Advertisement

Lexbase goes offline following hacker attack

TT/The Local/dl
TT/The Local/dl - [email protected]
Lexbase goes offline following hacker attack
A user performs a search on Lexbase.se. File photo: Per Larsson/TT

Controversial criminal-tracker website Lexbase, on which people see their neighbours' criminal records, was closed after a hacker attack allowed personal information on thousands of Swedes to leak online.

Advertisement

Internet service provider Bahnhof, which rented server space to Lexbase, decided to close the database due to security problems.

"We received a report from our tech division that security holes in Lexbase may have allowed account information of people who purchased court rulings to leak out online," Bahnhof spokesman Jon Jordås told the TT news agency.

Launched on Monday, Lexbase allowed users to search its database for names of convicted criminals. The service also allowed people to search by address, providing a map with red dots representing addresses where people with criminal convictions live.  Registered users could then pay a fee and download court documents related to people's convictions.

Earlier on Wednesday, the Dagens Nyheter (DN) newspaper had received a file with over 100,000 entries extracted from Lexbase that included the personal identity number (personnummer) and citizenship.

Swedish tech magazine Computer Sweden was also given a demonstration revealing it was possible to download court rulings without paying.

Jordås at Bahnhof was unable to confirm whether or not users' credit card information may have been stolen in the hacker attack, but warned there were "strong indications that that's the case". He added that the attack, first discovered by Bahnhof, took place throughout much of the day on Wednesday before intensifying during the evening.

Lexbase sparked controversy from the moment it was launched, with privacy advocates calling for changes in Sweden's constitution to ensure that protections in place to protect the press and publishers do not trump personal information laws. On Tuesday, the service's spokesman resigned after reportedly receiving death threats.

The head of Sweden's Data Protection Board (Datainspektionen) used an op-ed in DN to voice her concern that Sweden's constitution needs to be updated to help resolve the "undeniable paradox that anyone who has a website and a publishing licence can freely handle information in a way that police are prohibited from doing".

On Wednesday, however, Prime Minister Fredrik Reinfeldt cautioned that changing the constitution was not the right way to go.

"There can be reason to look at it in a future inquiry but it will end up being hard to change, for the simple reason that we're talking about constitutionally-based rights and freedoms," he told TT. 

On Thursday, Bahnof announced that Lexbase could be reopened once the security problems were addressed.

More

Join the conversation in our comments section below. Share your own views and experience and if you have a question or suggestion for our journalists then email us at [email protected].
Please keep comments civil, constructive and on topic – and make sure to read our terms of use before getting involved.

Please log in to leave a comment.

See Also