I don't see any evidence that this should be the case. My email appears in dumps on haveibeenpwnd too, because of database dumps. How is that evidence that there's a key logger on my system?
Actually critisizing DOGE for their major gaffes (like putting up easily defaceable websites, or their incompetence when it comes to reading numbers accurately) is important, but this kind of article is just sad and diminishes the credibility of news journalism
Have I Been Pwned listed me in the ALIEN TXTBASE Stealer Logs. I went through the Notify me tab, got a verification link to check for my personal records, and all I got was this lousy:
"No domains were found for your email address. Whilst your email address was found in a stealer log, no websites were found alongside it. This can be due to the way the log was formatted."
TL;DR: You could try my email in there, believe credentials were stolen, when that might be recycled leak stuffing.
This is different from haveibeenpawned leaks. These infostealer dumps mean the data is direct from a spyware/malware on a victims computer. for ex: https://hackerone.com/reports/3091909
It means the people in the leak had malware on their computer in the past, and maybe present.
> a strong indication that devices belonging to him have been hacked in recent years.
I like these kind of speculative articles. The click bait title states something with certanity than the first sentence clarifies that it is a speculation. I am not sure why we are falling for this click baity garbage, over and over.
> Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department of Government Efficiency have appeared in multiple public leaks from info-stealer malware
The Ars Technica article is a bit confusing, if you click through to the original article, the case they make is much clearer. It's not that his credentials were found on Have I Been Pwned, which is the case for most people through no fault of their own. Instead, it's this:
>But some of the datasets that Schutt is included in are much more concerning than normal data breaches because they're from stealer logs.
Logs from information-stealing malware were leaked multiple times, and if your credentials appear in multiple of those, that's reasonably good evidence that you are doing something wrong.
So I don't think the headline is clickbait, but I do think that the Ars article could be clearer in making its point.
At one point I was a contractor for a government department and at another I was at a government sponsored NGO.
My credentials are in the various leaks, like the Adobe one.
“Login credentials belonging to a Department of Defense contractor, who previously had worked at a government-sponsored media outlet, have appeared in multiple public credential leaks.”
Yep, headline doesn't say it is his current computer or anything, just that his computer was infected. It would be clickbait if it said his current computer is actively infected. Less clickbait than now if it said one of his computers appears to have been infected at some point.
Doesn't seem speculative in the least - they have some pretty strong indicators of a problem. It's great that we're getting some tech-literate investigative journalism going - and good for our government to have a light shining here.
Seems like people here assume that passwords were found on Have I Been Pwned. It's more than that, it's about "stealer malware":
> [...] user names and passwords for logging in to various accounts belonging to Schutt have been published at least four times since 2023 in logs from stealer malware. Stealer malware typically infects devices through trojanized apps, phishing, or software exploits.
> Lee went on to say that credentials belonging to a Gmail account known to belong to Schutt have appeared in 51 data breaches and five pastes tracked by breach notification service Have I Been Pwned. Among the breaches that supplied the credentials is one from 2013 that pilfered password data for 3 million Adobe account holders, one in a 2016 breach that stole credentials for 164 million LinkedIn users, a 2020 breach affecting 167 million users of Gravatar, and a breach last year of the conservative news site The Post Millennial.
Putting this in undermines the quality of their critique.
Does the USA have an authority that can deny privileged data access to someone that has such poor operational security? Revoke security clearances, that kind of thing.
Yes in theory, however it's 2025 and I think it's likely that most of what they're doing falls afoul of data storage/recordkeeping laws anyway and there's basically zero chance that the perpetrators will face consequences.
Yes, but all such authorities are subordinate to the President, and the President can issue security clearance by fiat, bypassing normal procedures and exempting people from them .
Security levels of documents and clearances are technically controlled by the office of the President (IIRC), but this is often delegated to the agencies themselves. The military, for example, has it's own system for classified things, while it looks like maybe DOGE does not.
Under normal circumstances if that system were connected to an internal network there would be a cleanup (and the costs would be astronomical). I say normal circumstances because I fully expect these clowns to obfuscate, omit and deny everything for the next four years.
All thee DOGE dudes are destined to spend life imprisoned on Alcatraz. The scope of the antics done by these people and the downright disregard for security, ethics, law, and the Constitution, all make them the right people to make examples of.
Was he using his own computer? He should surely have been using one provided by the institution. In a properly secured system he should not have needed passwords to connect to databases, they should have been secured by something like Active Directory roles and certificates. Do any of these US institutions have any idea of proper security?
DOGE didn't care to go through proper channels for anything. They just used whatever they had. It was a true train wreck let by young talentless types like "big balz" or whatever his name was; their only qualifying talent was complete loyalty to Elon Musk.
Readit News
Actually critisizing DOGE for their major gaffes (like putting up easily defaceable websites, or their incompetence when it comes to reading numbers accurately) is important, but this kind of article is just sad and diminishes the credibility of news journalism
If your password is in the dumps, too, like this person's passwords, then yeah, you might want to look into it.
Indeed the ones getting hacked are more likely to.
"No domains were found for your email address. Whilst your email address was found in a stealer log, no websites were found alongside it. This can be due to the way the log was formatted."
TL;DR: You could try my email in there, believe credentials were stolen, when that might be recycled leak stuffing.
It means the people in the leak had malware on their computer in the past, and maybe present.
Deleted Comment
I like these kind of speculative articles. The click bait title states something with certanity than the first sentence clarifies that it is a speculation. I am not sure why we are falling for this click baity garbage, over and over.
> Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department of Government Efficiency have appeared in multiple public leaks from info-stealer malware
Does not sound like clickbait for me.
>But some of the datasets that Schutt is included in are much more concerning than normal data breaches because they're from stealer logs.
Logs from information-stealing malware were leaked multiple times, and if your credentials appear in multiple of those, that's reasonably good evidence that you are doing something wrong.
So I don't think the headline is clickbait, but I do think that the Ars article could be clearer in making its point.
My credentials are in the various leaks, like the Adobe one.
“Login credentials belonging to a Department of Defense contractor, who previously had worked at a government-sponsored media outlet, have appeared in multiple public credential leaks.”
Deleted Comment
Because it's easier to create and broadcast bait than to filter it.
In the long term HN should do something about it, e.g. editoralized titles.
Dead Comment
> [...] user names and passwords for logging in to various accounts belonging to Schutt have been published at least four times since 2023 in logs from stealer malware. Stealer malware typically infects devices through trojanized apps, phishing, or software exploits.
> Lee went on to say that credentials belonging to a Gmail account known to belong to Schutt have appeared in 51 data breaches and five pastes tracked by breach notification service Have I Been Pwned. Among the breaches that supplied the credentials is one from 2013 that pilfered password data for 3 million Adobe account holders, one in a 2016 breach that stole credentials for 164 million LinkedIn users, a 2020 breach affecting 167 million users of Gravatar, and a breach last year of the conservative news site The Post Millennial.
Putting this in undermines the quality of their critique.
I don't disagree, but the reader may show critical thinking and consider that there is more: there is mention of malware, not just a leak.
DOGEs K Schutt's computer infected by malware, credentials found in stealer logs
https://news.ycombinator.com/item?id=43930267