Personal data from almost 3,200 Capitol Hill staffers, including passwords and IP addresses, reportedly are circulating on the dark web due in large part to some who used their work email addresses to sign up for online services, including risky services like dating and adult websites.

Swiss cybersecurity firm Proton, working with another security company, Constellation Intelligence, told The Washington Times that its researchers found 1,848 passwords belonging to Congressional staff members on the dark web, with one such aide having 31 passwords of their own exposed. Proton executives told the news site that they expect to release more details about the leak data later this week.

In a statement to the Washington Times, Proton said that “this situation highlights a critical security lapse, where sensitive work-related emails became entangled with less secure, third-party platforms,” adding that the leaks likely happened because the websites the staffers signed onto were later compromised in data breaches.

The bad actors behind the breach were not identified.

Proton estimated that the information of almost one in five congressional staffers was visible online, with nearly 300 of them having their data exposed in more than 10 separate leaks.

“The volume of exposed accounts among U.S. political staffers is alarming, and the potential consequences of compromised accounts could be severe,” Eamonn Maguire, head of account security for Proton, told the Times in a statement. “Vigilance and strict security measures are essential to safeguard personal and national security.”

Foreign Adversaries Target Elections

The leaked data comes as the highly charged and seemingly close US presidential election nears, drawing the attention of adversaries like China, Russia, Iran, and North Korea and the threat groups that they support. An Iranian-backed threat group this summer hacked into both the Trump and at the time the Biden-Harris campaigns. The group had accessed the email account of Trump cohort Roger Stone and used it as a doorway into the Trump campaign’s systems.

In an advisory last week from CISA and the FBI, the breaches were part of a larger effort by the Iranian government to disrupt the elections now less than two months away.

“This malicious cyber activity is the latest example of Iran’s multi-pronged approach … to stoke discord and undermine confidence in our electoral process,” the agencies wrote. “Foreign actors are increasing their election influence activities as we approach November. In particular, Russia, Iran, and China are trying by some measure to exacerbate divisions in U.S. society for their own benefit, and see election periods as moments of vulnerability.”

In a report Tuesday, security platform provider ReliaQuest wrote that “election-related targeting from nation-state–associated groups, hacktivists, and cybercriminals will pose substantial threats to businesses through phishing, distributed denial of service (DDoS), and data theft, aiming to disrupt operations, cause financial loss, and exploit heightened public interest.”

More to Come

Advanced persistent threat (APT) groups will use hack-and-leak operations, disinformation campaigns, and attacks on electoral infrastructure in thee run up to the elections, ReliaQuest cyberthreat intelligence analyst Gautham Ashok wrote in the report. They’ll also use fake social media profiles, bot networks, and troll farms to spread disinformation widely.

Already bad actors are sending election-themed phishing emails that contain SocGholish malware loader while other cybercriminals are registering typosquatting domains to run cryptocurrency scams by luring victims into making fake donations and investment schemes. Threat groups also likely target systems used in voter registration, vote tallying, and the reporting of election results.

Congressional staffers are the latest marks in a rapidly expanding cyberthreat environment linked to the elections, with Proton saying it had warned those victims whose data was leaked.