Bank staff passwords published on hacking website
GARDAI have been notified of the discovery of thousands of email addresses and passwords on a specialist hackers' website, many of which belong to bank and civil service employees.
The potentially sensitive information was found last week by a digital data protection company, which then contacted the Garda Computer Crime Investigation Unit.
Among the list of some 6,700 emails and passwords are individuals based at the Revenue Commissioners, Bank of Ireland, AIB and the Health Service Executive (HSE). The vast majority, however, appear to belong to private email accounts.
It is understood that the list was of subscribers to an online company which has been out of business for the last number of years.
The passwords are most likely specific to that defunct website rather than to sensitive private accounts.
However, it is common for people to use the same passwords across several accounts, including work log-ins.
Tom O'Connor of the Irish company Databackup.ie made the discovery last Friday and said he would also be reporting it to the office of the Data Protection Commissioner.
"It contains email addresses from the Revenue, the HSE, AIB and private companies," Mr O'Connor said.
"Tomorrow we are going to go online and tell (those on the list) that their passwords and emails have been posted on the web and it is best practice to change them.
"I know myself that I have passwords that I use for emails which I will probably use for websites that I am giving my credit card details to."
John Kennedy, who is the editor of the website Silicon Republic said the provider of the original webpage had a legal obligation to protect the information.
It appears that once the company went out of business it was unaware that the list of information regarding its client base remained live on a server.
Once there, it was a straightforward task for a hacker to access and share the data online.
"If you set up a business online today and you want to have customers who email you with information; if you are gathering that information you have a legal responsibility to protect it," Mr Kennedy said.
"If you go out of business you have to make sure that information is not sitting on a server somewhere," he added.