180,000 Swedes at risk following password-hacking spree
Registered members of around 60 popular Swedish websites are in danger of having their stolen login credentials misused by cyber crooks in the wake of the biggest ever password hacking incident to hit the country.
It all started with the Twitter account of former Sweden Democrat MP William Petz?¤ll spewing out tweets containing email addresses and MD5 hashes of passwords of top Swedish journalists, accompanied by the claim that Sweden Democrat leader Jimmie Åkesson and party secretary Bj?¶rn S?¶der have had access to the email accounts of reporters from two of the most important Swedish newspapers (Aftonbladet and Expressen) for years.
Petz?¤ll, who is currently battling addiction and has been hospitalized claims that his Twitter account has been hijacked, and declines responsibility for the recent tweets, reports The Local.
In the meantime, the popular Swedish blogging portal Bloggtoppen.se has announced that usernames and passwords of over 90,000 of its users have been exfiltrated and released, and among them are those belonging to various politicians and journalists.
“Someone apparently discovered a weakness in the code that lies behind the service,” commented the site’s operator Jimmy Holmlund, and advised users to immediately change their login credentials on Bloggtoppen and every other website where they have used the same combination of username and password.
But that was not the end. Today the Aftonbladet reported that 57 other websites had their user databases hacked and the information within them exposed, leaving 180,000 Swedes at risk of having other online accounts hacked and misused.
The newspaper’s investigation revealed that the breaches were perpetrated back in August by a individual going by the handle “sc3a5j”, who published some of the information on his own Twitter account.
Having attracted very little attention, he has probably decided to hack into the account of a more high-profile user (Petz?¤ll) and use it to reach a wider public. Apparently, his (or hers) intention was to show that the user’s information wasn’t managed as it should have been.
It is hard to tell if today’s revelation is the one that will be concluding this string of breaches – let’s hope that it is. The Swedish police has been informed of all these happenings and has mounted an investigation into the matter, and the compromised users are advised to effect password changes across their various accounts.