The UK Parliament email system and remote access to it has been locked down after an attempt to access the accounts of hundreds of MPs, Lords, aides and staff was made by an unauthorized party.
According to the Independent, security services shut down access for anyone not in Westminster as part of efforts to secure the network.
“The Houses of Parliament have discovered unauthorized attempts to access parliamentary user accounts,” a parliamentary spokesperson told The Independent. “We have systems in place to protect member and staff accounts and are taking the necessary steps to protect our systems.”
An email was sent to anyone using a parliamentary address, warning of “unusual activity and evidence of an attempted cyber-attack”.
According to the Huffington Post, users in the Commons and Lords were targeted by attackers seeking out those using weak passwords, and in response, security teams “made changes”, including curbs on remote access and mobile phone accounts, to prevent the attackers accessing the system.
The news follows reports, including by The Times, which reported that attackers based in Russia had put passwords belonging to senior ministers, ambassadors and senior police officers for sale online. That information was believed to have be related to breaches from LinkedIn, MySpace and other websites, with many passwords “easy to guess” incorporating memorable numbers and relatives’ names.
The email sent to staff confirmed that government was working with the National Cyber Security Centre (NCSC) ‘to identify the method of the attack and have made changes to prevent the attackers gaining access’.