Embassy email details posted online

Powered by SC Magazine

Information that could allow anyone to log-in to more than 100 email accounts at embassies and government agencies around the world has been leaked online.

The data, which has been posted online by freelance security consultant Dan Egerstad, reveals usernames, passwords and server addresses.

Those affected include Kazakhstan's embassies in the US and Russia, India's embassy in the US and Russia's embassy in Sweden.

The information also includes Indian and Russian log-in details for email accounts at the UK visa office in Nepal, the foreign ministry of Iran and 40 Uzbeki embassies around the world.

"I did an experiment and came across the information by accident," Egerstad told Computer Sweden.

The security consultant claimed that he had not accessed any of the compromised accounts because he did not want to break the law.

However, he defended his decision to post the information online rather than warning the affected parties.

"When something like this happens you usually contact people and ask them to fix it, but in this case it felt too big for that, calling to other countries," Egerstad said.

"I hope this makes them take action. Hopefully faster than ever before, and I hope they become a bit more aware of security issues."

Graham Cluley, senior technology consultant at Sophos, said that it was highly embarrassing for the governments and embassies concerned that details of how to log-in to their email accounts had been uncovered.

"It is unclear at the moment as to how this information leaked out, but it is quite possible that human error is to blame," Cluley told vnunet.com.

"An organisation's security is only as strong as its weakest link, and people make mistakes."

Cluley added that common mistakes include choosing easily guessable passwords, using the same password for every website, or not changing a password on a regular basis.

Copyright ©v3.co.uk

Top Stories
NewSat defaults on $26m in overdue Lockheed payments
Jabiru-1 satellite build hits further hurdles.
IBM denies plans to cut 112k jobs
But admits to further restructuring.
ATO investigates 25 tech giants in tax hunt
Prepared to take tax evaders to court.
Sign up to receive iTnews email bulletins
Latest Comments
Who do you trust most to protect your private data?

   |   View results
Your bank
Your insurance company
A technology company (Google, Facebook et al)
Your telco, ISP or utility
A retailer (Coles, Woolworths et al)
A Federal Government agency (ATO, Centrelink etc)
An Australian law enforcement agency (AFP, ASIO et al)
A State Government agency (Health dept, etc)

Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
I DON'T support shutting the OAIC.