Russian hackers trading passwords of UK MPs and public officials

User urged to change passwords and use more security

Hacking

The login details of a thousand MPs and parliamentary staff, as well as 7,000 police employees and 1,000 officials at the Foreign Office, are being traded online by Russian hackers, according to reports.

An investigation by the Times found that the stolen credentials are believed to have come from previous data breaches, including a massive hack on business social media network LinkedIn. 

Advertisement - Article continues below

While users were warned at the time to change passwords, it is unclear whether they ever got around to doing so. Among the credentials traded are those of education secretary Justine Greening and business secretary Greg Clark. 

The trove also includes the passwords of the head of IT at the Foreign Office, the director-general of the Department for Exiting the European Union and the former ambassador to Israel.

The database of around one billion records is being sold online for just 2. The low price is because the data is not from recent sources. The original price was likely much higher.

The investigation discovered that among the police email address, the three most popular passwords were password', police' and police1'.

The National Cyber Security Centre told the Times that it would reissue guidance to government departments after it was made aware of the problem.

Advertisement
Advertisement - Article continues below

Pete Turner, consumer security expert at Avast said that in the event of the data breach passwords should have been updated.

Advertisement - Article continues below

"If you use the same username and password combination for more than one website, then this is especially important as the hackers would then have access to your other accounts that share this information," he said. 

"It's important to use different passwords for all your accounts and make them as complex as possible. I know it's hard to remember different, complex passwords but you can use a password manager to help with this," he added.

Pete Banham, Cyber Resilience Expert at Mimecast, said that employees need continuing security education and can also be pointed towards a variety of tools to monitor and alert them when their personal credentials are stolen and published. 

"Layered security which includes dedicated protection from impersonation attacks is vital to ensure businesses across the UK remain cyber resilient, along with other proactive measures such as employee awareness and secure email systems."

Featured Resources

Successful digital transformations are future ready - now

Research findings identify key ingredients to complete your transformation journey

Download now

Cyber security for accountants

3 ways to protect yourself and your clients online

Download now

The future of database administrators in the era of the autonomous database

Autonomous databases are here. So who needs database administrators anymore?

Download now

The IT expert’s guide to AI and content management

Your guide to the biggest opportunities for IT teams when it comes to AI and content management

Download now
Advertisement

Recommended

Visit/security/vulnerability/355276/businesses-brace-for-second-fujiwhara-effect-of-2020-as-patch-tuesday
vulnerability

Businesses brace for second 'Fujiwhara effect' of 2020 as Patch Tuesday looms

9 Apr 2020
Visit/security/cyber-security/355267/zoom-hires-ex-facebook-cso-to-boost-platform-security
cyber security

Zoom hires ex-Facebook CSO Alex Stamos to boost platform security

8 Apr 2020
Visit/security/vulnerability/355236/hp-support-assistant-flaws-leave-windows-devices-open-to-attack
vulnerability

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020
Visit/security/cyber-security/355234/safari-bug-let-hackers-access-cameras-on-iphones-and-macs
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020

Most Popular

Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/software/video-conferencing/355257/taiwan-first-country-to-ban-zoom-amid-security-concerns
video conferencing

Taiwan becomes first country to ban Zoom amid security concerns

8 Apr 2020
Visit/security/cyber-security/355271/microsoft-gobbles-up-corpcom-domain-to-keep-it-from-hackers
cyber security

Microsoft gobbles up corp.com domain to keep it from hackers

8 Apr 2020