The passwords and personal information of several hundred Norwegian politicians and diplomats have been leaked in connection with attacks on social media and computer cloud services. Those using Adobe, Dropbox and LinkedIn reportedly are among the victims.
Just a week after news broke that hackers believed to be working for Russian intelligence had attacked the Nowegian Labour Party, the foreign and defense ministries and even Norway’s own intelligence service, newspaper VG reports that top Norwegian officials are also among millions of people worldwide whose user names, passwords and other personal information have been stolen.
VG reported that more than 700 politicians, embassy employees and state workers are affected including the chief of staff for Prime Minister Erna Solberg, Julie Brodtkorb, and seven others in the Office of the Prime Minister. Top politicians believed to be affected include Trine Skei Grande, leader of the Liberals Party along with Health Minister Bent Høie and EU Minister Frank Bakke-Jensen of the Convervative Party.
“In attacks on services like LinkedIn (which is used by many professionals for network-building and career enhancement), much of the information obtained is likely to be sold on to parties that will exploit it,” Håkon Bergsjø of the state national security authority NSM told VG. He said it’s not unusual that passwords can also be posted publicly on the Internet.
VG was able to search its way through to several examples of that, and found 114 people who used the Parliament’s email address “@stortinget.no.”
Rebekka Gundhus, head of the Parliament’s information technology division, said she and her staff were aware of the problem. Warnings, however, generally need to be sent out by the services that actually have been attacked or breached, Gundhus said.
Bergsjø stressed that the leaks point up the importance of having and using different passwords for different online services, and changing them often.
Tom Waller, a spokesman for Dropbox, insists that “all our passwords are hashed and salted, we were not hacked.” Dropbox posted information in August regarding the need to reset passwords to keep its users’ passwords safe. It can be accessed here (external link to the Dropbox blog).