New Delhi: Days after the White House mistakenly shared Yemen war plans by adding The Atlantic’s editor-in-chief to a Signal chat group, the contact details of some of US President Trump’s most important security advisers were free-flowing on the internet.
Mobile phone numbers, email addresses, and even passwords belonging to officials such as National Security Adviser Mike Waltz, Director of National Intelligence Tulsi Gabbard, and Secretary of Defence Pete Hegseth can be found on the internet, according to German media outlet Der Spiegel.
“To do so, the reporters (of the German weekly) used commercial people search engines along with hacked customer data that has been published on the web,” the report states.
According to the report, the exposed phone numbers and email addresses remain active, linked to social media profiles such as Instagram/LinkedIn as well as accounts on Dropbox, and fitness apps. Even WhatsApp profiles and Signal accounts are in existence for some of the numbers.
“As such, the reporting has revealed an additional grave, previously unknown security breach at the highest levels in Washington. Hostile intelligence services could use this publicly available data to hack the communications of those affected by installing spyware on their devices. It is thus conceivable that foreign agents were privy to the Signal chat group in which Gabbard, Waltz and Hegseth discussed a military strike,” the report adds.
It is unknown whether the chat was conducted using Signal accounts linked to the private telephone numbers of the officials involved.
The Der Spiegel report, however, mentioned that privately used and publicly accessible telephone numbers belonging to Gabbard and Waltz were linked to Signal accounts.
On the Signal group, Gabbard, Waltz, Hegseth and Central Intelligence Agency Director John Ratcliffe, among other officials, discussed an imminent military strike against the Houthi militia in Yemen. The information shared among the participants included intelligence information and precise attack plans.
Der Spiegel said it could easily obtain Hegseth’s mobile number and email address using a commercial contact information provider used for marketing and recruitment.
By submitting his LinkedIn profile, the reporters received his Gmail address, phone number, and other details. Searches of leaked user databases revealed the email address and its associated password in over 20 publicly accessible breaches, the report said.
Public records confirmed the email’s recent activity, highlighting vulnerabilities that could be exploited by hostile intelligence services, it added.
Hegseth’s mobile number led to a recently deleted WhatsApp account where the profile photo showed a shirtless Hegseth in a baseball cap and necklace. That it was Hegseth was confirmed through facial recognition software. Several passwords for his email were also found in leaked databases, Der Spiegel said.
According to the report, Gabbard was more cautious, blocking her data from commercial search engines. However, her email address was found in over 10 leaks, including partial phone details linked to active WhatsApp and Signal accounts.
Quoting security expert Donald Ortmann, the report stated that the exposed data could enable phishing attacks, malware installation, deepfake manipulation, and political blackmail.
In the report, Der Spiegel said it had refrained from publishing sensitive information but notified the officials of its findings.
(Edited by Nida Fatima Siddiqui)
Also Read: Signal surges after WhatsApp’s new privacy rules, but expansion comes with growing pains