Incoming cybersecurity advisor Rudy Giuliani and more than a dozen other members of President-elect Donald Trump’s cabinet have had their internet passwords compromised during the last several years as the result of large-scale data breaches, according to a new report.
Log-in credentials for internet accounts registered in the name of Mr. Giuliani and 13 other incoming members of the Trump administration are publicly available online, Britain’s Channel 4 News reported Wednesday.
Cabinet members identified in the report had their internet passwords compromised and leaked online as a consequence of high profile data breaches suffered by LinkedIn, MySpace and other websites hacked between 2012 and 2016, Channel 4 said.
Their passwords are readily discoverable online in leaked copies of the hacked website data, but can also be purchased from site that broker in stolen information, the report said.
The claims could not immediately be independently verified, and Mr. Trump’s transition team declined to comment for Channel 4’s report.
Nonetheless, the network reports that among those allegedly affected are Mr. Trump’s picks for secretary of the interior, secretary of labor, head of social media and chief trade negotiator, among others.
Mr. Giuliani’s appearance on the list of hacked cabinet members is especially notable, however, in light of the former New York City mayor’s imminent role advising Mr. Trump on issues related to cybersecurity.
Mr. Trump’s decision last week to put Mr. Giuliani at the helm of a White House task force devoted to cybersecurity initially drew skepticism, then ridicule when found several vulnerabilities were found on his website.
Although individuals found in the leaked data by Channel 4 had no control over data breaches suffered by MySpace and other similarly hacked sites, cabinet members identified may still be putting themselves at risk if they’re reusing passwords compromised in previous attacks.
“And let’s say someone from Trump’s team has data leaked and it appears on a totally unrelated forum somewhere and someone takes those credentials and accesses the individual’s Gmail,” security analyst Troy Hunt told Channel 4.
“If this is an individual in a position of power or influence they may well have discussions in their personal mail that could be compromising. And if they don’t then the attacker who gains access to that Gmail may then use that account to begin conversation with other people in the contact list, impersonate them, elicit information from other individuals. It then just opens up a door to a raft of much bigger problems,” he said
Other Trump administration figures said to be affected include incoming-Press Secretary Sean Spicer as well as Keith Schiller, incoming-director of oval office operations, according to the Channel 4 report.