news agency
The Minister of Digitization talks about another data leak.  And it translates with a password checker

The Minister of Digitization talks about another data leak. And it translates with a password checker

There has been another data leak. The Minister of Digitization announced that the securedane.gov.pl tool base will soon be supplemented with information from the new leak. He also explained why the portal did not work after launching.

At the beginning of the week, information about one of the largest data leaks on the Internet appeared. There are millions of passwords in the information file, including to Facebook, e-mail, mBank and ING Bank. Therefore, the government has launched a tool where you can check if these are our logins and they have not leaked. The Minister of Digitization Janusz Cieszyński explained on Twitter what caused the problem and why it was decided that the data could only be checked by using the Trusted Profile.

Cieszyński reported that the system is now stable. However, he added that In the meantime, we have received information about another leak – the database will soon be supplemented with this dataThe minister did not provide more details.

Data leak. The minister explains the problems with the operation of the system

CERT Polska received information about a large data leak on Monday evening. On Tuesday, the government decided that it needed to “publish information on this subject with a detailed description of the situation and recommendations for further action.”

“The main assumption was that in addition to the information that a given login (email) appeared in the leak in general (as it is reported, e.g. on Have I been pwned), the context was also provided. In this case, the context was the name of the website and a fragment of the revealed password Since publishing this context is not an obvious decision, we have implemented an additional security measure in the form of the need to authenticate This allows us to monitor whether, for example, someone is not sending serial queries to the system. SOME website was made available on the darknet, so in fact ALL used passwords should be changed” – explained Cieszyński.

However, the portal dealing with digital security, Sekurak, asked the minister whether logging in to the website using Trusted Profiles was necessary at all. “There is no 100% good solution (an alternative is to upload everything without logging in or uploading only the login). This is the best in my opinion, because you can check which website the leak was from and whether it was us (if there is only a login, not an e-mail) And in order not to fly such a wide range, we have PZ” – replied Cieszyński.

The Minister of Digitization also informed that the safedane.gov.pl tool was created by the Central Information Technology Center in less than 24 hours. To make this possible, ready-made parts of already functioning services had to be used.

Everything happened according to the procedures. Information about the start generated a lot of load and unavailability of the system at the time when we were uploading patches

– Cieszyński explained the problems with access to the website.

Data leak. Who could be at risk?

which is a Polish-language forum on the Tor network. A file called “.pl.txt” has been made available there, which has over 6.2 million lines. Each of them contains the address of the website from which the stolen data comes, as well as the login and password used on this website. The file is apparently a fragment of a larger whole, from which all lines containing the string “.pl” were selected.

“The format of the data points quite clearly to the source in the form of ‘stealer’ files – i.e. malware that, after infecting a computer, downloads from it all logins and passwords ever remembered by the browser and sends it to its creators. Data obtained in this way is one of the main elements of marketing among criminals, but they are rarely published in such wholesale quantities and for free. The website also explains that it is difficult to estimate the number of victims of this leak, but usually from a dozen to several dozen passwords can be leaked from one computer, so the number of victims may exceed 100,000. The following sites most often appear in the file:

  • Facebook (119,334 records)
  • Allegro (88,282 records)
  • .gov.pl (44,385 records)
  • Onet Poczta (28,747 records)
  • WP Mail (12,056 records)
  • x-com (10,761 records)
  • mBank (10,140 records)
  • Apricots (2672 records)
  • ING Bank (1227 records).

As we can see in the list, the file also includes data from the ING Bank Śląski website. . The bank blocked it and claims that it came from the database of one of the operators. At the moment, it is not known whether yesterday’s big data leak is in any way related to the leak of the payment penalty of some ING Bank Śląski customers.

Source: Gazeta

You may also like

Hot News

TRENDING NEWS

Subscribe

follow us

Immediate Access Pro