Skip to main content

U.K. Parliament members lose email access after a wide-reaching hack

cyberattack uk parliament
The latest victim of a cyberattack is none other than the U.K. Parliament. On Saturday, a hack resulted in authorities disabling the governing body’s communications. This action was taken to prevent the attack from spreading further and potentially causing additional damage, according to a House of Commons spokesperson. Specifically, security teams disabled Parliament’s access to email if members were trying to log on from outside official buildings. However, computers within the premises maintained normal operations.

“We have discovered unauthorized attempts to access accounts of parliamentary networks users and are investigating,” said the House of Commons spokesperson.

Related Videos

The report came just a couple days after British publication The Times determined that passwords of British cabinet ministers, ambassadors, and senior police officers were traded online as a result of a Russian hack. On Friday, the newspaper found that tends of thousands of government official credentials were “sold or bartered on Russian-speaking hacking sites” before being made available for free. Log-in details of 1,000 British MPs and parliamentary staff, along with police employees and more than 1,000 Foreign Office officials were compromised; also among the affected was the head of IT.

The Times further reported that many of the passwords actually came from a 2012 hack of LinkedIn, but “also include material previously unknown to security experts.” It seems, however, that part of the vulnerability was the result of human error. While government officials were allegedly warned to use strong passwords in order to mitigate the possibility of a hack, the results of the leak show that many compromised passwords were easy to guess. For example, a senior politician apparently used the name of their home country followed by a number, whereas another used a relative’s surname.

The National Cyber Security Centre (NCSC), the U.K.’s defense against such attacks, noted that it would provide guidance to affected departments on how best to proceed. The National Crime Agency also released its own statement, noting, “Parliament has robust measures in place to protect all of our accounts and systems, and we are taking the necessary steps to protect and secure our network.” And as these sorts of attacks become increasingly commonplace, these steps will only become more important.

Editors' Recommendations

This free service just hit a huge website security milestone
global internet usage one zettabyte computer server room information cloud web net

One of the most important security features that protect your personal data as you browse and interact with various websites is enabled by a free service from a company called Let's Encrypt. As the name implies, this involves encrypting data to make it more difficult for your information to be intercepted in a readable form.
Website encryption is incredibly important on shopping websites since you usually need to fill out a form with your email address, shipping address, and phone number in order to get updates on the order status and receive the items you've ordered. Even more sensitive than your contact information and address, your payment information is needed to pay for that awesome, new tech, kitchen gadget, or toy.

In the early internet, encryption wasn't as common as it is today, and Let's Encrypt has played a huge role in making website security universal across the World Wide Web. Starting in 2015, Let's Encrypt took steps to ease the burden of encryption which came at a significant cost that was prohibitive for small businesses compared to the relative ease of creating a website today. Beyond the expense of ordering a Secure Sockets Layer certificate (SSL), which could cost hundreds of dollars each year, it wasn't easy to install this technology on a website. That meant most small websites were not encrypted.

Read more
Typos can get you hacked in latest cybersecurity threat
A faceless hooded hacker busily types on a laptop.

Even a simple and common error like mistyping a domain name can lead to cybersecurity attacks, the latest in the ongoing barrage of malware. Known as URL hijacking or "typosquatting," this social engineering technique is built upon the knowledge that it's easy to hit the incorrect key and end up visiting the wrong website.

With very little effort, a hacker can copy images, fonts, and text to construct a malware website that looks like PayPal, Google Wallet, Microsoft Visual Studio, MetaMask, and other popular websites. These fake websites are also used in phishing campaigns of all sorts since the similarity of the domain name is useful for a whole variety of confidence stings.

Read more
Microsoft data breach exposed sensitive data of 65,000 companies
A depiction of a hacker breaking into a system via the use of code.

Microsoft servers have been subject to a breach that might have affected over 65,000 entities across 111 countries, according to the security research firm, SOCRadar.

SOCRadar claims that it shared with Microsoft its findings, which detailed that a misconfigured Azure Blob Storage was compromised and might have exposed approximately 2.4TB of privileged data, including names, phone numbers, email addresses, company names, and attached files containing proprietary company information, such as proof of concept documents, sales data, product orders, among other information.

Read more