Security Experts:

Romney’s Hotmail Account Exposed by Nosey Tipster

Presidential hopeful Mitt Romney almost had a Sarah Palin experience, if it wasn’t for the fact that Gawker kept their hands off the leaked goods. After an AP story mentioned Romney’s Hotmail address, Gawker’s anonymous tipster used the password reset function to gain access to it, and sent the details to the news site.

It’s not a hack, but the account was accessed without proper authorization, as Gawker’s tipster changed the password. According to the tipster, all he needed to do in order to reset the password was answer a question related to Romney’s first pet. (Seamus perhaps?)

“The tipster didn't include any screenshots or evidence of what the accounts contained as proof. And although he or she did, as you can see, helpfully supply the new password he or she created for the account, logging in with it to assess the accuracy of the tipster's claims would put us at some legal jeopardy. So we most certainly did not do that,” Gawker’s John Cook wrote.

Romney’s campaign spokesperson, Gail Gitcho said that the “proper authorities are investigating this crime.” According to her, the campaign will have no further comment on the matter.

It would be interesting to see if the Gawker tipster actually took any of the emails contained within the Hotmail account. It’s more likely that he expected Gawker to do that for him.

Word of Romney’s security question failure on Hotmail hit the wires just after the AP reported on the account itself, in an investigation concerning official communications during his time as Governor. That story is here.

The Gawker report is here.   

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.