More than a dozen top officials set to take office as part of President-elect Donald Trump's administration have already had their personal data hacked over the past four years, leading to fears sensitive government data could be put at risk in the future.
Passwords used by key players in Trump's cabinet, including his cybersecurity advisor, Rudy Giuliani, are reportedly included within the datasets of major breaches that emerged last year from websites including Dropbox and LinkedIn, which exposed millions of user accounts in total.
An investigation conducted by Channel4 News uncovered passwords linked to at least 14 appointees chosen for key roles including secretary for labour, secretary for the interior, director of Oval Office operations and the press secretary.
A number of these so-called "mega-breaches", which also included social media and networking websites such as MySpace and Tumblr, ended up for sale on the Dark Web. Channel4 News said the passwords were available for as little as $4 (£3).
Additionally, the probe turned up a number of passwords used by Lt Gen Michael Flynn, the former military intelligence officer who will be taking up the role as national security advisor after the inauguration on Friday 20 January.
The revelation has led to fears that if officials have reused their passwords on other online accounts, sensitive – even classified – information may be put at risk.
The full list of allegedly hacked officials includes:
Secretary for the Interior – Ryan Zinke
Ryan Keith Zinke is an American politician, serving as a US representative for Montana's at-large congressional district. He previously served as a member of the Montana Senate, representing Senate District 2 from 2009 to 2011, and was appointed by Trump as secretary for the interior.
Secretary for Labour – Andrew Puzder
Andrew "Andy" Puzder previously served as a senior editor of the Washington University Law Review. He was appointed by Trump in early December as the United States secretary of labour.
Press Secretary – Sean Spicer
Sean Michael Spicer is an American political strategist. He has vast experience as a communications director, having worked as a chief strategist and communications director at the Republican National Committee (RNC). He was appointed by Trump as White House press secretary.
Director of Oval Office operations – Keith Schiller
Keith Schiller started working for Trump in 1999, before leaving the NYPD police force and becoming the director of security at the Trump Organization. He has stayed with Trump as security chief for 16 years. Unlike many other cabinet staffers, he was appointed by Trump this year, on 4 January.
Director of the Domestic Policy Council – Andrew Bremberg
Andrew Bremberg headed up Donald Trump's transition team for the health and human services. He formerly served as chief of staff during the administration of George W Bush. He was appointed by Trump to the position of director of the domestic policy council.
Director of the National Trade Council – Peter Navarro
Peter Navarro is a professor of economics and public policy at the Paul Merage School of Business, University of California, Irvine and the author of more than a dozen books. He was appointed by Trump as director of the National Trade Council, a newly-created entity in the executive branch of the US federal government.
Head of Social Media – Dan Scavino
Daniel Scavino Jr stared working for Donald Trump in 1990. He was the general manager of Trump National Golf Club Westchester and the director of social media of Trump's presidential campaign in 2016. He was appointed by Trump as White House director of social media.
Chief Trade Negotiator – Jason Greenblatt
Jason Dov Greenblatt is a lawyer. He has worked for Donald Trump since 1997 and is currently executive vice president and chief legal officer to Donald Trump and The Trump Organization, as well as his advisor on Israel. He was appointed by Trump as chief trade negotiator.
Troy Hunt, a cybersecurity expert who runs breach notification website HaveIBeenPwned.com, said the password leaks of such high-profile (and high-target) officials could be a security nightmare.
"Let's say someone from Trump's team has data leaked and it appears on a totally unrelated forum somewhere and someone takes those credentials and accesses the individual's Gmail," said Hunt.
"If this is an individual in a position of power or influence they may well have discussions in their personal mail that could be compromising. And if they don't then the attacker who gains access to that Gmail may then use that account to begin a conversation with other people in the contact list, impersonate them, and elicit information from other individuals. It then just opens up a door to a raft of much bigger problems."
Throughout the 2016 election campaign, cybersecurity became a major talking point following the cyberattack against the Democratic National Committee (DNC) in June. The US Intelligence Community (IC) firmly believes this was orchestrated by Russian hackers.
Yet experts, from both the US government and private cybersecurity firms, believe the DNC hack was only one part of a much larger operation: to influence the outcome of the election and help get Trump into the position of commander-in-chief.
In his first press conference of 2017, Trump slammed Democratic Party officials for having weak cybersecurity practices. "They did a very poor job, and they could have had hacking defence which we had," he said.
Most recently, Trump's cybersecurity advisor, Rudy Giuliani, was criticised after his own website was found to be littered with vulnerabilities, including an expired SSL encryption and an exposed CMS login page. Later, the website was mysteriously taken offline.