Sensitive Information of Senior US Security Officials Exposed Online

Recent investigations have revealed that private contact details belonging to key security advisors of former US President Donald Trump are publicly accessible on the internet. The German news magazine, Der Spiegel, reported that the leaked information includes mobile phone numbers, email addresses, and in some instances, passwords of high-ranking officials, specifically National Security Advisor Mike Waltz, US Intelligence Coordinator Tulsi Gabbard, and Defense Secretary Pete Hegseth.

The data was sourced from commercial people-search engines and publicly disclosed, hacked customer databases. Alarmingly, many of these contact details are still actively used by the officials, linking them to their profiles on social media platforms such as Instagram and LinkedIn. The information also shows associations with Dropbox accounts and applications that track running data. Furthermore, WhatsApp accounts were identified for the respective phone numbers, and both Gabbard and Waltz had profiles on the messaging service Signal.

This incident underscores a serious security vulnerability within Washington. The publicly available data could potentially allow foreign intelligence agencies to intercept communications by infecting the officials' devices with spyware. This raises concerns about the confidentiality of discussions that Gabbard, Waltz, and Hegseth may have had regarding military operations.

Notably, a report by The Atlantic revealed that Gabbard, Waltz, Hegseth, along with CIA Director John Ratcliffe and other officials, had been discussing an imminent US operation against Houthi militants from Yemen in a Signal chat group, inadvertently including Atlantic Editor Jeffrey Goldberg.

Experts warn that the exposure of sensitive data from prominent politicians enables attackers to launch convincing phishing attacks, thereby gaining unauthorized access to devices and various services like email, chat applications, or financial platforms such as PayPal. Donald Ortmann, an expert in information security, stated that compromised accounts could also facilitate deepfake attacks using readily available audio and visual materials to infiltrate virtual meetings. Moreover, such breaches allow malicious actors to install malware, surveil communications, and exert political blackmail.