Embassy email details posted online

Powered by SC Magazine
 

Information that could allow anyone to log-in to more than 100 email accounts at embassies and government agencies around the world has been leaked online.

The data, which has been posted online by freelance security consultant Dan Egerstad, reveals usernames, passwords and server addresses.

Those affected include Kazakhstan's embassies in the US and Russia, India's embassy in the US and Russia's embassy in Sweden.

The information also includes Indian and Russian log-in details for email accounts at the UK visa office in Nepal, the foreign ministry of Iran and 40 Uzbeki embassies around the world.

"I did an experiment and came across the information by accident," Egerstad told Computer Sweden.

The security consultant claimed that he had not accessed any of the compromised accounts because he did not want to break the law.

However, he defended his decision to post the information online rather than warning the affected parties.

"When something like this happens you usually contact people and ask them to fix it, but in this case it felt too big for that, calling to other countries," Egerstad said.

"I hope this makes them take action. Hopefully faster than ever before, and I hope they become a bit more aware of security issues."

Graham Cluley, senior technology consultant at Sophos, said that it was highly embarrassing for the governments and embassies concerned that details of how to log-in to their email accounts had been uncovered.

"It is unclear at the moment as to how this information leaked out, but it is quite possible that human error is to blame," Cluley told vnunet.com.

"An organisation's security is only as strong as its weakest link, and people make mistakes."

Cluley added that common mistakes include choosing easily guessable passwords, using the same password for every website, or not changing a password on a regular basis.

Copyright ©v3.co.uk


 
 
 
Top Stories
At the top of her game
A decision to bring digital operations back in-house three years ago has paid big dividends for Tabcorp.
 
Westpac hires SAP man as CTO
Creates four new IT lead positions.
 
Qld Transport to replace core registration system
State's biggest citizen info repository set for overhaul.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  21%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 984

Vote