SignalGate Deepens: Hegseth’s Passwords Exposed in Latest Security Breach

Revelations about the defense secretary’s passwords came after he discussed details of planned U.S. airstrikes on a messaging app.

Defense Secretary Pete Hegseth, wearing a blue suit and camouflage tie. Defense Secretary Pete Hegseth has reused at least one password for different personal email accounts that was exposed in a cyberattack and made available on the internet.Credit…Pete Marovich for The New York Times

Christiaan TriebertJulian E. BarnesHelene Cooper and Greg Jaffe

Christiaan Triebert reported from New York. Julian Barnes, Helene Cooper and Greg Jaffe reported from Washington.

Some of the passwords that Defense Secretary Pete Hegseth used to register for websites were exposed in cyberattacks on those sites and are available on the internet, raising new questions about his use of personal devices to communicate military information.

Mr. Hegseth did not appear to use those passwords for sensitive accounts, like banking. But at least one password appears to have been used multiple times for different personal email accounts maintained by Mr. Hegseth. If hackers gain access to email accounts, they can often reset other passwords.

Like many Americans, Mr. Hegseth appears to have reused passwords to remember them more easily. At least one of them is, or was, a simple, lowercase alphanumeric combination of letters followed by numbers, potentially representing initials and a date. The same password was leaked in two separate breaches of personal email accounts, one in 2017 and another in 2018.

It is not clear whether he has updated the compromised passwords, or if he did so before he used his personal phone in March to share sensitive information about planned U.S. strikes on Houthi militia targets in Yemen.

Mr. Hegseth’s digital practices and security have been under scrutiny since he discussed the precise timing of those airstrikes in at least two chats on Signal, a free, encrypted messaging app. At least one of the chats took place on his personal phone. That information could have endangered U.S. pilots if an adversarial power had intercepted it.

In addition to those two Signal chats, Mr. Hegseth used the encrypted app for multiple other ongoing conversations and group messages, according to people briefed on his use of the platform. Some of the messages were posted by a military aide, Col. Ricky Buria, who had access to Mr. Hegseth’s personal phone. The use of the app for multiple ongoing conversations was earlier reported by The Wall Street Journal.

Mr. Hegseth was initially added to a Signal group created by Michael Waltz, who was the national security adviser at the time, to discuss the Houthi strikes. Mr. Hegseth shared similar details about the strikes with a second Signal group that included his wife, Jennifer. That group was set up on Mr. Hegseth’s personal phone.

Cybersecurity experts have said that because Mr. Hegseth’s phone number is easy to find on the web, it is a potential target for hackers and foreign intelligence agencies. Signal messages are sent across the internet securely, but messages typed into a phone could be intercepted if an adversarial intelligence agency has installed malware on the device.

When two-factor authentication is enabled on the sites, hackers will need more than passwords to gain access to information.

Related Posts

Our Privacy policy

https://updatetinus.com - © 2025 News