Passwords belonging to British politicians, diplomats and senior police officers have been traded by Russian hackers, it has been reported.
Security credentials said to have belonged to tens of thousands of government officials, including 1,000 British MPs and parliamentary staff, 7,000 police employees and more than 1,000 Foreign Office staff were in the troves sold or swapped on Russian-speaking hacking sites.
The majority of the passwords are said to have been compromised in a 2012 hacking raid on the business social network LinkedIn, in which millions of users' details were stolen. The National Crime and Security Centre (NCSC) confirmed that its cyber security advice has been highlighted to departments in light of the discovery. Among those whose credentials were stolen were Justine Greening, the education secretary, and Greg Clark, the business secretary.
Security experts warned that hackers could use the information to access government accounts, especially if officials had the same password across the internet. “If these people used the same credentials . . . elsewhere — potentially on government systems — that’s not good,” Rob Pritchard, a cybersecurity specialist at the Royal United Services Institute, told.
In the wake of the LinkedIn attack users were advised to change their passwords on the site and any other accounts that used the same credentials. The warning was repeated in 2016 when it emerged the compromised passwords were being sold by criminal gangs. A Government spokesman said it was a "historical incident". "When it took place, LinkedIn gave advice that people should change their passwords. Anybody who is no longer using the password will not have had their account breached."
Download SafeUM — communicate privately, without advertising and spam.
