Thousands of civil servants have password exposed for over a year in ‘particularly dangerous’ incident
- Over 3,000 UK civil servant passwords were found exposed on the dark web
- Many passwords were weak, risking public institutions and national interests
- Ministry of Justice was most affected; report urges better cyber hygiene
Hundreds of civil servants, working in national and regional organizations in the United Kingdom, have had their business passwords exposed on the dark web, showing that public organizations are no better than their private counterparts when it comes to safeguarding important secrets.
This is according to password manager firm NordPass, and threat exposure management platform NordStellar. The two organizations recently cross-referenced more than 5,500 organizations in six countries (the US, UK, Canada, France, Italy, and Germany), based on their email domains – the research found a total of 3,014 passwords exposed on the dark web.
They included national and federal parliaments, governments, Presidents’ administrations, as well as local and regional governments, municipalities, and other public institutions.
Reusing weak passwords
“Exposure of sensitive data, including passwords, of civil servants is particularly dangerous. Compromised passwords can affect not only organizations and their employees but also large numbers of citizens. Moreover, such incidents may also pose serious risks to a country’s strategic interests,” Karolis Arbačiauskas, head of product at NordPass, commented on the findings.
In the report, the two organizations said that many passwords were recurring, either because a person used the same password across multiple emails/accounts, or because multiple people used the same password for their accounts.
If this sounds strange, the report also stressed that many of the exposed passwords were weak and easy to guess. Therefore, it is possible that multiple people had passwords such as “12345678”, or “password”.
With 36 unique exposed passwords, the Ministry of Justice was the most affected public institution, followed by the Ministry of Defence (32), Aberdeen City Council (23), and the Department for Work and Pensions (20).
Proper password hygiene is a crucial step in cybersecurity, the NordPass/NordStellar report argues. That includes creating strong passwords, making sure every service has a unique one, and that these passwords are rotated/changed frequently.
If you think your password might be on the weaker side, we’ve created a guide on making a safe secure password to help out.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You might also like
