Embassy email details posted online

Powered by SC Magazine
 

Information that could allow anyone to log-in to more than 100 email accounts at embassies and government agencies around the world has been leaked online.

The data, which has been posted online by freelance security consultant Dan Egerstad, reveals usernames, passwords and server addresses.

Those affected include Kazakhstan's embassies in the US and Russia, India's embassy in the US and Russia's embassy in Sweden.

The information also includes Indian and Russian log-in details for email accounts at the UK visa office in Nepal, the foreign ministry of Iran and 40 Uzbeki embassies around the world.

"I did an experiment and came across the information by accident," Egerstad told Computer Sweden.

The security consultant claimed that he had not accessed any of the compromised accounts because he did not want to break the law.

However, he defended his decision to post the information online rather than warning the affected parties.

"When something like this happens you usually contact people and ask them to fix it, but in this case it felt too big for that, calling to other countries," Egerstad said.

"I hope this makes them take action. Hopefully faster than ever before, and I hope they become a bit more aware of security issues."

Graham Cluley, senior technology consultant at Sophos, said that it was highly embarrassing for the governments and embassies concerned that details of how to log-in to their email accounts had been uncovered.

"It is unclear at the moment as to how this information leaked out, but it is quite possible that human error is to blame," Cluley told vnunet.com.

"An organisation's security is only as strong as its weakest link, and people make mistakes."

Cluley added that common mistakes include choosing easily guessable passwords, using the same password for every website, or not changing a password on a regular basis.

Copyright ©v3.co.uk


 
 
 
Top Stories
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
Photos: iTnews Benchmark 2015 finalists revealed
Awards alumni gather to celebrate.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  4%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1757

Vote
Do you support the abolition of the Office of the Information Commissioner?