Hackers are calling MPs and trying to trick them into revealing their personal parliamentary details.
Politicians and aides have been warned that hackers are posing as parliamentary officials asking for their passwords. The warning comes just a week after Parliament suffered its biggest ever cyber attack as hackers launched a "sustained and determined" attempt to break into emails. Parliament was forced to lock MPs out of their accounts.
However, in an email, parliamentary officials have said that hackers are still attempting to gain access. The message sent to MPs and staff on Thursday warned: "This afternoon we've heard reports of parliamentary users being telephoned and asked for their parliamentary username and password. "The caller is informing users that they have been employed by the digital service to help with the cyber attack. These calls are not from the digital service. We will never ask you for your password."
MPs and their staff have also been warned that Parliament's cyber security "is only as strong as the weakest password set by our users". Last week's assault lasted for more than 12 hours as unknown hackers repeatedly targeted "weak" passwords of staff. Security sources said the attack was the biggest they could remember.
They described it as a "brute force" attack, which involves firing messages at email accounts in an attempt to find a weak password and gain entry. The network affected is used by every MP, including Theresa May, the Prime Minister, and her Cabinet ministers, for dealing with constituents.
It remains unclear whether the hackers were successful in gaining access. The investigation is ongoing. A government website has breached the security of 68,000 users, including civil servants, by making their names, email addresses and passwords available online.
The Cabinet Office, which blamed human error for the breach, said the details were publicly available on data.gov.uk, which publishes charts and graphs of public data and is widely used across Whitehall. It was unable to say whether MPs were among the users whose details were available.
A parliamentary spokesman said: "On Thursday afternoon a small number of parliamentary users were telephoned and asked for their parliamentary username and password by a caller claiming to be employed by ‘Windows’ on behalf of the Parliamentary Digital Service to help with the cyber attack. "No usernames or passwords were disclosed in these calls.”
Download SafeUM — communicate privately, without advertising and spam.
110 Reykjavik, Iceland