The Democratic National Committee was apparently using incredibly weak passwords for some of its accounts, according to internal emails recently published online.
An email thread from May 2016 reveals that an email account for the party’s press email, [email protected], apparently had passwords such as “Obama-Biden-2012” and “obamain08” at some point in time.
The revelation came in an email sent by Pablo Manriquez, a staffer who was trying to figure out what the new password was.
“Apologies for delay in sending this out but I cannot login to [email protected]<mailto:[email protected]> with either of the passwords I have on file for the account (Obama-Biden-2012 and obamain08),” Manriquez wrote.
The email address was apparently an alias account that anyone could send from, as another staffer explained. The thread was just one of nearly 20,000 emails recently published online by WikiLeaks, about a month after the DNC learned it had been infiltrated by hackers.
At least two different hacker groups associated with the Russian government were inside the networks of the DNC for about a year, reading emails, chats, and downloading private documents.
If the organisation was using a password like “obamain08,” it would have good company among some of the worst choices, like “password” and “123456.” These weak passwords can easily be cracked in less than an hour using common software tools like John The Ripper, which runs through combinations of dictionary words until it gets it right.
Most cybersecurity experts recommend strong password combinations of letters and numbers of at least 10-12 characters.
“The longer your passwords could possibly be,” Kurt Muhl, an ethical hacker with RedTeam Security, told Tech Insider in May. “The more guesses it’s gonna take for me to get it right.”
Though it’s not yet clear how the hackers broke into the network of the DNC, internal emails like these reveal some questionable cybersecurity practices.
Other leaks show staffers sending a new password for its “Factivists” website over unencrypted email, and there were Microsoft Excel spreadsheets being shared over email that contained personal information, such as names, addresses, and Social Security numbers.
The FBI said Monday it had launched an investigation into the breach.