At least 40,000 civilian and military users of government websites in the U.S. and more than 30 other countries have had their credentials leaked online, exposing them to potential criminal attacks, according to Group-IB, a Russian cyber-forensics firm.

Hundreds of user accounts on the websites of the U.S. Senate, the Internal Revenue Service, the Department of Homeland Security and NASA were among those affected by the data leaks, the company said Dec. 11 in an emailed statement.

The sites of the Israel Defense Forces, the Italian defense and foreign ministries, and Norway’s Directorate of Immigration were also compromised, as well as government portals in France, Poland, Romania, Switzerland and Georgia, the company said.

Key Insights

  • 52 percent of the victims detected by Group-IB were in Italy, followed by Saudi Arabia with 22 percent.
  • Attacks in the U.S. took place in the past 12 months and in other countries since June last year, Group-IB said, adding that it warned authorities of what it found.
  • Users’ data may have been sold online “on underground hacker forums or used in targeted attacks to steal money or exfiltrate sensitive information,” the company said.
  • Cyber criminals and state-sponsored groups that are “specialized in sabotage and espionage” may also buy the information.
  • Hackers used keylogger programs and formgrabbers to steal the information, Group-IB said, without identifying any of them.

2018 Bloomberg L.P. All rights reserved. Used with permission