CyberCrimeSecuritySecurity Management

Russian Hackers Stole And Traded British MPs’ Passwords

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Emails and passwords belonging to British MPs and high level public servants traded online

Highly sensitive data including passwords and email addresses belonging to some of the most powerful officials in the UK has been compromised.

The data is reportedly being traded online and is said to include up to 1,000 British MPs, 7,000 police employees, and more than 1,000 Foreign Office officials.

And it seems that the list of people affected includes Cabinet members Justine Greening (education secretary) and Greg Clark (business secretary).

Old Data

dataThe database is said to contain up to 1 billion records and is being sold online for just £2, The Times newspaper revealed.

That low price is down to the fact that the data itself is old, and the database mostly likely commanded a much higher cost when it was ‘fresh’.

This is because the data was apparently sourced from a number of websites such as LinkedIn and MySpace, as well as a number of other services.

LinkedIn was famously hacked in 2012 and it was thought that almost 6.5 million passwords for the social networking site were stolen and published online at that time.

Then last year it was revealed that 117 million LinkedIn account details, including email addresses and passwords, were up for sale.

Yevigeniy Nikulin, a 29-year-old Moscow resident, allegedly conspired with two others, over the hacks against LinkedIn, Dropbox and other websites.

Nikulin was arrested last year in the Czech republic and is currently fighting extradition to the United States.

Whilst the data seems to be out of date by now, there is concern that the information could potentially be used to blackmail or impersonate officials via their personal accounts.

The National Cyber Security Centre (NCSC), which safeguards the UK against cyberattacks, reportedly said it would reissue guidance to government departments after being presented with the findings by the Times.

Password Reuse

The concern about this data breach is down to the fact that people often tend to reuse the same passwords for multiple websites and services.

GCHQ has previously offered up its advice on how consumers can ensure their passwords are fit for purpose.

Late last year, it was revealed that thousands of pounds had been stolen from the bank accounts of Groupon users after fraudsters used login credentials leaked in previous data breaches.

Quiz: Are you a security pro?