Sensitive personal details of key security officials serving under US President Donald Trump are readily accessible on the internet, an investigation by media company Der Spiegel has revealed. Reporters uncovered mobile numbers, email addresses, and even passwords linked to top government figures, exposing significant security vulnerability.
The journalists obtained this information by using commercial people-search tools alongside hacked customer data that had been leaked online. Among those affected are National Security Adviser Mike Waltz, Director of National Intelligence Tulsi Gabbard, and Secretary of Defense Pete Hegseth.
This comes amid the controversy surrounding the White House where The Atlantic’s editor-in-chief Jeffrey Goldberg was mistakenly added to a private Signal group, named ‘Houthi PC Small Group’. The members of the group, which included Vice President JD Vance, Defense Secretary Pete Hegseth, National Security Adviser Michael Waltz among others, discussed planned military actions against Yemen’s Houthi armed group.
Many of the exposed contact details are still in use. Some are linked to social media accounts on LinkedIn and Instagram, while others have been used to set up Dropbox accounts or fitness tracking apps. The investigation by the media company showed that several of these numbers are associated with WhatsApp and Signal accounts, raising concerns about their potential exploitation.
One of the alarming aspects of this breach is the possibility that a highly sensitive Signal chat involving these officials was conducted using their publicly available phone numbers. While it remains uncertain if these particular accounts were used for the discussion, Der Spiegel confirmed that the exposed personal numbers of Director of National Intelligence Tulsi Gabbard and Waltz are indeed linked to Signal accounts.
Der Spiegel was able to retrieve contact information for Gabbard, Waltz, and Hegseth from commercial databases, while additional details surfaced in widely available password leaks.
Hegseth’s contact details were particularly easy to obtain. Using a commercial data provider typically employed for sales and recruitment purposes, Der Spiegel simply submitted a link to his LinkedIn profile.
In return, they received his Gmail address, mobile phone number, and other personal information. Further searches through leaked user databases confirmed that this email address, and in some instances its associated password, appeared in more than 20 publicly available data breaches. Public records also indicated that the email account had been actively used in recent days.
