MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
credentials
Recherche

CISA/DOGE Software Engineer's Login Credentials Appeared in Multiple Leaks From Info-Stealing Malware in Recent Years

dimanche 11 mai 2025, 09:35 , par Slashdot
CISA/DOGE Software Engineer's Login Credentials Appeared in Multiple Leaks From Info-Stealing Malware in Recent Years
'Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department of Government Efficiency have appeared in multiple public leaks from info-stealer malware,' reports Ars Technica, 'a strong indication that devices belonging to him have been hacked in recent years.'

As an employee of DOGE, [30-something Kyle] Schutt accessed FEMA's proprietary software for managing both disaster and non-disaster funding grants [to Dropsite News]. Under his role at CISA, he likely is privy to sensitive information regarding the security of civilian federal government networks and critical infrastructure throughout the U.S. According to journalist Micah Lee, user names and passwords for logging in to various accounts belonging to Schutt have been published at least four times since 2023 in logs from stealer malware... Besides pilfering login credentials, stealers can also log all keystrokes and capture or record screen output. The data is then sent to the attacker and, occasionally after that, can make its way into public credential dumps...

Lee went on to say that credentials belonging to a Gmail account known to belong to Schutt have appeared in 51 data breaches and five pastes tracked by breach notification service Have I Been Pwned. Among the breaches that supplied the credentials is one from 2013 that pilfered password data for 3 million Adobe account holders, one in a 2016 breach that stole credentials for 164 million LinkedIn users, a 2020 breach affecting 167 million users of Gravatar, and a breach last year of the conservative news site The Post Millennial.

The credentials may have been exposed when service providers were compromised, the article points out, but the 'steady stream of published credentials' is 'a clear indication that the credentials he has used over a decade or more have been publicly known at various points.


'And as Lee noted, the four dumps from stealer logs show that at least one of his devices was hacked at some point.'

Thanks to Slashdot reader gkelley for sharing the news.

Read more of this story at Slashdot.
Lire la suite sur Slashdot
https://yro.slashdot.org/story/25/05/11/0451222/cisadoge-software-engineers-login-credentials-appear...

Voir aussi

credentials Google Updating Its 'G' Icon For the First Time In 10 Years Slashdot12 May
breach Multiple security issues in Screen LWN.net12 May
belonging CISA mutes own website, shifts routine cyber alerts to Musk’s X, RSS, email TheRegister12 May
malware Best Window Air Conditioners 2025: 10 Picks to Cool You for Years Wired: Tech.12 May
appeared DOGE worker's old creds found exposed in infostealer malware dumps TheRegister12 May
million Over 3,200 Cursor Users Infected by Malicious Credential-Stealing npm Packages Slashdot12 May
one Life of a Marathon Streamer: Online for Three Years, Facing Isolation and Burnout Slashdot11 May
data Bill Gates Plans To Give Away His Wealth, Shutter Foundation Over Next 20 Years Slashdot10 May
lee US Transpo Sec wants air traffic control rebuild in 3 years, asks Congress for blank check TheRegister 9 May
cisa Soviet spacecraft crashing to Earth after 53 years in orbit BoingBoing 9 May
years VC behemoth Insight Partners fears top-secret financial info swiped by cyber-miscreants TheRegister 9 May
recent Et si finalement GTA 6 n'était pas vendu 100€ ? Une nouvelle info nous donne de l'espoir JeuxVideo 9 May
login Celsius CEO Mashinsky Sentenced To 12 Years in Multi-Billion-Dollar Crypto Fraud Case Slashdot 9 May
schutt Crypto bro sobs in court — judge gives him 12 years anyway BoingBoing 9 May
doge Celsius Founder Alex Mashinsky Sentenced to 12 Years in Prison Wired: Tech. 8 May
credentials Apple's Eddy Cue: 'You May Not Need an iPhone 10 Years From Now' Slashdot 7 May
breach Amazon's Zoox Robotaxi Unit Issues Software Recall After Recent Las Vegas Crash Slashdot 7 May
belonging CISA Budget Faces Possible $500 Million Cut Slashdot 7 May
malware Tulsi Gabbard Reused the Same Weak Password on Multiple Accounts for Years Wired: Tech. 6 May
appeared Nvidia, ServiceNow engineer open-source model to create AI agents ComputerWorld 6 May
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Date Actuelle
lun. 12 mai - 23:42 CEST