Candidates are Sitting Ducks for Cyber Pranksters

De facto Republican presidential nominee Mitt Romney should have seen this coming. As secretive as the former Massachusetts governor was of his office emails (according to a Wall Street Journal report his aides deleted all messages from a state server) he apparently created an obvious answer to a password reset question for his personal webmail account. As first reported by Gawker, a tipster claims to have guessed the name of Romney’s favorite pet and popped open the alleged dog abuser’s Hotmail account.

Romney may have committed the other password faux pas of using the same code for multiple accounts. The Hotmail password worked on his DropBox online storage space too, according to Gawker.

As Nextgov’s sources warned in December, Ditch the Gmail addresses, politicians:

A glance through the biographical information in publicly available social-network profiles can provide clues to a person's password recovery answers, experts point out. "And yet people still do dumb things: They give honest answers to security questions," [hacker-cum-security consultant Jennifer] Emick said. Chris K. Ridder, a San Francisco-based attorney and former resident fellow at Stanford Law School's Center for Internet and Society, said, "People might want to think more about their password reset questions. You don't put the real name of your cat in there, if you're going to find that on Facebook."

On Wednesday afternoon, Secret Service spokesman Brian Leary said agents were investigating the Romney hack. The agency is authorized to protect major presidential candidates.