Embassy e-mails hacked

Independent security researcher stumbles upon usernames and passwords to nearly 1,000 government employees worldwide.

Thursday, Swedish computer security consultant Dan Egerstad posted online the usernames, passwords and server addresses necessary to access up to 100 e-mail accounts worldwide. He says he used an unnamed vulnerability to obtain the usernames and passwords for up to 1,000 e-mail accounts of government employees around the world. Egerstad also said he's found information for accounts belonging to major U.S. and U.K. corporations. He has not used the information himself.

Egerstad told Computer Sweden: "I did an experiment and came across the information by accident." He said he tried contacting a few of the administrators responsible for the sites he posted, but so far they have all ignored him. He hopes that by posting the information the agencies will take corrective action.

Computer Sweden confirmed that the log-in details for at least one of the accounts is correct. Egerstad provided the publication with an e-mail sent by an employee at the Swedish royal court to the Russian embassy. The Russian embassy has since changed its password.

Computer Sweden has not been able to confirm the authenticity of any of the other information that has been posted.

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    Nissan gives new Murano bold style (pictures)
    Top great space moments in 2014 (pictures)
    This is it: The Audiophiliac's top in-ear headphones of 2014 (pictures)
    ZTE's wallet-friendly Grand X (pictures)
    Lenovo reprises clever design for the Yoga Tablet 2 (Pictures)
    Top-rated reviews of the week (pictures)