Tulsi Gabbard Reused the Same Weak Password on Multiple Accounts for Years

Tulsi Gabbard, the head of nationalist intelligence, utilized nan aforesaid easy cracked password for different online accounts complete a play of years, according to leaked records reviewed by WIRED. Following her information successful a Signal group chat successful which delicate specifications of a subject cognition were unwittingly shared pinch a journalist, nan revelation raises further questions astir nan information practices of nan US spy chief.

WIRED reviewed Gabbard's passwords utilizing databases of worldly leaked online created by nan open-source intelligence firms District 4 Labs and Constella Intelligence. Gabbard served successful Congress from 2013 to 2021, during which clip she sat connected nan Armed Services Committee, its Subcommittee connected Intelligence and Special Operations, and nan Foreign Affairs Committee, giving her entree to delicate information. Material from breaches shows that during a information of this period, she utilized nan aforesaid password crossed aggregate email addresses and online accounts, successful contravention of well-established best practices for online security. (There is nary denotation that she utilized nan password connected authorities accounts.)

Two collections of breached records published successful 2017 (but breached astatine immoderate erstwhile chartless date), known arsenic “combolists,” uncover a password that was utilized for an email relationship associated pinch her personal website; that aforesaid password, according to a combolist published successful 2019, was utilized pinch her Gmail account. That aforesaid password was used, according to records making love to 2012, for Dropbox and LinkedIn accounts associated pinch nan email reside tied to her individual website. According to records making love to 2018 breaches, she besides utilized it connected a MyFitnessPal relationship associated pinch a me.com email reside and an relationship astatine HauteLook, a now-defunct ecommerce tract past owned by Nordstrom.

Records of these breaches person been disposable online for years and are accessible successful commercialized databases.

The password associated pinch each of nan accounts successful mobility includes nan connection “shraddha,” which appears to person individual value to Gabbard: Earlier this year, The Wall Street Journal reported that she had been initiated into nan Science of Identity Foundation, an offshoot of nan Hare Krishna activity into which she was reportedly calved and which erstwhile members person accused of being a cult. Several erstwhile adherents told The Journal that they judge Gabbard received nan sanction “Shraddha Dasi” erstwhile she was allegedly received into nan group. Gabbard’s lawman main of staff, Alexa Henning, responded to questions from The Journal astatine nan clip by posting them connected X and accusing nan news media of publicizing “Hinduphobic smears and different lies.”

“The information breaches you’re referring to occurred almost 10 years ago, and nan passwords person changed aggregate times since,” wrote Olivia Coleman, a Gabbard spokesperson, successful consequence to questions from WIRED. “As our lawman main of unit has already made clear connected a number of occasions, nan DNI has ne'er and doesn’t person affiliation pinch that organization. Attempting to smear nan DNI arsenic being successful a cult is bigoted behavior.“

“Your bigoted lies and smears of a furniture personnel and your communicative fomenting hinduphobia is noted,” wrote Henning successful consequence to a follow-up mobility astir nan probability of Gabbard’s password containing nan aforesaid sanction she was reportedly received into Science of Identity Foundation with, fixed her denials that she has ever been affiliated pinch nan group. “This was good litigated during her confirmation proceeding truthful congrats connected being astir 6 months precocious to this story. Great job.”