Massive cyber security breach hits Sweden

26 Oct 2011

The login details of some 210,000 Swedes, including politicians and media figures, have been exposed in what is the biggest cyber security breach in the country’s history, affecting one in every 50 people.

The breach extends across some 60 websites, including 90,000 passwords of users of the Swedish blog Bloggtoppen and Twitter accounts of notable Swedish figures.

The details were dumped by a hacker known as sc3a5j who told a Swedish newspaper that the point of doing it was to remind people to never use the same passwords on different websites.

“This story is likely to run and run, but what’s important is how internet users respond to the news now,” warned Sophos Naked Security blogger Graham Cluley.

“If you’re a computer user – whether you’re Swedish or not – it’s time to learn to use different passwords for different websites. If you think you won’t be able to remember different passwords, use secure password vaults such as KeePass or 1Password.

“Re-using passwords is a security disaster waiting to happen – because if your password gets stolen in one place, your whole online identity may be at risk,” Cluley warns.

A lesson for every internet user

According to Cluley, the whole sage unfolded after right-wing MP William Petzäll left the Sweden Democrats party last month, announcing he would be an independent member of parliament.

The news came following a very public struggle Petzäll had had with alcohol and prescription drug abuse and earlier this week the 21 year-old politician was forcibly committed into care against his will because he was deemed to be at risk of harming himself or others.

“But yesterday, messages began to appear on William Petzäll’s Twitter account making the explosive accusation that SD leader Jimmie Åkesson and party secretary Björn Söder had hacked into the email accounts of Swedish journalists and their political opponents.

“The messages on Petzäll’s Twitter account continued to produce ‘evidence’, publishing the email addresses and passwords (in the form of MD5 hashes) of leading journalists.

“William Petzäll’s lawyer said that his client was not making the Twitter postings, and that he did not have access to the internet where he is hospitalised.

“But then things got even worse. More than 90,000 passwords and user names associated with the popular Swedish blog portal, Bloggtoppen.se, have been released – making it easy for anyone to break into accounts belonging to newspaper journalists, politicians and journalists.

“Things wouldn’t be so critical, of course, if people weren’t using the same passwords on multiple websites,” said Cluley.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com