Tulsi Gabbard, the current US Director of National Intelligence, reused the same weak password across multiple personal accounts over several years, according to leaked records reviewed by Wired. Over 100,000 users rely on almost the same password to this day, Cybernews data reveals.
Gabbard’s password reportedly appears in leaks dating back to at least 2012. It was “easily cracked” and included the word “shraddha.” The password was tied to multiple services like Gmail, Dropbox, LinkedIn, MyFitnessPal, and a now-defunct e-commerce site.
The word “shraddha” appears to have personal significance to Gabbard. According to Britannica, this word describes a ceremony performed in honor of a dead ancestor in Hinduism.
However, “shraddha” may also be a name. The Wall Street Journal (WSJ) has previously reported that Gabbard was raised in the Science of Identity Foundation, a Hindu sect tied to a direct-marketing pyramid scheme, which some former members described as a cult. According to the WSJ’s sources, Gabbard may have received the name “Shraddha Dasi” when she joined the group.
For example, Shraddha Kapoor is a famous Indian actress who was featured in Forbes India’s Celebrity 100 list.
Wired didn’t disclose the former congresswoman’s full password and did not find any indication that it was used for any government accounts. However, the breaches occurred during Gabbard’s time in Congress, when she had access to sensitive national security information.
Thousands of others use the same password, millions – their name
Cybernews researchers recently analyzed over 19B newly leaked passwords and found that “Shraddha” is commonly used in passwords.
Including the reused passwords, there were a total of 108,432 “shraddha” passwords in the dataset.
Among 1.1 billion unique passwords, researchers found at least 5,342 unique variations of passwords that include “shraddha” as part of them, such as shraddha123, sHRADDHA007, shraddha616, and many others.
People’s names dominate as the second most prevalent component in passwords. The researchers found a whopping 8% chance for any password to include a name. Almost 179 leaked passwords included Ana, 104 million – Eli, while the third most popular name used in passwords was Ria (90 million).
Faith-related passwords are also among the dominant ones. Almost 24 million users included “god” in their passwords, 20 million typed “hell,” and 16.6 million chose “Jesus.”
Olivia Coleman, a spokesperson for Gabbard, told Daily Beast that the criticism “is a non-story” as all data breaches happened nearly a decade ago and the passwords have been rotated countless times since.
The story exploded on Reddit. Some Redditors noted the similarity with “sraddha,” another term meaning “faith.” However, for comparison, Cybernews researchers only found around 140 unique password variations with “sraddha” in them.
Create unique and strong passwords – never reuse them
Failing at basic cybersecurity hygiene is not unusual. Cybernews research reveals that most of the passwords in fresh leaks are reused, lazy, and very easy to crack. Only 6% of the analyzed 19 billion passwords were unique.
Users often choose memorable words and combinations to include in their passwords, but also keep them too short and simple.
“Using a weak, reused password across multiple personal accounts, some of which were exposed in known data breaches, shows a clear failure in basic security practices,” said Neringa Macijauskaitė, information security researcher at Cybernews.
“While there’s no sign that government systems were directly compromised, the risks are serious given Gabbard’s access to sensitive intelligence. This highlights how personal account security can become a national security issue when it involves high-level officials.”
The Cybernews research team warns users to protect their accounts with strong and unique passwords, use passkeys where they’re available, and enable multi-factor authentication.
Passwords should be at least 12 characters long, incorporate a mix of uppercase and lowercase letters, numbers, and special symbols, and avoid any words or recognizable sequences. Complexity should be prioritized over length.
In March, Gabbard, together with 17 other highest-ranking officials, was included in a leaked Signal group chat discussing top-secret Yemen war plans. This was a major cybersecurity blunder that could potentially put American troops and strategic operations at risk.
Comments
Your email address will not be published. Required fields are markedmarked