Anonymous claimed it had stolen and leaked over 2,000 usernames and passwords for Hill staffers in an anti-PRISM protest, calling the move a pivotal moment for Congress.
The Twitter handle @OpLastResort which claims to be affiliated with the famous hacktivist group posted the data and also tweeted: "We mean it. This is a pivotal moment for America, and we will not tolerate failure."
Congress actually fosters decent password best practices, requiring a special character, an uppercase letter, a lowercase letter, and a number to make up a code between 6-10 characters.
What is perhaps most interesting about the hacked passwords is that they exemplify, in many cases they are just dictionary words with numbers tacked on to the end, the names of the staffers’ bosses, or their favorite sports team, so the claimed hack and leaked database was probably outdated or fake.
But the security advisory that was sent out to staffers said, “Early today, hackers disclosed over 300 Senate email addresses and passwords. We have confirmed that the posted credentials are not accurate, and many disclosed accounts are long expired. Affected offices are being notified.”
Hackers further described on Twitter that the list came from a senate.gov subdomain.
Yesterday Anonymous hackers also published contact details of US Federal Emergency Management Agency (FEMA) contractors, subcontractors and employees.