1 day ago
11
You have a preview view of this article while we are checking your access. When we have confirmed access, the full article content will load.
Revelations about the defense secretary’s passwords came after he discussed details of planned U.S. airstrikes on a messaging app.
May 7, 2025, 1:14 p.m. ET
Some of the passwords that Defense Secretary Pete Hegseth used to register for websites were exposed in cyberattacks on those sites and are available on the internet, raising new questions about his use of personal devices to communicate military information.
Mr. Hegseth did not appear to use those passwords for sensitive accounts, like banking. But at least one password appears to have been used multiple times for different personal email accounts maintained by Mr. Hegseth. If hackers access email accounts, they can often reset other passwords.
Like many Americans, Mr. Hegseth appears to have reused passwords to remember them more easily. At least one of them is, or was, a simple, lowercase alphanumeric combination of letters followed by numbers, potentially representing initials and a date. The same password was leaked in two separate breaches of personal email accounts, one in 2017 and another in 2018.
It is not clear whether he has updated the compromised passwords, or if he did so before he used his personal phone in March to share sensitive information about planned U.S. strikes on Houthi militia targets in Yemen.
Mr. Hegseth’s digital practices and security have been under scrutiny since he discussed the precise timing of those airstrikes in at least two chats on Signal, a free, encrypted messaging app. At least one of the chats took place on his personal phone. That information could have endangered U.S. pilots if an adversarial power had intercepted it.
In addition to those two Signal chats, Mr. Hegseth used the encrypted app for multiple other ongoing conversations and group messages, according to people briefed on his use of the platform. Some of the messages were posted by a military aide, Col. Ricky Buria, who had access to Mr. Hegseth’s personal phone. The use of the app for multiple ongoing conversations was earlier reported by The Wall Street Journal.
