View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Russian hackers found trading passwords of British MPs and senior police

Will new security measures and practices be enforced following this massive loss of high-profile security credentials?

By Tom Ball

Tens of thousands of security credentials of government officials including British MPs, have reportedly been traded and sold by Russian hackers.

Among the information are passwords of British politicians, ambassadors, and high ranking figures within the police. These passwords are said to have been traded on Russian-speaking websites associated with hacking groups.

Details of around 1,000 British MPs and parliamentary staff, 7,000 police employees and over 1,000 Foreign Office staff were included in the batches of credentials. The sites that they were sold on were Russian.

The issue was first identified by the Times, and it has since been flagged to the National Crime and Security Centre (NCSC).

It is believed that such a large amount of information could have been accessed because of a cyber attack on LinkedIn in 2012. This attack resulted in the theft of millions of sets of user details.

Warnings were issued following this incident to change passwords, so this instance may prove to be another example of human cyber security weakness, even among important public figures such as British MPs.

Russian hackers found trading passwords of British MPs and senior police

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Rashmi Knowles CISSP, EMEA Field CTO at RSA said: “This story shows just how important it is that people change all their passwords in the wake of a breach. People often use the same password for multiple sites, even for accessing work-essential applications and services, and do not change them for years; this means that when these credentials are harvested, as we can see in this instance, it can have serious repercussions. As we can see, hackers might sit on these for a number of years, lulling people into a false sense of security; so our advice is always the same, be careful and change your passwords regularly.

READ MORE: Hacking risk prompts Virgin Media to enforce password changes

“Beyond this though, two factor authentication can also help to take the wind out of hackers sails. Company’s need to wake up to the fact that you can’t police stupid, and employees are always going to be the chink in their armour. As such, it is vital that two-factor authentication is a mandatory minimum requirement in a company’s security strategy.”

Pressure is mounting to implement biometric security measures, with a recent study by Mastercard and Oxford University finding that 93% of UK consumers would opt for the new technology over passwords. This change would negate the human failure to change passwords regularly, and to make the suitably complex.

Mark James – Security Specialist for ESET saidt:  “With so many breaches happening so frequently, we can be forgiven for briefly glancing over the news when we read of another one happening to another large well known company. The problem of course is not always the current hack or breach, it’s the fact that this small amount of data could be the next piece of the jigsaw in your online profile.”

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.