Thursday, Swedish computer security consultant Dan Egerstad posted online the usernames, passwords and server addresses necessary to access up to 100 e-mail accounts worldwide. He says he used an unnamed vulnerability to obtain the usernames and passwords for up to 1,000 e-mail accounts of government employees around the world. Egerstad also said he's found information for accounts belonging to major U.S. and U.K. corporations. He has not used the information himself.
Egerstad told Computer Sweden: "I did an experiment and came across the information by accident." He said he tried contacting a few of the administrators responsible for the sites he posted, but so far they have all ignored him. He hopes that by posting the information the agencies will take corrective action.
Computer Sweden confirmed that the log-in details for at least one of the accounts is correct. Egerstad provided the publication with an e-mail sent by an employee at the Swedish royal court to the Russian embassy. The Russian embassy has since changed its password.
Computer Sweden has not been able to confirm the authenticity of any of the other information that has been posted.