20K Employees of Swiss Authorities Found in the 'Collections' Data Dump
In January, security specialist Troy Hunt analyzed a data dump of more than 770 million email addresses and 21 million passwords that was traded for free on hacking forums. The database had been compiled from hundreds if not thousands of different breaches, and it was dubbed 'Collection #1'. It wasn't long before Collections #2, #3, #4, and #5 broke the surface as well.
It's still not clear where the emails and passwords come from, and many people argue that most of the details are quite old and therefore irrelevant. There's no escaping the fact, however, that billions of records are changing hands at the moment, and there are quite a few people who would like to know who is affected. Timo Grossenbacher and Julian Schmidli, two journalists working for Schweizer Radio und Fernsehen (SRF), a Swiss broadcasting company, got the chance to take a look.
At least 3 million Swiss records found in the "Collections"
Predictably, the journalists wanted to find out how many Swiss users are in the database, but it was clear from the very start that this is simply not possible. For one, people tend to have more than one email address which means that 2 billion compromised records don't equate to 2 billion users who have had their data stolen. In addition to this, it's often difficult to determine the nationality of a user just by looking at their email address, especially if it's registered with an international provider like Gmail.
The only thing Grossenbacher and Schmidli could do was look at the addresses that ended with one of the two Swiss TLDs – .ch and .swiss. The journalists found a total of 3 million matches. In the grand scheme of things, this might not seem like all that much. Consider the fact that the whole population of Switzerland sits at a little over 8.5 million, however, and you'll see that the number is significant.
SRF's reporters weren't done, though. After digging deeper into the data, they stumbled upon a few familiar email addresses.
20,000 records connected to Swiss authorities
It's safe to say that certain cybercriminals won't mind having access to some of these emails. 100 of them belong to employees of Skyguide – a company that monitors Switzerland's airspace. About 800 of the Swiss national postal service's emails have ended up in the dump, and a few hundred more seem to belong to various regional police departments. 4 thousand emails of the national railway company and about 12 thousand accounts of people working in local administration are also in the dump. 2,500 of the exposed emails belong to federal government employees, and 500 records are connected to the Swiss Army.
High-ranking officials are also in the dump
In organizations such as the ones listed above, even low-level employees have access to some sensitive data. In this case, however, we're not just talking about low-level employees.
Grossenbacher and Schmidli found the email addresses and passwords of people like:
- Thomas Jordan, the President of the Swiss National Bank
- Philippe Rebord, the Chief of the Swiss Armed Forces
- Markus Seiler, Secretary General of the Department of Foreign Affairs who was previously working for Switzerland's intelligence services
The data of a couple of dozen former parliamentarians and Federal Councilors is also in the Collections.
Were Swiss authorities hacked?
In light of all this, you'd be forgiven for thinking that these organizations somehow lost the data of their employees. When asked about it, however, spokespeople told SRF that Swiss authorities' systems have not been compromised in any way. If this is indeed the case, it means that some of the people working at the affected institutions have been using their office accounts for purposes that might not be connected to their work. The PR people announced that they'll have a word with the employees about it, and most of them said that Two-Factor Authentication has already been implemented which further mitigates the risk.
They all seem to agree that no data has been put at risk at the moment, but even if we assume that this is correct, we shouldn't underestimate the importance of SRF's findings. The situation needs to be analyzed closely, and the lessons must be learned.