Pierluigi Paganini September 26, 2024

The personal information of over 3,000 congressional staffers was leaked on the dark web following a major cyberattack on the U.S. Capitol.

The personal information of approximately 3,191 congressional staffers has been leaked on the dark web, according to new research from internet security firm Proton and Constella Intelligence. The leaked data includes passwords, IP addresses, and social media information.

The Washington Times first reported that the researchers found over 1,800 passwords used by staffers in Congress available on the dark web.

Almost 1 in 5 congressional staffers had personal information exposed on the dark web. Nearly 300 staffers had their data compromised across more than 10 different incidents.

Congressional staffers’ data originated from various sources, including social media, dating apps, and adult websites. The experts reported the case of a single staffer who had 31 passwords exposed.Bad habits are the root cause of the leaks, staffers used their official email addresses to sign up for third-party services that were later compromised.

“Many of these leaks likely occurred because staffers used their official email addresses to sign up for various services, including high-risk sites such as dating and adult websites, which were later compromised in data breaches,” Proton said in a statement. “This situation highlights a critical security lapse, where sensitive work-related emails became entangled with less secure, third-party platforms.”

Proton announced the release of additional findings in the coming weeks to prevent any interference during the shortcoming Presidential election.

“The volume of exposed accounts among U.S. political staffers is alarming, and the potential consequences of compromised accounts could be severe.” said Proton’s head of account security Eamonn Maguire. “Vigilance and strict security measures are essential to safeguard personal and national security.”

The company has already contacted all affected congressional staffers and notified them.

In June, another joint investigation conducted by Proton and Constella Intelligence revealed that personal information of hundreds of British and EU politicians is available on dark web marketplaces.

According to the research, the email addresses and other sensitive information of 918 British MPs, European Parliament members, and French deputies and senators are available in the dark web marketplaces. 40% of 2,280 official government email addresses from the British, European, and French Parliaments were exposed, including passwords, birth dates, and other details.

Most leaked data email addresses belong to British MPs (68%), followed by EU MEPs (44%).

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, U.S. Capitol)