Hackers post email addresses, passwords of Capitol Hill staffers

By Jennifer Martinez - 07/18/13 02:51 PM ET


A Twitter account that claims to be affiliated with the hacker group Anonymous posted the email addresses and alleged passwords of hundreds of current and former Hill staffers online late Wednesday.


The Twitter handle @OpLastResort warned Congress in a tweet that it's closely watching how lawmakers respond to the revelations over a pair of controversial National Security Agency surveillance programs. The tweet included a link to a website that listed the email addresses to hundreds of current and former Hill staffers and their alleged passwords for those accounts. "We mean it. This is a pivotal moment for America, and we will not tolerate failure," OpLastResort tweeted. It included the hashtags #Congress #Senate #FISA #PRISM
The hackers said they removed some of the staffers' passwords from the list and shuffled the order of the remaining ones so the passwords don't belong to the email addresses they're posted next to.
But the hackers said they were "being far too generous" for taking this step, and warned that they "reserve the right to spontaneously decide this restraint was unjustified."
The email addresses of several communications directors for House and Senate members are included on the list. Some of the email addresses posted on the site belonged to staffers who no longer work in Congress, including staffers who used to work for former Sens. Chris Dodd (D-Conn.), Bill Frist (R-Tenn.) and Jim DeMint (R-S.C.).
An email that was sent to congressional offices, obtained by The Hill, said House Security believes the leaked staffer emails and passwords were poached from another online service rather than the House network's email system
A separate email sent to House offices said the breach was traced to the iConstituent newsletter product, which is typically used by press staffers to communicate with constituents.
The email urged staffers to change their password for the iConstitutent service and said their email accounts on the House network were not affected by the breach.
The email included a message from the iConstituent support team, which recommended that staffers reset their social media and email account passwords "as an additional precaution" if it's the same as their password for the iConstituent newsletter product.
"We learned today of a potential security risk which could affect users of the Constituent Gateway eNewsletter product," the message, dated Tuesday, reads.
"We are presently investigating the risk and its possible impact, but as a precautionary measure we have triggered a forced password change for all accounts in the eNewsletter Gateway."
The Senate Sergeant at Arms sent an email Thursday afternoon to Senate staff directors, chief of staffs and system administrators in Senate offices that warned about the hack.

"Early today, hackers disclosed over 300 Senate email addresses and passwords. We have confirmed that the posted credentials are not accurate, and many disclosed accounts are long expired," the email reads. "Affected offices are being notified."
A spokesman for the House Chief Administrative Officer did not immediately respond to a request for comment. The Senate Sergeant at Arms did not respond to a request for comment.


Read more: http://thehill.com/blogs/hillicon-va...#ixzz2ZQgRPTUE
Follow us: @thehill on Twitter | TheHill on Facebook



Oh my when it is done from them totally different reaction!!!