- 10 Microsoft research projects
- 10 kitchen gadgets for the geek gourmet
- Verizon trounces competition
- Smartphone smackdown: Storm vs. iPhone
- FBI warns of holiday cyber scams
Usernames and passwords for more than 100 e-mail accounts at embassies and governments worldwide have been posted online. Using the information, anyone can access the accounts that have been compromised.
Computer Sweden has verified the posted information and spoken to the person who posted them. The posted information includes names of the embassies and governments, addresses to e-mail servers, usernames and passwords. Among the organizations on the list are the foreign ministry of Iran, the Kazakh and Indian embassies in the U.S. and the Russian embassy in Sweden.
Freelance security consultant Dan Egerstad posted the information. He spoke openly about the leak when Computer Sweden contacted him.
"I did an experiment and came across the information by accident," he said. Egerstad says he never used the information to log in to any of the compromised accounts in order not to break any laws.
Computer Sweden confirmed that the login details for at least one of the accounts is correct. Egerstad forwarded an e-mail sent on Aug. 20 by an employee at the Swedish royal court to the Russian embassy. The person who sent the e-mail, in which she declines an invitation to the Russian embassy, has confirmed that she sent the e-mail.
"Yes, that is right. We did decline the invitation. As far as I can remember I did send the e-mail," she said.
Computer Sweden has not been able to confirm the authenticity of any of the other information that has been posted.
"When something like this happens you usually contact people and ask them to fix it. But in this case it felt too big for that, calling to other countries," Egerstad said.
Of the compromised accounts, 10 belong to the Kazakh embassy in Russia. Around 40 belong to Uzbeki embassies and consulates around the world. Login details for e-mail accounts at the U.K. visa office in Nepal were also posted. Login details for the foreign ministry of Iran, the Kazakh and Indian embassies in the U.S. and the Russian embassy in Sweden were also posted.
"I hope this makes them take action. Hopefully, faster than ever before, and I hope they become a bit more aware of security issues," Dan Egerstad says.
Computer Sweden has contacted both the Russian and Indian embassies in Stockholm for comment. The Russian embassy confirmed the leaks and says that logins have now been changed. The Indian embassy declined to confirm the information and give comment.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (1)
RE: Hacks hit embassy, government e-mail accounts worldwideBy Rev. Samuel M. Smith on August 31, 2007, 5:23 pmI also have frequent "Returned Mail" that I never sent, always with names in no way connected with any of my websites or email accounts and that often seem to be...
Reply | Read entire comment
View all comments