“We have discovered unauthorized attempts to access accounts of parliamentary networks users and are investigating,” said the House of Commons spokesperson.
The report came just a couple days after British publication The Times determined that passwords of British cabinet ministers, ambassadors, and senior police officers were traded online as a result of a Russian hack. On Friday, the newspaper found that tends of thousands of government official credentials were “sold or bartered on Russian-speaking hacking sites” before being made available for free. Log-in details of 1,000 British MPs and parliamentary staff, along with police employees and more than 1,000 Foreign Office officials were compromised; also among the affected was the head of IT.
The Times further reported that many of the passwords actually came from a 2012 hack of LinkedIn, but “also include material previously unknown to security experts.” It seems, however, that part of the vulnerability was the result of human error. While government officials were allegedly warned to use strong passwords in order to mitigate the possibility of a hack, the results of the leak show that many compromised passwords were easy to guess. For example, a senior politician apparently used the name of their home country followed by a number, whereas another used a relative’s surname.
The National Cyber Security Centre (NCSC), the U.K.’s defense against such attacks, noted that it would provide guidance to affected departments on how best to proceed. The National Crime Agency also released its own statement, noting, “Parliament has robust measures in place to protect all of our accounts and systems, and we are taking the necessary steps to protect and secure our network.” And as these sorts of attacks become increasingly commonplace, these steps will only become more important.
