CISA/DOGE Software Engineer's Login Credentials Appeared in Multiple Leaks From Info-Stealing Malware in Recent Years (arstechnica.com)
- Reference: 0177438193
- News link: https://yro.slashdot.org/story/25/05/11/0451222/cisadoge-software-engineers-login-credentials-appeared-in-multiple-leaks-from-info-stealing-malware-in-recent-years
- Source link: https://arstechnica.com/security/2025/05/doge-software-engineers-computer-infected-by-info-stealing-malware/
> As an employee of DOGE, [30-something Kyle] Schutt accessed FEMA's proprietary software for managing both disaster and non-disaster funding grants
[2]to Dropsite News
. Under his role at CISA, he likely is privy to sensitive information regarding the security of civilian federal government networks and critical infrastructure throughout the U.S. According [3]to journalist Micah Lee , user names and passwords for logging in to various accounts belonging to Schutt have been published at least four times since 2023 in logs from stealer malware... Besides pilfering login credentials, stealers can also log all keystrokes and capture or record screen output. The data is then sent to the attacker and, occasionally after that, can make its way into public credential dumps...>
> Lee went on to say that credentials belonging to a Gmail account known to belong to Schutt have appeared in 51 data breaches and five pastes tracked by breach notification service [4]Have I Been Pwned . Among the breaches that supplied the credentials is one from 2013 that pilfered password data for [5]3 million Adobe account holders, one in a 2016 breach that stole credentials for [6]164 million LinkedIn users , a 2020 breach affecting 167 million users of Gravatar, and a breach last year of the conservative news site The Post Millennial.
The credentials may have been exposed when service providers were compromised, the article points out, but the "steady stream of published credentials" is "a clear indication that the credentials he has used over a decade or more have been publicly known at various points.
"And as Lee noted, the four dumps from stealer logs show that at least one of his devices was hacked at some point."
Thanks to Slashdot reader [7]gkelley for sharing the news.
[1] https://arstechnica.com/security/2025/05/doge-software-engineers-computer-infected-by-info-stealing-malware/
[2] https://www.dropsitenews.com/p/doge-fema-funding-access-social-security-numbers
[3] https://micahflee.com/doge-bro-kyle-schutts-computer-infected-by-malware-credentials-found-in-stealer-logs/
[4] https://haveibeenpwned.com/
[5] https://arstechnica.com/information-technology/2013/10/adobe-source-code-and-customer-data-stolen-in-sustained-network-hack/
[6] https://arstechnica.com/information-technology/2016/05/then-there-were-117-million-linkedin-password-breach-much-bigger-than-thought/
[7] https://www.slashdot.org/~gkelley
So has everyone else (Score:1, Troll)
Why is this even news? Everyone has credentials that have leaked. It’s frustrating, but that’s the risk of using any service these days.
SCale is the difference (Score:3)
Not everyone has.
I know people who never had.
And myself - I had credentials leaked but like 5 times in 20 years...
Not 50+ in 5 ...
I would not approve security credentials for someone who seems to be quite reckless...
Re: (Score:2)
I don't know. Creating accounts everywhere to test login might just be part of the job. Or it's insider. One is more probable than the other.
Re: (Score:3)
> Why is this even news? Everyone has credentials that have leaked. Itâ(TM)s frustrating, but thatâ(TM)s the risk of using any service these days.
Because government agencies typically are the first to adopt new authentication technologies in order to ensure security of the data within. They were among to first to implement those little RSA keys to log in to critical databases, as well as heavy logging of secure databases. And they get lots of training to ensure the databases holding taxpayer data is
Re:So has everyone else (Score:4, Insightful)
But not everyone's devices are hacked with credential stealers and who knows what else. The guy's op-sec is clearly shit, and now he is inside critical government systems. Given that even senior people in National Security can't seem to avoid using compromised chat apps on their devices, it seems quite likely that this guy is giving your enemies full access to everything he touches.
Re: (Score:2)
The apologists will no doubt claim it's just clickbait, and to some extent it is because the buzzwords are certainly there, but it's also newsworthy because he works for CISA which means he's not just a "regular user". Despite that position with CISA, he has apparently continued to use the same password for several years after it was first compromised, so very much a case of "do as I say, not as I do". Password reuse? Fail. Failing to periodically change passwords? Fail. Failing to change passwords in
DOGEs true, treasonous agenda /s (Score:3)
‘“At this point it's difficult not to suspect their awful 0pSec is a choice, and that there are specific people (*ahem* *cough cough* the Russians *cough*) to whom they're leaking secrets, with incompetence being merely plausible deniability for their true, treasonous agenda,” one critic wrote on Mastodon.’
Being featured in leaks doesn't mean much (Score:2, Interesting)
There are so many "leaks" of my usernames and IDs linked to me. They all feature the same password. It is the one I was using in 2010 or a random one like "pass1234"
Unless these credentials are actually active, it doesnâ(TM)t really mean anything. It is just one of the "perks" of working in Cybersecurity
Plausible deniability (Score:2)
Mission accomplished
Why this is news. (Score:4, Interesting)
More than a few seem to not understand this story, so a summation of this follows.
* The fact that his credentials have been found in four recent info dumps (rather than just one or two) is an indicator that his computer system has been compromised rather than the information being taken from a compromised business. This is why the linked title is [1]"DOGE software engineer’s computer infected by info-stealing malware" [arstechnica.com]
* The reason that this matters is because this is the same guy that [2]has access to the inner workings of FEMA including it's finances. [dropsitenews.com]
* Put it together and it means the inner workings of FEMA (and billions of dollars in funding) are all at risk.
Agree or disagree, this is what the story is all about.
[1] https://arstechnica.com/security/2025/05/doge-software-engineers-computer-infected-by-info-stealing-malware/
[2] https://www.dropsitenews.com/p/doge-fema-funding-access-social-security-numbers
Boy genius turns out to be ... (Score:1)
actually not a genius. Who knew, who could have predicted this, who would have guessed that this character is as slap dash as his superiors, inquiring minds want to know. The chances that he gets pulled up on this, let alone admonished, are very low. Creeping authoritarianism, film at 11.
2fa / passkeys - mandate or suffer (Score:2)
all services
must be 2FA or passkeys
or suffer
users can not be blamed...
Re: (Score:2)
> users can not be blamed...
Good news! No one will be held accountable for the consequences of this.
Re: (Score:2, Insightful)
There's no personal responsibility anymore. Kyle Schutt can go and fire people and no doubt destroy their family's lives with a keyboard and a login, but when he's careless in the execution of his own job, some slashdotters only blame 2FA or passkeys. It's sad what America has been reduced to. A lot of hot air about defending freedom and protecting their homes with guns, then meekly accepting Kyle's antics.
Re: (Score:1)
There's something to be said about the assumption of carelessness without evidence by a poster on Slashdot. Namely get the fuck out of here and go back to Wired. There is a single incident that can be traced to one of his devices being hacked and no mention of how the device was hacked, whether from social engineering, a careless download, or a zero day that didn't require anything more than an internet connection.