In a significant cyberattack on the U.S. Capitol, over 3,000 congressional staffers have had their personal information exposed on the dark web. The Swiss-based security firm Proton, in collaboration with U.S. cybersecurity firm Constella Intelligence, discovered that the information, including passwords and account details, was leaked through several online platforms.
The investigation revealed that Capitol Hill staffers had signed up for services like dating apps, social media, and adult websites using their official email addresses. These platforms were later compromised, leading to the exposure of staffers’ personal information. Proton found that 1,800 passwords were available on the dark web, and nearly 1 in 5 staffers were affected by the breach.
According to Proton’s statement to The Washington Times, the use of official email accounts on high-risk platforms contributed significantly to the breach. Capitol Hill staffers’ data, including sensitive personal information, was easily accessible online due to poor cybersecurity practices.
In one example, a Capitol Hill staffer had 31 passwords exposed. In total, the personal information of 3,191 staffers was compromised in the attack.
This cyberattack is a stark reminder of the vulnerabilities facing government employees when using official accounts on compromised platforms. The incident has sparked conversations about improving cybersecurity measures within the U.S. government.