Russian hackers traded thousands of UK officials’ credentials

Login credentials of tens of thousands of UK officials were traded online after a 2012 data breach at LinkedIn, an investigation has revealed

The passwords and email addresses of MPs, parliamentary staff, diplomats and senior police officers were sold, bartered and then made available for free on Russian-speaking hacking forums.

These included email addresses and passwords used by education secretary Justine Greening and business secretary Greg Clark, the head of IT at the Foreign Office, the director-general of the Department for Exiting the European Union and the former ambassador to Israel, according to TheTimes, which made the discovery.

The lists of stolen credentials included 1,000 MPs and parliamentary staff, 7,000 police employees and more than 1,000 Foreign Office staff.

Most of the passwords reportedly come from previous data breaches, including the 2012 data breach at LinkedIn in which 167 million account details are believed to have been compromised.

According to The Times, the three most common passwords associated with the stolen police email addresses were “police”, “password” and “police1”. One senior politician used their country name followed by a number, while another used a relative’s surname. Peter Jones, chief operating officer at the Foreign and Commonwealth Office, apparently used a “highly insecure” password that showed up more than 3,700 times in one of the lists being traded online.

Continue reading…