Hackers hack British police database, publish logins

Hackers have raided the website of a British Police unit and published login details and passwords belonging to dozens of officers.

According to BBC News, Hertfordshire Police confirmed that information stored on an externally hosted database was published online and that the data, including phone numbers and IP addresses, relates to a number of officers in Britian's Safer Neighbourhood teams.

A statement said that it was investigating the incident and as a precaution, the pages had been temporarily disabled while the incident was investigated.

“There is absolutely no suggestion that any personal data relating to officers or members of the public has been, or could have been compromise," it said.

"Nevertheless matters of IT security are extremely important to the Constabulary and an investigation is already under way."

The hacker added an ‘OpFreeAssange' banner to the details posted online, however, the hacker wrote that they were not affiliated with the Anonymous hacking collective.

Bitdefender chief security researcher Catalin Cosoi said the exposed list of employee names and corresponding IPs could be used in cyber crime operations that required identification of a specific machine.

NCC Group technical director Paul Vlissidis said externally hosted databases could be a "nasty potential security flaw".

“Miscreants are certainly very wise to this. We need to move towards a culture where it's common policy to audit external suppliers and make sure their security is up to scratch.”

Stonesoft UK and Ireland country manager Ash Patel said the hack raises questions about other potential damage including the introduction of malware and the risk that other data may have been stolen.

“Public sector organisations need to understand that, by hosting sites with third parties or outsourcing such important services to system integrators, does not take responsibility away from those who are employed to ensure the security of ‘our' data. It is time that it was made clear that the responsibility lies with the government and its employees in the same way that the nation's security lies with the armed forces.

“It is also important to note that Hertfordshire Police's website was externally hosted and this, as always, highlights that when employing this parties to host sites, the first and most important question that should be asked is with regards to security, after which can come questions around cost and availability. This is even more so the case when the organisations are of public interest.”

This article originally appeared at scmagazineuk.com