US spy chief recycled password for years, breach records reveal

Tulsi Gabbard, currently serving as the US director of national intelligence, reused the same easily guessable password on several personal online accounts over several years, according to leaked data reviewed by WIRED.

The discovery comes shortly after Gabbard participated in a Signal group chat that inadvertently exposed details of a military operation to a journalist — an incident which already raised concerns about her operational discretion, Caliber.Az reports.

WIRED examined the password history using data from online breaches compiled by open-source intelligence firms District 4 Labs and Constella Intelligence. Gabbard, a former congresswoman from 2013 to 2021, sat on the House Armed Services Committee, including its Intelligence and Special Operations Subcommittee, and the Foreign Affairs Committee, granting her access to classified material during her tenure. Breach data indicate she reused the same password across multiple email and online accounts throughout part of this period, a practice long advised against by cybersecurity experts. (There is no evidence suggesting she used the same password for official government accounts.)

Two data compilations published in 2017, known as "combolists," include a password used for an email linked to Gabbard’s website. That very password later appeared in a 2019 combolist tied to her Gmail account. Records from as far back as 2012 show she used it on Dropbox and LinkedIn accounts linked to the same website email address. Further breaches dating from 2018 link the same password to her MyFitnessPal account under a me.com address, as well as to a profile on the now-defunct e-commerce platform HauteLook, once owned by Nordstrom.

The password in question reportedly contained the word “shraddha,” believed to hold personal meaning for Gabbard. Earlier this year, The Wall Street Journal reported that Gabbard was initiated into the Science of Identity Foundation, a group connected to the Hare Krishna movement, which some former members have labelled a cult. Sources claimed Gabbard was given the name “Shraddha Dasi” upon joining. When contacted at the time, Gabbard’s deputy chief of staff, Alexa Henning, posted the questions publicly on X, accusing the media of spreading “Hinduphobic smears and other lies.”

Responding to WIRED's questions, Gabbard’s spokesperson, Olivia Coleman, said: “The data breaches you’re referring to occurred almost 10 years ago, and the passwords have changed multiple times since. As our deputy chief of staff has already made clear on several occasions, the DNI has never and doesn’t have an affiliation with that organisation. Attempting to smear the DNI as being in a cult is bigoted behaviour.“

Henning echoed this sentiment in a follow-up exchange, writing: “Your bigoted lies and smears of a cabinet member and your story fomenting hinduphobia is noted… This was well litigated during her confirmation hearing, so congrats on being about 6 months late to this story. Great job.”

The Science of Identity Foundation did not respond to requests for comment.

Cybersecurity professionals strongly warn against the practice of password reuse, particularly for email accounts, as a single breach can serve as a gateway to other platforms and sensitive data. The US Cybersecurity and Infrastructure Security Agency recommends using password managers and creating unique passwords of at least 16 characters or four unrelated words for each account.

In her current role, Gabbard oversees 18 intelligence agencies, including the CIA and NSA, and manages a budget nearing $100 billion. By law, she advises the president and National Security Council on intelligence matters, making her responsible for protecting some of the most closely guarded secrets in the US government.

Critics — including the Democratic National Committee — have long questioned Gabbard’s judgement and affiliations. The DNC previously called her a “direct threat to our national security,” citing her 2019 assertion that Bashar al-Assad was “not the enemy of the United States,” her appearances on Russian state media, and associations with figures described as conspiracy theorists.

Gabbard addressed these accusations at her Senate confirmation hearing in January, stating:
“Those who oppose my nomination imply that I am loyal to something or someone other than God, my own conscience, and the constitution of the United States, accusing me of being Trump’s puppet, Putin’s puppet, Assad’s puppet, a guru’s puppet, Modi’s puppet, not recognising the absurdity of simultaneously being the puppet of five different puppet masters… The fact is, what truly unsettles my political opponents is I refuse to be their puppet.”

By Aghakazim Guliyev