Paul Manafort's password inspiration: Bond. James Bond.
Even high-level lobbyists need a lesson on good passwords.
Apparently, being involved in high-level political intrigue doesn't guarantee that you'll be any good at password management. Security researchers speaking to Motherboard have discovered that former Trump campaign manager and international lobbyist Paul Manafort used uncannily appropriate password variations for his old (2012-2013) Adobe and Dropbox accounts: Bond007. Yes, you read that correctly -- as Christina Wilkie notes, this was a secret foreign agent signing in as another secret foreign agent. Cheekiness aside, the James Bond nod underscores the tendency toward terrible password habits and how they can have very real consequences.
To start, Manafort's security hints for these accounts were dead giveaways ("secret agent" and "James Bond"). It was trivially easy to guess the passwords with such obvious clues. And more importantly, using the same password in multiple places is a very, very bad idea. Never mind the Adobe or Dropbox accounts -- there's a chance that there are other accounts using the same login. This doesn't mean that Manafort's email or social accounts have suddenly been compromised (they may have different passwords), but the reuse of passwords makes it difficult to rule out.
There's also the matter of how easily the researchers obtained Manafort's info. All they had to do was look into known data breaches and find the info that had leaked online. Manafort previously confirmed that text messages from his daughter had been compromised, so it wasn't too hard to find his old email address buried in messages posted on the Dark Web. After that, it was just a matter of running that address through HaveIBeenPwned.com to see if it had turned up in data breaches. There were at least two: the 2012 Dropbox hack and the 2013 Adobe hack.
No, this probably won't affect Manafort's indictment over allegations of conspiracy and money laundering. However, it may serve as a wake-up call: if you're going to think of yourself as a real-life Bond, you should probably ensure that your accounts are as difficult to crack as you'd expect for a super spy.
