Millions of Swiss E-mail addresses and hacked passwords are circulating on the Internet, including for accounts of government ministers, members of the army and thousands of federal employees, according to Swiss broadcasters RTS and SRF.
The report is based on their analysisexternal link of “Collection #1-5", a database of stolen passwords and nearly 2.2 billion E-mail addresses that started circulating on the Web in January. Among them are 3.3 million addresses ending in the Swiss domain.ch.
These include three federal government members and at least 20 members of cantonal governments, as well as the current head of the army Philippe Rebord. Around one-fifth of the 2,500 federal addresses affected belong to the Swiss armed forces.
Army spokesman Daniel Reist told SRF that the army is aware of the problem and that the employees concerned had been personally informed in January. “In order to minimize risk and increase private security, we recommend changing as many passwords as possible,” he said.
SRF notes that the risk for the army could be classified as low since these were private accounts. It also said that because the army uses several factors to log into its systems, passwords alone are of little value to attackers.
Foreign minister Ignazio Cassis is among the federal government members figuring in the hacked account information. RTS says it identified three addresses for Cassis, including two former official addresses, which all used the same password.
When contacted by RTS, Cassis stated that only his private address is still active and that the password was not valid for that address. He added that his professional E-mails were “managed by federal specialists and meet high security criteria”.
This database does not necessarily provide direct access to users’ inboxes, and some of the information relates to accounts hacked years ago, but they do open gaps in security, especially for people who often use the same password for different services, writes RTS.
RTS and SRF/jc