Government Credentials Found Pasted Around the Web

Sections of this topic

    Another in the constant stream of reminders to stay vigilant about data security

    Research from CIA-backed social media data mining firm company Recorded Future uncovered the fact that login government credentials for nearly every federal agency have been posted in plain sight on paste dump pages like Pastebin.

    business insider Cale Guthrie Weissman spoke with a representative from the firm to learn more about the discovery:

    According to Recorded Future analyst Scott Donnelly, these findings are bad for a few reasons. For one, it means that government employees are using their work email address on insecure sites — leaving them wide open to hackers if any of those websites is compromised. Worse, many government agencies don’t employ proper login safeguards like two-step authentication, which can require employees to verify any new login attempts with the goal of preventing hacking attempts.

    In fact, 12 of the 47 agencies tied to these credential dumps do not use two-step authentication standards, which has become a security must-do.

    In other words, it doesn’t appear to be a sophisticated invasion or a piece of custom software that led to this info being made public, but rather simple lapses in security.

    If this is what’s going on with government agencies that (presumably) have some sort of guidelines in place to help prevent such issues, how careful do you think the folks in your organization are? Educate your team on data security as often as possible, preferably with real-world examples to keep the lessons from becoming too abstract. It really is the most effective way to keep your data secure.

    For more resources, see the Free Management Library topic: Crisis Management

    [Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, and author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is vice president for the firm, and also editor of its newsletter, Crisis Manager]

    – See more at: