Russian hackers are selling British officials’ passwords – CNET

Aaron Robinson

Thousands of passwords belonging to British officials are being traded among Russian hackers, according to reports.

In an investigation from The Times, the British publication found passwords that belonged to 1,000 British members of Parliament and staff, 7,000 police employees and more than 1,000 diplomats. The country’s education secretary Justine Greening and business secretary Greg Clark were also swept up in the breach.

Their passwords were being sold in bulk on the dark web and Russian-speaking hacking websites, according to the report. 

The majority of the passwords coming from 2012’s LinkedIn breach, so if the victims have changed their login information across all of their accounts in the last five years, they should be fine.

The issue with these leaks come when people use the same passwords for multiple accounts. So if their LinkedIn password is the same as their Facebook password and it hasn’t changed, thieves essentially have a master key to the victims’ accounts.

The National Crime and Security Centre in the UK released advice on what to do if you were swept up in the 2012 leak on Friday, in response to the Times story.

“This is not a recent attack, it took place in 2012, and does not constitute a strategic threat to national security,” the organization said. It issued the same advice in 2012, and again in 2016 when it discovered that LinkedIn credentials were being sold by criminal groups.

Typically when sensitive information is sold on the dark web, the sellers keep the sources anonymous, to hide the hackers’ tracks, Emily Wilson, the director of analysis at Terbium Labs said.

Terbium Labs uses Matchlight, a search engine for the dark web to look through markets and find who has been compromised. For British public officials, they don’t have the luxury of anonymity.

Their titles and government positions actually raise their values as buyers.

“Sometimes you have data that is valuable intrinsically because of where it came from,” Wilson said. “LinkedIn emails and passwords, people know how to capitalize on that.” 

Leave a Reply

Your email address will not be published. Required fields are marked *