Google's Pixel 7 Event National Taco Day Microsoft Surface Event Xiaomi 12T Pro's 200MP Camera iPhone 14 Pro Action Mode vs. GoPro Hero 11 TikTok Money Advice Hottest Holiday Toys Gifts for Cyclists
Want CNET to notify you of price drops and the latest stories?
No, thank you

US election agency breached by suspected Russian hacker

A security firm discovers more than 100 login credentials for computers at the US Election Assistance Commission on the internet black market.

Login credentials for the US Election Assistance Commission, the agency that certifies voting machines, were discovered on the black market.
Moment Editorial/Getty Images

The US agency responsible for certifying the security of voting machines reportedly fell victim to a hacker believed to be Russian.

Security firm Recorded Future said Thursday that it discovered login credentials for computers at the US Election Assistance Commission for sale on the internet black market. The firm said its analysis identified the hacker as Russian.

"The breach appeared to include more than one hundred access credentials, including some with the highest administrative privileges," Andrei Barysevich, director of advanced collection at Recorded Future, wrote in a blog post. "These administrative accounts could potentially be used to access sensitive information as well as surreptitiously modify or plant malware on the EAC site."

The report comes amid heightened concern that the Russian government hacked the US presidential election in November to ensure a victory for Republican Donald Trump. An anonymous senior US official told The Washington Post last week that "Russia's goal here was to favor one candidate over the other, to help Trump get elected."

Posing as a potential buyer, Recorded Future engaged a "Russian-speaking actor" who was offering the credentials for sale. The hacker said he had accessed the system through an unpatched vulnerability, which he was attempting to sell information about to a Middle Eastern government, the company said.

It wasn't immediately clear when the hack occurred. Recorded Future said it turned over its findings to federal law enforcement officials. The Justice Department did not immediately respond to a request for comment.

Created by the Help America Vote Act of 2002, the EAC is a government agency that certifies voting machines and serves as a clearinghouse for information regarding election administration.

The US Election Assistance Commission did not immediately respond to a request for comment.