Cybernews reports that some of the latest Jeffrey Epstein files released by the US Department of Justice contain live login credentials which Reddit users claim to have used to access accounts linked to the convicted sex offender.
The disclosures have reportedly led to unauthorized activity in at least one inbox, raising concerns about how the release process handled sensitive digital information.
SEE ALSO: The passwords most likely to get you hacked
The files included passwords connected to a range of online services, including Outlook, Yahoo, Apple ID, and other platforms. Some credentials appear in handwritten notes contained within the documents, while others are visible in supporting records that were not fully redacted before publication.
Testing Epstein passwords
Soon after the files became public, Reddit users began testing the exposed passwords. One of the most widely shared credentials was “#1Island,” which users claimed granted access to an Outlook account associated with Epstein. Several users said the password was valid and posted proof online.
Users who said they accessed the Outlook account described finding a nearly empty inbox. According to those accounts, it initially contained one deleted email and another titled “Test.” Within a short time, the inbox was reportedly filled with spam messages, memes, and automated sign-ups to adult websites.
Reddit users also said the profile picture tied to the account was changed. Some claimed emails were sent from the inbox to third parties, although there is no independent confirmation of the recipients or content of those messages.
Another password found in the files, “Jenjen12,” was linked to access to an iTunes account. Documents included in the release suggest the same password may have been used across other services or devices, pointing to password reuse.
Additional records reference the password “jeevacation12,” which appears repeatedly across multiple datasets and is associated with several Yahoo, Flickr, and Gmail accounts, as well as a public relations platform and LinkedIn.
The password closely matches an email address Epstein reportedly used for correspondence with business and political contacts.
Reddit users also reported testing the password “ghislaine.” Some claimed it allowed access to accounts on services such as Dropbox and Kickstarter. A lot of the claims will need to be taken with a pinch of salt, of course.
Despite the exposure of several passwords, users said two-factor authentication prevented access in a number of cases. Accounts protected by additional verification steps were harder to compromise, limiting the extent of unauthorized access.
Cybernews notes that password practices during the 2010s often involved reuse and simple credentials. At the time, multi-factor authentication was less common and frequently optional, which increased the risk of account compromise when passwords were exposed.
“It’s not surprising that many mentioned Epstein’s accounts could’ve had the same credentials that were not too complex and easy to exploit,” the researchers said.
The presence of still-active login credentials in publicly released legal files suggests gaps in the Justice Department’s review and redaction process. Accounts tied to the exposed passwords appear vulnerable to external interference, even years after the documents were created.
What do you think about live passwords appearing in publicly released legal files? Let us know in the comments.
Image credit: frank_peters / Shutterstock
