To start, Manafort’s security hints for these accounts were dead giveaways (“secret agent” and “James Bond”). It was trivially easy to guess the passwords with such obvious clues. And more importantly, using the same password in multiple places is a very, very bad idea. Never mind the Adobe or Dropbox accounts — there’s a chance that there are other accounts using the same login. This doesn’t mean that Manafort’s email or social accounts have suddenly been compromised (they may have different passwords), but the reuse of passwords makes it difficult to rule out.
There’s also the matter of how easily the researchers obtained Manafort’s info. All they had to do was look into known data breaches and find the info that had leaked online. Manafort previously confirmed that text messages from his daughter had been compromised, so it wasn’t too hard to find his old email address buried in messages posted on theDark Web. After that, it was just a matter of running that address through HaveIBeenPwned.com to see if it had turned up in data breaches. There were at least two: the 2012Dropbox hack and the 2013Adobe hack.
No, this probably won’t affect Manafort’s indictment over allegations of conspiracy and money laundering. However, it may serve as a wake-up call: if you’re going to think of yourself as a real-life Bond, you should probably ensure that your accounts are as difficult to crack as you’d expect for a super spy.【阅读原文...】