image

US Capitol Hit by Massive Dark Web Cyber Attack: Reports

Personal information of more than 3,000 congressional staffers has been leaked across the dark web in a wide-ranging cyberattack on the Capitol, according to reports.

Internet security firm Proton found over 1,800 passwords used by staffers in Congress available on the dark web, through an investigation of exposed accounts among U.S. political staffers, according to The Washington Times.

Proton, which is based in Switzerland and worked with U.S.-based firm Constella Intelligence on the investigation, estimated that almost 1 in 5 congressional staffers had personal information available on the dark web. Proton said the leaks came from several sources, including social media, dating apps, and "adult websites."

In one instance, the report found that a single staffer had 31 passwords exposed online. The full report said that around 3,191 staffers were affected by the leaks overall.

"Many of these leaks likely occurred because staffers used their official email addresses to sign up for various services, including high-risk sites such as dating and adult websites, which were later compromised in data breaches," Proton told The Washington Times.

"This situation highlights a critical security lapse, where sensitive work-related emails became entangled with less secure, third-party platforms."

Eamonn Maguire, Proton's head of account security, said: "The volume of exposed accounts among U.S. political staffers is alarming, and the potential consequences of compromised accounts could be severe.

"Vigilance and strict security measures are essential to safeguard personal and national security."

Proton also said that it would publish more findings over the coming weeks in order to ensure the safety and validity of political systems during the election. The company also contacted all the affected congressional staffers and informed them of the leaks.

What Is the Dark Web?

The dark web is a lesser-used section of the internet where less easily-obtainable information is available. It is often used by hackers to source passwords or other personal information to enable cyberattacks.

The attack on the capitol staffers is not the first of its kind this year. In August, several lawsuits were filed against a Florida data center after a huge data breach involving an estimated 2.9 billion Social Security records, which saw massive amounts of personal information leaked to the dark web.

The data, which included personal details of over 100 people, was allegedly stolen by the cybercriminal group USDoD, which used the dark web to put the database up for sale for $3.5 million.