CybersecurityGovernment credentials found on the open Web

Published 25 June 2015

Somerville, Massachusetts-based Recorded Future has identified the possible exposures of login credentials for forty-seven U.S. government agencies across eighty-nine unique domains. Recorded Future says that as of early 2015, twelve of these agencies, including the Departments of State and Energy, allowed some of their users access to computer networks with no form of two-factor authentication.

Somerville, Massachusetts-based Recorded Future has identified the possible exposures of login credentials for forty-seven U.S. government agencies across eighty-nine unique domains.

Recorded Future says that as of early 2015, twelve of these agencies, including the Departments of State and Energy, allowed some of their users access to computer networks with no form of two-factor authentication. The presence of these credentials on the open Web leaves these agencies vulnerable to espionage, socially engineered attacks, and tailored spear-phishing attacks against their workforce.

Recorded Future says it made its findings by using the company’s Web Intelligence Engine which scans more than 680,000 Web sources in seven languages.

The report from the company’s Special Intelligence Desk is available here.