Embassy email details posted online

Powered by SC Magazine
 

Information that could allow anyone to log-in to more than 100 email accounts at embassies and government agencies around the world has been leaked online.

The data, which has been posted online by freelance security consultant Dan Egerstad, reveals usernames, passwords and server addresses.

Those affected include Kazakhstan's embassies in the US and Russia, India's embassy in the US and Russia's embassy in Sweden.

The information also includes Indian and Russian log-in details for email accounts at the UK visa office in Nepal, the foreign ministry of Iran and 40 Uzbeki embassies around the world.

"I did an experiment and came across the information by accident," Egerstad told Computer Sweden.

The security consultant claimed that he had not accessed any of the compromised accounts because he did not want to break the law.

However, he defended his decision to post the information online rather than warning the affected parties.

"When something like this happens you usually contact people and ask them to fix it, but in this case it felt too big for that, calling to other countries," Egerstad said.

"I hope this makes them take action. Hopefully faster than ever before, and I hope they become a bit more aware of security issues."

Graham Cluley, senior technology consultant at Sophos, said that it was highly embarrassing for the governments and embassies concerned that details of how to log-in to their email accounts had been uncovered.

"It is unclear at the moment as to how this information leaked out, but it is quite possible that human error is to blame," Cluley told vnunet.com.

"An organisation's security is only as strong as its weakest link, and people make mistakes."

Cluley added that common mistakes include choosing easily guessable passwords, using the same password for every website, or not changing a password on a regular basis.

Copyright ©v3.co.uk


 
 
 
Top Stories
Westpac interim CIO resigns
Group CIO yet to be appointed.
 
Five emerging technologies that will transform financial services
[Blog post] Far out ideas that aren't far off.
 
Earning the right to innovate
Breaking down the barriers to innovation is a long, but rewarding process, says Bank of Queensland Group CIO, Julie Bale.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  27%
 
Application integration concerns
  3%
 
Security and compliance concerns
  28%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  23%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  5%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 911

Vote