LONDON — The passwords and login details of senior cabinet ministers and a host of other senior public figures have been sold online by Russian hackers.
An investigation by The Times found that online details belonging to Greg Clark, the business secretary and Justine Greening, the education secretary, are just some of the stolen data belonging to tens of thousands of civil servants and government officials were sold or traded on Russian-speaking hacking sites before being made freely available.
The news will be worrying for the government after the ransomware attack on the government earlier this year, hinting that its cybersecurity is not as strong as the government claims.
Clark and Greening’s details are amongst two lists of stolen details of 1,000 MPs and parliamentary staff, 7,000 police staff and more than 1,000 Foreign Office civil servants, including the head of IT.
The hacking appears to have been targeted at those with insecure passwords, as the three most common passwords used by police staff on the lists were “police”, “password” and “police1”.
The lists combined hacked log-in details from social media sites such as LinkedIn and MySpace alongside other smaller sites, with passwords possibly being useful for logging in to other accounts,
The appearance of the lists on Russian-speaking hacking forums suggests that hackers from that country may have been behind the theft of the login data. The UK government has repeatedly warned about the threat of Russian hacking, especially following the alleged influencing of the US presidential election last year.
Fears have been raised that government officials using insecure passwords could leave government accounts and computers open to further attacks, especially when similar passwords are used across different accounts.
Rob Pritchard, a cybersecurity specialist at the Royal United Services Institute, told The Times “if these people used the same credentials . . . elsewhere — potentially on government systems — that’s not good.”
The National Cyber Security Centre has said that it will send out guidance to civil servants and government departments instructing them about using more secure passwords.
Business Insider Emails & Alerts
Site highlights each day to your inbox.