- More than 3,000 passwords of UK public officials found exposed on the dark web
- Many passwords were weak, putting public institutions and national interests at risk.
- The Ministry of Justice was the most affected; report urges improved cyber hygiene
Hundreds of civil servants working in national and regional organizations in the UK have had their business passwords exposed on the dark web, proving that public organizations are no better than their private counterparts when it comes to safeguarding important secrets.
This is according to password management company NordPass and threat exposure management platform NordStellar. The two organizations recently cross-referenced more than 5,500 organizations in six countries (US, UK, Canada, France, Italy and Germany), based on their email domains: the investigation found a total of 3,014 passwords exposed on the dark web.
These included national and federal parliaments, governments, presidential administrations, as well as local and regional governments, municipalities and other public institutions.
Reuse weak passwords
“The exposure of sensitive data, including passwords, of public officials is particularly dangerous. Compromised passwords can affect not only organizations and their employees, but also a large number of citizens. Furthermore, these incidents can also pose serious risks to a country’s strategic interests,” Karolis Arbačiauskas, head of product at NordPass, commented on the findings.
In the report, the two organizations said that many passwords were recurring, either because one person used the same password across multiple emails/accounts, or because multiple people used the same password for their accounts.
If this sounds strange, the report also highlighted that many of the exposed passwords were weak and easy to guess. Therefore, it is possible that several people had passwords like “12345678” or “password.”
With 36 unique passwords exposed, the Ministry of Justice was the most affected public institution, followed by the Ministry of Defense (32), Aberdeen City Council (23) and the Department for Work and Pensions (20).
Proper password hygiene is a crucial step in cybersecurity, the NordPass/NordStellar report argues. That includes creating strong passwords, ensuring that each service has a unique one, and that these passwords are rotated or changed frequently.
If you think your password might be weak, we’ve created a guide on how to create a strong password to help you.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
