Swedish password hacking scandal widens
Published: 26 Oct 2011 10:29 GMT+02:00
Updated: 26 Oct 2011 10:29 GMT+02:00
A password hacking scandal which on Tuesday exposed login details of 90,000 Swedes, including several journalists and celebrities, has widened to include 180,000 users on nearly 60 websites.
On Tuesday, information about more than 90,000 account passwords associated with the popular Swedish blogging site Bloggtoppen.se, was made public on the Twitter account of former Sweden Democrat MP William Petzäll.
Petzäll, who left the party in September to become an independent MP, is currently battling the effects of substance abuse after having being involuntarily committed after a recent hospitalization.
Through his lawyer, he claimed that his Twitter account had been hijacked and that he was not responsible for the publication of the information.
Jimmy Holmlund, who operates the Bloggtoppen.se website, confirmed however that the site had been hacked and has since been shut down.
“Someone apparently discovered a weakness in the code that lies behind the service,” he told the TT news agency on Tuesday.
According to Aftonbladet, 79 users with Moderate Party email addresses had login details exposed in the incident, including several MPs and party secretary Sofia Arkelsten.
In addition, 50 users with email addresses from the Liberal Party (Folkpartiet) were also made public in the leak, as well as several journalists from Sweden's major newspapers and a number of television celebrities.
On Wednesday, Aftonbladet reported that 57 other websites had also been hacked, putting login details of up to 180,000 Swedes at risk, making it one of the biggest security breaches ever reported in the country.
In some cases, people's personal identity numbers (personnummer) were exposed.
“I can't recall an attack in recent years that's been this big,” Joakim von Braun, a computer security expert who has worked with Swedish security service Säpo and is now with Sveriges Radio (SR), told the newspaper.
According to Aftonbladet, information gleaned in the security breach was first published on Twitter in August by a user named “sc3a5j”.
However, it was only after the information was published on Petzäll's Twitter account that the hacking incident became known by the wider public.
In an email to the Expressen newspaper, the purported hacker said he or she published the information to show people that “their information hasn't been managed correctly”.
“I distance myself from those who misuse the information. Those who did so need to take stand up for that themselves,” the hacker wrote.
Both the Aftonbladet and Expressen newspapers have reported the matter to Säpo.
"We have reported the matter to the police regarding the suspected hacking. We have through our own investigation found that several of the details may check out, namely that there has been an intrusion into our computer system," Expressen editor-in-chief Thomas Mattsson said on Tuesday.
Computer security experts are urging users of Bloggtoppen.se and the other sites to change passwords to their accounts on those sites and others.
“People use the same passwords everywhere, probably also for their email accounts at work. Security is an illusion. If someone wants to get it, they will,” André Rickardsson, asecurity expert at the Bitsec computer consulting firm, told TT.