British MPs' passwords leaked
Last week, it was revealed that two lists of stolen credentials had been put up for sale or were being traded on Russian-speaking hacking sites. These lists included the log-in details of 1,000 British MPs and parliamentary staff, 7,000 police employees and over 1,000 Foreign Office official. These credentials are believed to have come from historical data breaches including the LinkedIn and MySpace data dumps.
“The high profile data dumps we have seen over the last few years continue to haunt us,” said Ross Brewer, vice president and managing director EMEA at security intelligence specialist LogRhythm. “What’s disturbing is that hackers have likely had these credentials for years, which means if passwords haven’t been changed they could have potentially had access to confidential information all this time. Considering the sensitivity of this data, the repercussions of this would be unthinkable. This case proves hackers are persistent and patient, and they are willing to wait as long as it takes for the opportune moment to strike. For any business, lax security is a threat, but when online accounts belong to people making such critical decisions for our country, the stakes couldn’t be higher.
Brewer continued: “Organisations, and particularly the public sector, are wising up to the fact that hackers are a serious threat, but it’s paramount that additional action is taken to protect their sensitive information. Firstly, individuals should not, under any circumstances, be using insecure passwords, such as first names, job titles, and ‘password’. We should all know that these common, guessable passwords are futile when faced with today’s relentless cyber criminals. Organisations need to continually educate and update their employees about the importance of being cyber aware and how to stay secure, and passwords should be top of the list.
“Unfortunately, employees are often the first – and weakest – line of defence. Therefore, it’s vital that organisations are able to identify and mitigate a breach as soon as the network has been compromised. Having full network monitoring and response capabilities is key. Indeed, security intelligence and rapid detection ensures that, should hackers attempt to access online accounts using stolen passwords, steps can be taken to stop confidential information falling into the wrong hands.
“This case also raises the question ‘should the government be introducing stronger penalties to protect officials?’. Successfully targeting government officials and police officers would be a coup for hackers. It’s imperative that, with national security at stake, defences are put in place that guarantees hackers are thwarted at the first step,” concluded Brewer.