Embassy e-mails hacked

Independent security researcher stumbles upon usernames and passwords to nearly 1,000 government employees worldwide.

Thursday, Swedish computer security consultant Dan Egerstad posted online the usernames, passwords and server addresses necessary to access up to 100 e-mail accounts worldwide. He says he used an unnamed vulnerability to obtain the usernames and passwords for up to 1,000 e-mail accounts of government employees around the world. Egerstad also said he's found information for accounts belonging to major U.S. and U.K. corporations. He has not used the information himself.

Egerstad told Computer Sweden: "I did an experiment and came across the information by accident." He said he tried contacting a few of the administrators responsible for the sites he posted, but so far they have all ignored him. He hopes that by posting the information the agencies will take corrective action.

Computer Sweden confirmed that the log-in details for at least one of the accounts is correct. Egerstad provided the publication with an e-mail sent by an employee at the Swedish royal court to the Russian embassy. The Russian embassy has since changed its password.

Computer Sweden has not been able to confirm the authenticity of any of the other information that has been posted.

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    HOT ON CNET

    Looking for an affordable tablet?

    CNET rounds up high-quality tablets that won't break your wallet.