An investigation by Der Spiegel has uncovered a significant security lapse involving some of US President Donald Trump’s most trusted security advisors. Contact details—including mobile phone numbers, email addresses, and even passwords—of high-ranking officials such as National Security Advisor Mike Waltz, Director of National Intelligence Tulsi Gabbard, and Secretary of Defense Pete Hegseth are freely accessible on the internet.

The German newspaper retrieved this sensitive information using commercial people search engines and leaked customer databases. Many of these contact details are still active and linked to social media, cloud storage, and messaging platforms, including WhatsApp and Signal. This raises serious concerns that hostile intelligence services could exploit the exposed data to infiltrate private communications, as per the report.

Dive deeper

The investigation highlights an alarming breach, particularly because these officials reportedly used Signal to discuss a potential military strike. The US news magazine The Atlantic revealed that Waltz, Gabbard, and Hegseth, along with CIA Director John Ratcliffe and other officials, had shared intelligence and attack plans in a Signal group chat. The situation took an unexpected turn when Waltz reportedly added The Atlantic’s editor-in-chief, Jeffrey Goldberg, to the conversation, though his reasons remain unclear.

The White House acknowledged the breach, with Trump asserting that the discussions did not involve classified material—an issue of particular relevance since government officials are prohibited from sharing sensitive information over Signal. The situation is further complicated by the fact that Steve Witkoff, the US special envoy for Ukraine and the Middle East, participated in the chat while in Russia.

Wider context

Some of the officials' contact details, as per the newspaper, were listed in commercial databases, while others appeared in publicly accessible password leaks. Investigators easily retrieved Hegseth’s mobile number and email by using a commercial data provider commonly utilized for corporate marketing and recruitment. A search in leaked databases revealed that his email address—and in some cases, even associated passwords—were present in over 20 separate leaks.

Waltz’s personal information was equally accessible, with his mobile number and email address found through similar sources. The email credentials were linked to several online platforms, including Microsoft Teams, LinkedIn, WhatsApp, and Signal.

Gabbard appeared to have exercised more caution. Unlike her colleagues, her details were blocked from certain commercial search engines. However, her email address surfaced in multiple leaks, including databases on WikiLeaks and Reddit. One such leak contained a partial phone number, which, when completed, corresponded to an active WhatsApp and Signal account.

Cybersecurity expert Donald Ortmann warned that such data exposure could facilitate phishing attacks, malware installation, and even political blackmail. He also highlighted the risk of deepfake technology being used to manipulate images and voice recordings for virtual meetings. “Exposed data from top politicians can be used by hackers to launch convincing phishing attacks and gain access to devices and various services such as email, chat tools and PayPal,” Ortmann explained.