Source: National Cyber Security – Produced By Gregory Evans
IT’S NO SURPRISEthat careless government employees use their .gov email addresses to sign up for all sorts of personal accounts. But when those insecure third party services are breached by hackers—and if those employees were foolish enough to reuse their .gov passwords, too—that carelessness can offer a dead-simple backdoor into federal agencies, with none of the usual “sophisticated Chinese attackers” required. The security intelligence firm Recorded Future on Wednesday released a report that details its scouring of online email addresses and passwords revealed when hacker groups breach third party websites and dump their booty on the web. Searching through those user data dumps from November 2013 to November 2014 on public websites like Pastebin—not even on dark web sites or private forums—Recorded Future found 224 government staffers’ data from 12 federal agencies that don’t consistently use two-factor authentication to protect their basic user access. Those leaked government email addresses were taken from the breached innards of sites for bikeshare programs, hotel reviews, neighborhood associations and other low-budget, insecure sites where government employees had signed up with their .gov accounts. Each breach opens federal staffers to the targeted phishing emails that are often the first step in an attack on an agency. And Recorded […]
For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com
The post Hundreds of .Gov Credentials Found In Public Hacker Dumps appeared first on National Cyber Security.
View full post on National Cyber Security