Security intelligence firm Recorded Future has found that login credentials for 47 US government agencies across 89 unique domains can be accessed on the open web are accessible openly.
The log-in details could be found in public websites such as Pastebin, where hackers release leaked data.
It is reported that 12 of those agencies do not use two-factor authentication process to access their systems, allowing users to log on with only a username and password.
Recorded Future said the presence of these credentials on the open Web leaves these agencies vulnerable to espionage, socially engineered attacks, and tailored spear-phishing attacks against their workforce.
The company scanned over 680,000 websites in seven languages and identified 705 emails and passwords emerging from government agencies.
The information was associated with the departments of justice, defence the treasury and energy as well as several others.
Recorded Future senior analyst Scott Donnelly was quoted by BBC as saying, "It isn’t that these agencies don’t know what to do, it is just that they aren’t implementing the changes."
Earlier this month, several reports have suspected Chinese hackers of conducting a massive data breach in the US, compromising the personal information of millions of government employees.
The US Office of Personnel Management (OPM) revealed that more than four million current and former federal employees have been affected.
