PM, Top Politicians, Millions of Ordinary Swedes Targeted in Major Data Leak

In the course of its work to reveal the scope of cyber threats against Swedish society, SVT tracked down information on millions of Swedish accounts, which have been made public. The information is available on numerous online forums, which hackers use for sharing data, and includes details on usernames, e-mails and passwords from earlier major leaks, including LinkedIn, Yahoo and ticket reservation system Biljettnu, but also lesser-known Swedish websites on films, lifestyle, training and gaming.

"It was a very easy task. You only need to have a rough knowledge what websites should be checked out. Some of them are very public, whereas others demand registration in order to gain full access, but it is certainly not difficult. Some databases [with leaked data] are sold if they are extra sensitive or valuable, but many are only shared," Dan Egerstad, a former hacker working with IT told SVT.

Among the victims there are journalists from major Swedish media, MPs, judges, students, National Defense Radio Establishment staff, police officers and staff at the Royal Dramatic Theater, to name a few. Among those affected are Prime Minister Stefan Löfven, Education Minister Gustav Fridolin and other MPs. In total, SVT's list of victims includes 280 government e-mail addresses.

"At first I thought this could not be true. You instantly think of stories of people who have been deprived of their identity, and exploited both financially and in other ways. I don't think this is somewhere anyone would want to end up," says Krister Örnfjäder, member of the parliamentary committee on foreign affairs told SVT.

The revealed leak may prove to have far-reaching consequences. Since users are prone to use the same password everywhere, perpetrators may gain access to a variety of services, including personal correspondence. Given that culprits get access to a person's account on a dating site or a film forum, the same password is likely to be tested on their Facebook or Twitter profile and e-mail account. If the password is the same, which is not unlikely, the hacker will succeed in entering.

"Every day I hear from people who had their e-mail, Facebook, Twitter or Instagram account hacked. Most often the users don't understand that it stems from their habit of using the same password everywhere. This is the biggest security threat today and has been historically," Dan Egerstad told SVT.

SVT has created a site where users can check whether their account has been hacked.