Will new security measures and practices be enforced following this massive loss of high-profile security credentials?
Tens of thousands of security credentials of government officials including British MPs, have reportedly been traded and sold by Russian hackers.
Among the information are passwords of British politicians, ambassadors, and high ranking figures within the police. These passwords are said to have been traded on Russian-speaking websites associated with hacking groups.
Details of around 1,000 British MPs and parliamentary staff, 7,000 police employees and over 1,000 Foreign Office staff were included in the batches of credentials. The sites that they were sold on were Russian.
The issue was first identified by the Times, and it has since been flagged to the National Crime and Security Centre (NCSC).
It is believed that such a large amount of information could have been accessed because of a cyber attack on LinkedIn in 2012. This attack resulted in the theft of millions of sets of user details.
Warnings were issued following this incident to change passwords, so this instance may prove to be another example of human cyber security weakness, even among important public figures such as British MPs.
Rashmi Knowles CISSP, EMEA Field CTO at RSA said: “This story shows just how important it is that people change all their passwords in the wake of a breach. People often use the same password for multiple sites, even for accessing work-essential applications and services, and do not change them for years; this means that when these credentials are harvested, as we can see in this instance, it can have serious repercussions. As we can see, hackers might sit on these for a number of years, lulling people into a false sense of security; so our advice is always the same, be careful and change your passwords regularly.
“Beyond this though, two factor authentication can also help to take the wind out of hackers sails. Company’s need to wake up to the fact that you can’t police stupid, and employees are always going to be the chink in their armour. As such, it is vital that two-factor authentication is a mandatory minimum requirement in a company’s security strategy.”
Pressure is mounting to implement biometric security measures, with a recent study by Mastercard and Oxford University finding that 93% of UK consumers would opt for the new technology over passwords. This change would negate the human failure to change passwords regularly, and to make the suitably complex.
Mark James – Security Specialist for ESET saidt: “With so many breaches happening so frequently, we can be forgiven for briefly glancing over the news when we read of another one happening to another large well known company. The problem of course is not always the current hack or breach, it’s the fact that this small amount of data could be the next piece of the jigsaw in your online profile.”