Lexbase goes offline following hacker attack
Published: 30 Jan 2014 09:34 GMT+01:00
Updated: 30 Jan 2014 09:34 GMT+01:00
Controversial criminal-tracker website Lexbase, on which people see their neighbours' criminal records, was closed after a hacker attack allowed personal information on thousands of Swedes to leak online.
- Lexbase official quits as controversy rages (28 Jan 14)
- 'Crime record site shows Sweden's constitution needs to be rewritten' (28 Jan 14)
- Site lets Swedes snoop on friends' criminal past (27 Jan 14)
Internet service provider Bahnhof, which rented server space to Lexbase, decided to close the database due to security problems.
"We received a report from our tech division that security holes in Lexbase may have allowed account information of people who purchased court rulings to leak out online," Bahnhof spokesman Jon Jordås told the TT news agency.
Launched on Monday, Lexbase allowed users to search its database for names of convicted criminals. The service also allowed people to search by address, providing a map with red dots representing addresses where people with criminal convictions live. Registered users could then pay a fee and download court documents related to people's convictions.
Earlier on Wednesday, the Dagens Nyheter (DN) newspaper had received a file with over 100,000 entries extracted from Lexbase that included the personal identity number (personnummer) and citizenship.
Swedish tech magazine Computer Sweden was also given a demonstration revealing it was possible to download court rulings without paying.
Jordås at Bahnhof was unable to confirm whether or not users' credit card information may have been stolen in the hacker attack, but warned there were "strong indications that that's the case". He added that the attack, first discovered by Bahnhof, took place throughout much of the day on Wednesday before intensifying during the evening.
Lexbase sparked controversy from the moment it was launched, with privacy advocates calling for changes in Sweden's constitution to ensure that protections in place to protect the press and publishers do not trump personal information laws. On Tuesday, the service's spokesman resigned after reportedly receiving death threats.
The head of Sweden's Data Protection Board (Datainspektionen) used an op-ed in DN to voice her concern that Sweden's constitution needs to be updated to help resolve the "undeniable paradox that anyone who has a website and a publishing licence can freely handle information in a way that police are prohibited from doing".
On Wednesday, however, Prime Minister Fredrik Reinfeldt cautioned that changing the constitution was not the right way to go.
"There can be reason to look at it in a future inquiry but it will end up being hard to change, for the simple reason that we're talking about constitutionally-based rights and freedoms," he told TT.
On Thursday, Bahnof announced that Lexbase could be reopened once the security problems were addressed.