igor - Fotolia

Russian hackers traded thousands of UK officials’ credentials

Login credentials of tens of thousands of UK officials were traded online after a 2012 data breach at LinkedIn, an investigation has revealed

The passwords and email addresses of MPs, parliamentary staff, diplomats and senior police officers were sold, bartered and then made available for free on Russian-speaking hacking forums.

These included email addresses and passwords used by education secretary Justine Greening and business secretary Greg Clark, the head of IT at the Foreign Office, the director-general of the Department for Exiting the European Union and the former ambassador to Israel, according to The Times, which made the discovery.

The lists of stolen credentials included 1,000 MPs and parliamentary staff, 7,000 police employees and more than 1,000 Foreign Office staff.

Most of the passwords reportedly come from previous data breaches, including the 2012 data breach at LinkedIn in which 167 million account details are believed to have been compromised.

According to The Times, the three most common passwords associated with the stolen police email addresses were “police”, “password” and “police1”. One senior politician used their country name followed by a number, while another used a relative’s surname. Peter Jones, chief operating officer at the Foreign and Commonwealth Office, apparently used a “highly insecure” password that showed up more than 3,700 times in one of the lists being traded online.

The National Cyber Security Centre confirmed that its digital security advice had been re-issued to government departments following the discovery.

A government spokesman said it was a “historical incident”, according to The Guardian, but he added that anyone who followed LinkedIn’s advice to change their passwords on the site and any other accounts that used the same credentials would have been safe.

The revelation comes just days after US officials revealed in testimony before the Senate Intelligence Committee that Russian hackers targeted voting systems in nearly 50% of states in the 2016 US presidential election.

Read more about cyber espionage

Russia has repeatedly denied any involvement in election-related hacking, but US intelligence agencies and various independent cyber security researchers have attributed the cyber attacks that occurred during the 2016 US election to hacker groups linked to the Kremlin.

Russian hacking groups have also been linked to cyber attacks targeting French president Emmanuel Macron’s election campaign, the German political party Christian Democratic Union (CDU), the Turkish parliament, and the parliament in Montenegro.

Several other countries, including Ukraine, Norway, the Czech Republic, Bulgaria and Italy, have also reported recent cyber attacks targeting digital infrastructure that are believed to have been the work of Russian hacking groups.

Read more on Hackers and cybercrime prevention