Passwords for Sale: Russian Hackers Hit Again
Share This Article:
Thousands of passwords belonging to British ministers, senior policemen and ambassadors have been traded online by Russian hackers, an investigation from The Times revealed this morning.
The enquiry discovered that the stolen email addresses and passwords were first sold and exchanged online and then made freely available.
The credentials, released in two lists, would reveal private log-in details of 1,000 British MPs and parliamentary staff, 7,000 police employees and more than 1,000 Foreign Office officials, including Justine Greening, the education secretary, Greg Clark, the business secretary, and Peter Jones, the department’s own head of IT.
Mr Jones, among others, appears to have used a highly insecure password which occurred more than 3,700 times in one of the lists.
Hacked websites included LinkedIn, the business networking social network previously breached in 2012, MySpace, the social media site, and several other entities.
The National Cyber Security Centre (NCSC), whose role is to protect the country against cyberattacks, said last night that it would renew efforts to spread awareness in government departments.
However, security experts warned that this breach of private information could lead to penetration of governmental accounts, since the lists showed many people used the same unsecured credentials across different accounts on the internet.
Despite official guidance advice the use of strong passwords to guard against hacking, the leak showed that many would have been easy to guess. They ranged from names of home counties to relatives’ surnames. Among the leaked police passwords, the more common were “police”, “password” and “police1”.
Western governments have recently raised multiple concerns about Russian hacking, including alleged attempts to influence last year’s US presidential election by penetrating Democratic Party computer systems.
Whether this leak was part of a bigger scale attack or not is not yet known, but trying to keep our accounts safe from hackers is both a right and a responsibility, and this apply particularly to people employed in governmental positions.