Thousands of civil servants have password exposed for over a year in 'particularly dangerous' incident

News
By published

Hundreds of unique passwords were found on the dark web

Password recovery concept image showing man typing on a keyboard with an overlay imitating password recovery and data recovery principles
(Image credit: Shutterstock)
  • Over 3,000 UK civil servant passwords were found exposed on the dark web
  • Many passwords were weak, risking public institutions and national interests
  • Ministry of Justice was most affected; report urges better cyber hygiene

Hundreds of civil servants, working in national and regional organizations in the United Kingdom, have had their business passwords exposed on the dark web, showing that public organizations are no better than their private counterparts when it comes to safeguarding important secrets.

This is according to password manager firm NordPass, and threat exposure management platform NordStellar. The two organizations recently cross-referenced more than 5,500 organizations in six countries (the US, UK, Canada, France, Italy, and Germany), based on their email domains - the research found a total of 3,014 passwords exposed on the dark web.

They included national and federal parliaments, governments, Presidents’ administrations, as well as local and regional governments, municipalities, and other public institutions.

Reusing weak passwords

“Exposure of sensitive data, including passwords, of civil servants is particularly dangerous. Compromised passwords can affect not only organizations and their employees but also large numbers of citizens. Moreover, such incidents may also pose serious risks to a country’s strategic interests,” Karolis Arbačiauskas, head of product at NordPass, commented on the findings.

In the report, the two organizations said that many passwords were recurring, either because a person used the same password across multiple emails/accounts, or because multiple people used the same password for their accounts.

If this sounds strange, the report also stressed that many of the exposed passwords were weak and easy to guess. Therefore, it is possible that multiple people had passwords such as “12345678”, or “password”.

With 36 unique exposed passwords, the Ministry of Justice was the most affected public institution, followed by the Ministry of Defence (32), Aberdeen City Council (23), and the Department for Work and Pensions (20).

Proper password hygiene is a crucial step in cybersecurity, the NordPass/NordStellar report argues. That includes creating strong passwords, making sure every service has a unique one, and that these passwords are rotated/changed frequently.

If you think your password might be on the weaker side, we've created a guide on making a safe secure password to help out.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.