Approximately 2,100 Irish email addresses have been published alongside passwords from, presumably some Irish website where the victims signed up for something. The list of email addresses includes gmail, hotmail, banking institutions, universities and HSE addresses.

I was not sure if I should post on this story or not due to the its sensitive nature. By making this blog post I am helping to publicise a story where the facts of the story are not yet clear. This is the problem reporting on this story so far indicates that Irish email addresses have been compromised but my understanding is that this is not the case. A number of Irish people have been the victims of a security vulnerability on a web site which they used at some point in the past. The problem is that some people use the same password for multiple sites and services. If you are one of these people then your email may have been compromised. You should change your password immediately and change it on any other accounts that you have also.

The story was originally mentioned on Morning Ireland on May 14th in which they claim up to 3,000 Irish users may have been compromised. There are two discussions taking place on askaboutmoney.com and they have published the list of emails there also. The Gardaí Fraud Unit are in contact with many of the email providers and are advising them of the actions to be taken.

I am not sure if I agree with the republishing of the list as it can reflect badly on some of the people and organisations who have had their email address published due to inaccurate reporting. Spam robots will also pick up these email addresses as they were posted on a public forum. But on the other hand if your email address is on the list you would like to do know about it. It is a difficult decision to make, luckily I did not have to make it. The list has been republished on askaboutmoney.com minus the passwords and if you do some research you can find the original hackers forum with the complete list.

We can we learn from this?

• Do not use the same password for multiple sites. I know I use 'levels' of passwords, when I sign up for something trivial but it requires an account I use one particular password which I do reuse, however any sites that hold credit card data or my email accounts all use different strong passwords.
• Only use your work email address for work related sites.
• No matter how much emphasis you place on your personal online security you and your online reputation are still at risk when your details are trusted to others.

Dave

--

If you liked this article then you can:

• Subscribe to our Blog RSS feed
• Become a fan of webpayments.ie on Facebook
• Follow us on Twitter

Related Blog Posts:

• Details of the Twitter attack revealed.
• Thousands of Hotmail passwords leaked online