Trump’s Team Faces More Embarrassing Security Failures
Leaked passwords, public Venmo accounts, Gmail threads about weapons systems—Trump’s national security team may be the most hackable group in American history.
What do you get when you combine leaked phone numbers, public Venmo transactions, personal Gmail threads, and a Signal group chat about launching a military strike?
Apparently...Trump’s national security team.
In the past week alone, investigations by DER SPIEGEL, The Atlantic, WIRED, and The Washington Post have exposed a growing pile of cybersecurity disasters involving some of the most powerful officials in Donald Trump’s administration. We’re talking password leaks, doxxed contact info, unsecured messaging apps, and even Gmail chains about weapons systems.
Yeah. That’s apparently where we’re at.
Signal: The Chat Heard Round the World
Things got worse when The Atlantic reported that Waltz, Gabbard, and Hegseth were using Signal—an encrypted messaging app—to discuss an imminent U.S. military strike on the Houthis in Yemen. Not only were they allegedly sharing sensitive military intel in the chat, but the group also included CIA Director John Ratcliffe and—why not—Jeffrey Goldberg, the editor-in-chief of The Atlantic.
Goldberg was added to the Signal group by Waltz himself. Why? Unclear. Maybe Waltz wanted a write-up. Maybe he hit the wrong contact. Either way, not great.
And if that wasn’t enough, Trump’s special envoy to Ukraine and the Middle East, Steve Witkoff, was participating from Russia. Because when you're plotting a military strike, why not loop in someone dialing in from a rival nation?
If this feels like a spoof, it’s not. It’s just America’s national security strategy under Trump. So if you're into it—and want to see more of it—become a paid subscriber today. Every subscription helps keep the lights on and the war room receipts coming.
DER SPIEGEL: Spies Didn’t Need to Hack This
Here’s the kicker: DER SPIEGEL didn’t need to hack anything. No Mission: Impossible gadgets. Just LinkedIn lookups, people search engines, and leaked credential dumps that have been circulating online for years.
Pete Hegseth? Reporters found his Gmail and phone number by submitting his LinkedIn profile to a commercial contact vendor. That same email address appears in more than 20 public data leaks, some including passwords. One of his linked WhatsApp profiles—since deleted—featured a shirtless Hegseth in a baseball cap, which facial recognition confirmed was him. Because what’s cybersecurity without a little thirst trap?
Mike Waltz? Same story. Reporters found his Microsoft Teams, LinkedIn, WhatsApp, and Signal accounts, all tied to a number and email floating through public databases. Even his passwords were up for grabs.
Tulsi Gabbard tried harder. She blocked her data from commercial search tools. But her email address still appeared in over 10 breaches, including on WikiLeaks and Reddit. That email, plus a partially redacted phone number, led to active WhatsApp and Signal profiles.
So yes, the same people discussing U.S. military action on an encrypted app had their private access points sitting out in the open like a “Free Wi-Fi” sign at a sketchy café.
Venmo: Open Accounts, Exposed Networks
And just when you thought this team couldn’t get more digitally compromised...enter Venmo.
Multiple officials involved in that Signal war chat also had public Venmo accounts leaking contact data and transaction histories. Because nothing screams “counterintelligence-proof” like splitting picnic bills with your Middle East deputy in public.
The officials include:
Dan Katz, chief of staff at the Treasury
Joe Kent, Trump’s nominee to lead the National Counterterrorism Center
Mike Needham, chief of staff to Secretary of State Marco Rubio
Brian McCormack, senior National Security Council staffer
Morgan Ortagus, Fox News alum turned deputy to Witkoff
All of them were linked to the now-infamous “Houthi PC small group” Signal chat. McCormack went private only after WIRED reached out. Katz’s transactions included gems like a 2018 eggplant emoji payment and a reimbursement to a cat sitter. McCormack helped fund a Cheney team reunion. Kent was connected to Ivan Raiklin, a conspiracy theorist who literally calls himself “the secretary of retribution.”
Experts say this kind of data is a counterintelligence nightmare—providing foreign services a window into personal networks, financial habits, and potential pressure points for recruitment or blackmail.
At this point, all that’s missing is a Google Doc titled “Secret Strike Plan – SHHHH PLEASE DO NOT SHARE.”
Gmail: Classified, CC’d, and Compromised
And if you thought Signal and Venmo were bad...enter Gmail.
According to The Washington Post, members of Trump’s National Security Council—including National Security Adviser Mike Waltz—have been conducting government business over personal Gmail accounts.
Not encrypted comms. Not secured federal systems. Just plain old Gmail. Like it’s a brunch invite, not a battlefield strategy.
A senior aide to Waltz reportedly used Gmail to discuss sensitive military positions and weapons systems with colleagues across government. Those colleagues were using .gov emails. He was replying from the digital equivalent of a Yahoo inbox with a “Live, Laugh, Launch Codes” signature.
Exactly the kind of digital footprint you want from someone with top-secret clearance.
Experts: This Is a Hacker’s Dream
According to cybersecurity expert Donald Ortmann, exposed emails and numbers like these are perfect for phishing, malware installs, account takeovers, and blackmail. With the rise of AI voice cloning and deepfakes, attackers can even impersonate officials in virtual meetings using nothing but leaked data and Google Images.
Imagine a fake Tulsi Gabbard showing up to a secure briefing, saying, “Yes, I approve the strike,” and the room just…goes with it.
Ortmann adds that once attackers have access, they can install spyware, monitor chats, or drain connected accounts like PayPal—because even spies love a side hustle.
The Official Response: “...Hello?”
After The Atlantic exposed the Signal group chat, the White House confirmed the messages were real but claimed no classified intel was shared. Maybe not. But when your national security strategy is being discussed via Signal accounts tied to email-password combos from 2017, the bar for “classified” starts to feel kind of irrelevant.
And the officials themselves? Silent.
DER SPIEGEL reached out to Gabbard, Waltz, and Hegseth. No response. They also contacted the Department of Defense, the National Security Council, and the Office of the Director of National Intelligence. Still nothing.
Personal messages sent to Waltz and Gabbard on WhatsApp and Signal were marked as delivered. So the accounts are live. The officials? Not so much.
From “The Best People” to the Most Easily Phished
Let’s be clear: this wasn’t a sophisticated cyberattack. This was low-effort data collection using tools any marketing intern could figure out. And yet, it exposed the private digital footprints of the people responsible for coordinating national security.
We’ve seen officials store classified docs at golf resorts and conduct diplomacy over AOL accounts. But this one hits different. Because this time, the threat wasn’t some futuristic hacking technique—it was basic negligence paired with years of password reuse and a LinkedIn account.
This isn’t just sloppy. It’s dangerous.
This wasn’t just careless—it was dangerous. And it’s another reminder that when Trump promised to hire “only the best people,” what he apparently meant was:
Felon Drumpf is a moron. A failure. He scraps bottom of barrel for his cabinet. More failure.
Criminal Drumpf regim is a daily disaster for America.
I heard Hegseth has his own fans only site. It's a hit on Grinder.