(Note language in 7th paragraph)
(Add Senate Sergeant at Arms comment)
WASHINGTON, July 18 (Reuters) - Congressional aides in the U.S. Senate and House of Representatives said on Thursday that they were notified of a potential security risk involving email and other accounts.
“There have been reports online of Senate and House email accounts being exposed and hacked,” said an email warning sent to all Senate staff.
The memo added, “no account or data has been accessed or stolen.” But the memo warned that the posting of congressional email addresses often leads to “future targets of spear phishing,” a type of electronic fraud targeting specific organizations.
Congressional employees were warned to forward suspicious emails to security officials so they could be screened.
Senate Sergeant at Arms Terrance Gainer said a “hacker was able to gain limited access to a vendor’s servers” and that U.S. Capitol Police and the FBI were investigating.
A long list of congressional email accounts, some belonging to former employees, was posted on at least one website. Many of the email addresses also listed what appeared to be passwords. Gainer said those passwords were “inaccurate.”
A tweet by OpLastResort warned: “Dear #Congress: We are paying very, very close attention to how you handle #NSA #FISA & #PRISM Don‘t.. Fuck.. Up....”
Washington has been roiled by last month’s revelations by former security contractor Edward Snowden of a U.S. government data collection program called Prism. NSA is the National Security Agency and FISA is the Foreign Intelligence Surveillance Court that oversees federal surveillance activities.
Some House aides received a security alert on Tuesday from iConstituent, a private firm with offices in Washington, D.C., and Santa Barbara, California, which helps lawmakers communicate with constituents, according to its website.
“We learned today of a potential security risk, which could affect users of the Constituent Gateway eNewsletter product,” according to the warning obtained by Reuters.
It added that a “forced password change” for all accounts had been triggered as a precautionary measure.
IConstituent officials were not available for comment, nor were security officials for the Senate and House.
(Reporting By Richard Cowan; Editing by Stacey Joyce)
((Richard.Cowan@thomsonreuters.com)(Reuters Messaging: email@example.com)(202-898-8391)(Reuters Messaging)(firstname.lastname@example.org)) Keywords: USA CONGRESS/EMAILS
C Reuters 2012. All rights reserved. Republication or redistribution of Reuters content, including by caching, framing, or similar means, is expressly prohibited without the prior written consent of Reuters. Reuters and the Reuters sphere logo are registered trademarks and trademarks of the Reuters group of companies around the world.