Congress aides warned of email security breach
(Note: Strong language in the sixth paragraph)
WASHINGTON (Reuters) - Congressional aides in the Senate and House of Representatives said on Thursday that they were notified of a potential security risk involving email and other accounts.
"There have been reports online of Senate and House email accounts being exposed and hacked," said an email warning sent to all Senate staff.
The memo added, "no account or data has been accessed or stolen." But the memo warned that the posting of congressional email addresses often leads to "future targets of spear phishing," a type of electronic fraud targeting specific organizations.
Congressional employees were warned to forward suspicious emails to security officials so they could be screened.
A long list of congressional email accounts, some belonging to former employees, was posted on at least one website. Many of the email addresses also listed what appeared to be passwords.
A tweet by OpLastResort warned: "Dear #Congress: We are paying very, very close attention to how you handle #NSA #FISA & #PRISM Don't.. Fuck.. Up...."
Washington has been roiled by last month's revelations by former security contractor Edward Snowden of a U.S. government data collection program called Prism. NSA is the National Security Agency and FISA is the Foreign Intelligence Surveillance Court that oversees federal surveillance activities.
Some House aides received a security alert on Tuesday from iConstituent, a private firm with offices in Washington, D.C., and Santa Barbara, California, which helps lawmakers communicate with constituents, according to its website.
"We learned today of a potential security risk, which could affect users of the Constituent Gateway eNewsletter product," according to the warning obtained by Reuters.
It added that a "forced password change" for all accounts had been triggered as a precautionary measure.
IConstituent officials were not available for comment, nor were security officials for the Senate and House.