Axios | 1 of 2 | The data could be used to track users who have already accessed the website or even people who have just visited it and used a fake email address to log in.
It is not clear whether hackers would actually use the information to gain access to the website, but the information could be a useful target for them if they want to target users who already have a valid password, said Dan Kaminsky, an expert on password recovery and security at FireEye Inc. It’s a new twist in the data leak saga that has raised concerns among experts that hackers could use the data to target those who use compromised credentials.
It’s possible that hackers will target people who already used compromised credentials, but that’s not something that we can say for sure at this point, said Daniel Schoettle, a computer scientist at the University of Waterloo in Canada.
It also remains to be seen how much data the hackers are likely to be able to access, he said.
A database is a common form of information used to protect passwords, which hackers are known to use to create new passwords and to gain entry to accounts.
But the breach raises questions about how long it will take for attackers to recover the data and how secure it is.
In the past, the government has tried to track down the data in the wake of data breaches, but these have typically occurred when criminals were using compromised accounts to gain control of data.
In that case, it took two years and millions of dollars for the government to recover all the data from the hackers.
It could be weeks before we know whether that will be true with the new breach, said Schoett.
“We’ll have to wait and see,” he said of the data recovery effort.
“It’s not clear what this means for the next breach,” Kaminsky said.
In a statement, the Department of Homeland Security said the website is “operated by a secure, multi-factor authentication system,” which has not been breached.
The department also noted that all employees have access to passwords, including employees who are not authorized to use the website.