GovTech, MOH among govt agencies with compromised logins on sale online

CREDENTIALS from several government agencies and educational institutions, as well as more than 19,000 compromised payment cards from banks in Singapore, have been put up for sale online by hackers.

Russian cybersecurity company Group-IB revealed on Tuesday that it discovered the user log-ins and passwords from several government organisations on the dark Web over the last two years. The compromised payment card information, which it said was valued at more than S$600,000, was found last year.

According to a press release from Group-IB, the organisations involved include the Government Technology Agency (GovTech), Ministry of Education, Ministry of Health and the Singapore Police Force, as well as the National University of Singapore.

A Smart Nation and Digital Government Group spokesman told The Straits Times that GovTech was alerted to the presence of email credentials in illegal data banks in January this year.

The spokesman said: "These credentials comprise email addresses and passwords provided by individuals. Around 50,000 of these are government e-mail addresses. They are either outdated or bogus addresses, except for 119 of them which are still being used.

"As an immediate precautionary measure, all officers with affected credentials have changed their passwords. There are no other information fields exposed apart from the email address and password."

He added that the credentials were leaked not from government systems, but from the use of these government email addresses for the officers' personal and non-official purposes.

"Officers have been reminded not to use government email addresses for such purposes, as part of basic cyber hygiene," he said.

Dmitry Volkov, the chief technology officer and head of threat intelligence at Group-IB, said the compromised credentials could be used for cybercrime and spying.

"Users' accounts from government resources are either sold in underground forums or used in targeted attacks on government agencies for the purpose of espionage or sabotage," he said.

"Even one compromised account, unless detected at the right time, can lead to the disruption of internal operations or leak of government secrets."

Group-IB also said that Singapore is "drawing more and more attention" from financially motivated hackers every year. According to its data, compared to 2017, the number of leaked cards went up last year by 56 per cent.

The discovery comes after a string of breaches and cyberattacks in the public and private sectors.

Last June, the personal data of 1.5 million patients of healthcare cluster SingHealth, including Prime Minister Lee Hsien Loong, was stolen in the country's worst cyber attack.

Other breaches included the illegal access of 72 HealthHub accounts last October, the online leak of personal information of 14,200 patients from the HIV Registry and improper handling of data belonging to more than 800,000 blood donors by a vendor last week.

Earlier this month, The Straits Times reported that insurance company AIA was checking all its systems after one of its Web portals, which contained the personal information of more than 200 people, was found to be publicly accessible.

THE STRAITS TIMES