Advertisement

Lexbase goes offline following hacker attack

Share this article

A user performs a search on Lexbase.se. File photo: Per Larsson/TT
09:34 CET+01:00
Controversial criminal-tracker website Lexbase, on which people see their neighbours' criminal records, was closed after a hacker attack allowed personal information on thousands of Swedes to leak online.

Internet service provider Bahnhof, which rented server space to Lexbase, decided to close the database due to security problems.

"We received a report from our tech division that security holes in Lexbase may have allowed account information of people who purchased court rulings to leak out online," Bahnhof spokesman Jon Jordås told the TT news agency.

Launched on Monday, Lexbase allowed users to search its database for names of convicted criminals. The service also allowed people to search by address, providing a map with red dots representing addresses where people with criminal convictions live.  Registered users could then pay a fee and download court documents related to people's convictions.

Earlier on Wednesday, the Dagens Nyheter (DN) newspaper had received a file with over 100,000 entries extracted from Lexbase that included the personal identity number (personnummer) and citizenship.

Swedish tech magazine Computer Sweden was also given a demonstration revealing it was possible to download court rulings without paying.

Jordås at Bahnhof was unable to confirm whether or not users' credit card information may have been stolen in the hacker attack, but warned there were "strong indications that that's the case". He added that the attack, first discovered by Bahnhof, took place throughout much of the day on Wednesday before intensifying during the evening.

Lexbase sparked controversy from the moment it was launched, with privacy advocates calling for changes in Sweden's constitution to ensure that protections in place to protect the press and publishers do not trump personal information laws. On Tuesday, the service's spokesman resigned after reportedly receiving death threats.

The head of Sweden's Data Protection Board (Datainspektionen) used an op-ed in DN to voice her concern that Sweden's constitution needs to be updated to help resolve the "undeniable paradox that anyone who has a website and a publishing licence can freely handle information in a way that police are prohibited from doing".

Story continues below…

On Wednesday, however, Prime Minister Fredrik Reinfeldt cautioned that changing the constitution was not the right way to go.

"There can be reason to look at it in a future inquiry but it will end up being hard to change, for the simple reason that we're talking about constitutionally-based rights and freedoms," he told TT. 

On Thursday, Bahnof announced that Lexbase could be reopened once the security problems were addressed.

Share this article

Advertisement
Advertisement
Advertisement
Advertisement

Popular articles

Advertisement
Advertisement