Russians hackers are offering for sale on the dark web login credentials of thousands of top UK politicians, top officials, and diplomats.
According to The Times, Russians hackers are selling on the dark web login credentials of thousands of top UK politicians, top officials, and diplomats.
Journalists at the British newspaper have found two huge lists of stolen credentials that were available for sale on Russian-speaking hacking sites. The huge trove of credentials included the log-in details of 1,000 British MPs and parliamentary staff, 7,000 police employees and over 1,000 Foreign Office officials.
“Passwords belonging to British cabinet ministers, ambassadors, and senior police officers have been traded online by Russian hackers, an investigation by The Times has found.” reads The Times. “Two huge lists of stolen data reveal private log-in details of 1,000 British MPs and parliamentary staff, 7,000 police employees and more than 1,000 Foreign Office officials, an analysis shows — including the department’s own head of IT.”
According to experts that analyzed the lists speculate they are composed of old credentials. The list appears as composed starting from data coming from old data breaches such as LinkedIn and MySpace.
“They include passwords used by the former ambassador to Israel and the director-general of the Department for Exiting the European Union.” continues The Times.
The main risk is related to the possibility that victim used the same credentials to access other sensitive systems and networks.
It is interesting to note that despite official guidance advising the use of strong passwords, the data leak shows that many politicians were using easy to guess passwords.
“Peter Jones, the Foreign Office’s chief operating officer, who has overall responsibility for IT, appears to have used a highly insecure password which occurred more than 3,700 times in one of the lists.” continues the newspaper.
Many victims re-used insecure passwords on multiple websites. such as the former Cabinet Office minister Brooks Newmark,
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.