Senior U.S. security officials' private data and passwords found online
Learn More
German news magazine DER SPIEGEL has uncovered a significant security lapse affecting key members of President Donald Trump's security team. An investigation published on March 26, 2025, revealed that private contact details of top U.S. security officials—including mobile phone numbers, email addresses, and even passwords—are freely accessible online.
This revelation comes in the wake of an earlier scandal where these same officials reportedly used Signal to discuss sensitive military operations against Houthi militia in Yemen. The security breach potentially exposes these high-ranking officials to foreign surveillance and cyberattacks.
The compromised data belongs to several top-ranking U.S. security officials, including:
- National Security Adviser Mike Waltz
- Director of National Intelligence Tulsi Gabbard
- Secretary of Defense Pete Hegseth
The investigation found various types of personal information exposed, including:
- Mobile phone numbers
- Email addresses
- Passwords
- Social media account information
- WhatsApp and Signal profiles
- Information linked to other services like Dropbox and fitness tracking apps
DER SPIEGEL reporters obtained this sensitive information through commercial people search engines and data brokers, publicly available password leak databases and hacked customer data published on the web.
According to the report, finding Secretary Hegseth's data was "particularly easy" using commercial contact information providers. His Gmail address and mobile number were quickly discovered, with the email address appearing in over 20 publicly accessible data leaks. The phone number was connected to a WhatsApp account with a recognizable profile photo that was reportedly only recently deleted.
Similarly, Mike Waltz's mobile number and email address were easily found using the same service provider, with several of his passwords appearing in leaked databases. The information led to his Microsoft Teams, LinkedIn, WhatsApp, and Signal profiles.
While Director Gabbard appears to have been more cautious with her data, having blocked it from commercial search engines, her email address was found on WikiLeaks and Reddit, appearing in more than 10 data leaks. A partial phone number was also discovered, which when completed, led to active WhatsApp and Signal accounts.
The discovery raises serious concerns about national security, as it could enable:
- Hostile intelligence services installing spyware on officials' devices
- Foreign agents potentially monitoring sensitive communications
- Phishing attacks to gain access to devices and services
- Deepfake attacks using available images and sound
- Installation of malware
- Political blackmail
This vulnerability is particularly alarming given the recent revelation by The Atlantic that these officials used a Signal chat group to discuss intelligence information and precise attack plans for a military strike against Houthi forces in Yemen.
The White House has confirmed the Signal chat scandal, with President Trump insisting it did not include classified content. The National Security Council claimed that Waltz's accounts and passwords referenced in the German magazine had all been changed in 2019.
DER SPIEGEL has not published the actual contact information to protect the officials' privacy and reports that requests for comment from the Defense Department, National Security Council, and the individuals involved have remained unanswered.
