Anonymous claims to have hacked the emails and passwords of some Congress persons and a bunch of their staffers, revealing that the members of our esteemed government have terrible password habits.
The passwords on the list do not match Congress password credentials, a system administrator in the Senate told The Atlantic Wire. Here’s the official e-mail the IT department sent out to Hill staffers confirming that the credentials aren’t accurate:
Congress actually fosters decent password best practices, requiring a special character, an uppercase letter, a lowercase letter, and a number to make up a code between 6-10 characters. (That’s still not ideal, as explained in lesson 7 below.)
The list, however, may have come from a third-party vendor Congress uses to send form letters to constituents called iConstituent. Earlier this week, the company sent the following email to certain clients on the Hill:
The system administrator we spoke with said the passwords on the Anonymous list didn’t have his current iConstituent password, but maybe the default one they sent him. Former Hill staffer Justine Sessions, whose name does appear on the list adds: “I did not create that password. It was created for me without my knowledge by a third party email vendor that many Hill offices use to send out emails to constituents (iConstituent),” she told The Atlantic Wire. “I don’t think I ever used it while I worked for Senator Dodd more than 5 years ago.” Like her, many of the people on the list no longer work on the Hill.