cybersecurity than their political opponents – well aware of the fact that the alleged Russian hackers that leaked damaging Democratic Party emails before the election also had information on senior GOP officials, but chose not to use it.
The irony, of course, is that Trump fought much of his campaign attacking his opponent Hillary Clinton’s use of private email for state department business, claiming she should be locked up for it.
“Breaches like these – and the associated list of simple passwords – underscore the need for two-factor authentication on sensitive accounts, such as the email accounts of public figures,” argued Tripwire CTO, Dwayne Melancon.
“Two-factor authentication, along with periodic password changes, greatly reduces the likelihood of a successful compromise even if someone gains access to your password. Two-factor authentication also mitigates much of the risk if someone re-uses a password.”
It’s still not clear how many federal systems use 2FA. There was a major implementation initiative following the massive OPM breach, which was made possible in part because contractors’ passwords were obtained by alleged Chinese hackers.