A cyberattack on the U.S. Capitol has led to the personal information of over 3,000 congressional staffers being leaked on the dark web. The breach, uncovered by the Swiss-based security firm Proton, found that passwords from Capitol Hill staffers were available online through multiple compromised sources, including dating apps and adult websites.
According to Proton’s investigation, conducted with U.S.-based firm Constella Intelligence, nearly 1 in 5 congressional staffers had their personal information exposed. The firms found that around 1,800 passwords were made available on the dark web.
The report indicates that the leaks were primarily caused by staffers using their official Capitol email addresses to sign up for various online services. These services, which include high-risk platforms like social media and adult websites, were compromised in previous data breaches, leading to the exposure of Capitol Hill staffers’ data.
Proton explained in a statement that many of these leaks stemmed from compromised platforms and that the investigation uncovered a troubling trend of Capitol staffers engaging in unsafe online practices. In one case, a single staffer had 31 passwords exposed across various platforms.
The overall number of affected Capitol staffers was calculated to be 3,191. This breach is raising concerns about the potential risks of staffers using official email accounts for personal use and the broader implications for cybersecurity within the U.S. government.