Security

Anonymous’ leaked Congress staffer passwords don’t match up

Above: Anonymous balloon in the Black Hat 2012 press room

Image Credit: Meghan Kelly/VentureBeat

It seems a group of usernames and passwords published by Anonymous hacktivists yesterday “are not accurate,” according to a security advisory obtained by The Atlantic Wire.

Yesterday, Anonymous claimed it had stolen over 2,000 usernames and passwords for Hill staffers in an anti-PRISM protest, calling the move a “pivotal moment” for Congress. The group, tweeting under the handle “OpLastResort,” said it is watching the government closely as it figures out how to deal with the recent reveals around a government surveillance program called PRISM.

But the security advisory that was sent out to staffers said, “Early today, hackers disclosed over 300 Senate email addresses and passwords. We have confirmed that the posted credentials are not accurate, and many disclosed accounts are long expired. Affected offices are being notified.”

Anonymous said that the passwords were shuffled and not all of them were published. It further said on Twitter that the list came from a senate.gov subdomain. The Atlantic Wire suspects the list could have come from an external emailing service called iConstituent. A former staffer confirmed that the password listed under her name on Anonymous’ leak sheet wasn’t created by her, but by a “third party email vendor.”

It seems others on the list were also past staffers.