Heritage denies hack, calls it a troll-led attention-seeking campaign

The Heritage Foundation, the think tank behind Project 2025, says that it was not hacked and that SiegedSec is exaggerating what has actually happened.

The conservative think tank was hacked after hacktivist group SiegedSec said it had gained access to the public policy organization and published a couple of gigabytes worth of data.

“The Heritage Foundation was not hacked. An organized group stumbled upon a two-year-old archive of The Daily Signal website that was available on a public-facing website owned by a contractor,” the think tank’s spokesperson told Cybernews.

The Daily Signal is a conservative media and news website established by Heritage in 2014. The website became an independent publication and separate legal entity earlier this year.

According to Heritage, the exposed information was limited to “usernames, names, email addresses, and incomplete password information of both Heritage and non-Heritage contributors, as well as article comments and the IP address of the commenter.”

The think tank explained that Heritage systems were not breached, and its databases and website remain secure, including Project 2025. The latter is a plan to overhaul the US federal government if a conservative nominee wins the US presidential election.

“The story of a “hack” is a false narrative and exaggeration by a group of criminal trolls trying to get attention,” Heritage’s spokesperson said.

According to the Cybernews research team, the leaked details could impact exposed individuals. The team surmised that the password-encryption technology used to hash leaked credentials was outdated and persistent attackers could de-hash the passwords.

“Some authors of articles and posts also had their IPs leaked, which could open them up for targeted malware attacks. But the data being almost two years old somewhat mitigates the dangers since the leaked data could no longer be accurate,” the team said.

Founded in 1973, Heritage is among the most influential think tanks in the US. In September 2015, the organization was breached, and attackers took information on its donors.