Repeat after me: You should not use the same password on multiple websites.
That’s an important lesson that thousands of bloggers are having to learn the hard way, after an extraordinary story broke in Sweden that involves Twitter, politics, password security and allegations that members of the national media were being spied upon.
Here’s the facts that we know so far.
Right-wing MP William Petzäll left the Sweden Democrats (SD) party late last month, announcing that he would be an independent member of parliament.
The news came following a very public struggle Petzäll had had with alcohol and prescription drug abuse.
Earlier this week, the 23-year-old politican was forcibly committed into care against his will, as he was deemed to be at risk of harming himself or others.
So far, nothing to do with computer security.
But yesterday, messages began to appear on William Petzäll’s Twitter account making the explosive accusation that SD leader Jimmie Åkesson and party secretary Björn Söder had hacked into the email accounts of Swedish journalists and their political opponents.
I can tell you that Söder and Åkesson had full access to everything that AB (Aftonbladet) and Expressen reporters had in their email for numerous years.
The messages on Petzäll’s Twitter account continued to produce “evidence”, publishing the email addresses and passwords (in the form of MD5 hashes) of leading journalists.
William Petzäll’s lawyer said that his client was not making the Twitter postings, and that he did not have access to the internet where he is hospitalized. In other words, the story from the Petzäll camp is that an unauthorised person has taken over the troubled politician’s Twitter account and making the controversial tweets.
But then things got even worse.
More than 90,000 passwords and usernames associated with the popular Swedish blog portal, Bloggtoppen.se, have been released – making it easy for anyone to break into accounts belonging to newspaper journalists, politicians and journalists.
Things wouldn’t be so critical, of course, if people weren’t using the same passwords on multiple websites.
A stark message currently greets visitors to Bloggtoppen:
Bloggtoppen is closed until further notice for system maintenance due to alleged hacking.
Unknown perpetrators have come across our user database containing usernames, email addresses and hashed passwords. This means that if you have used the same login information for other services on the web, it's likely these accounts could be hijacked. We recommend all users to immediately change the password on all accounts that use the same login information as here.
Further information will be forthcoming when we have had time to investigate and resolve the interference.
Today, the Aftonbladet newspaper has reported that a further 57 other websites have also been hacked, and the login details of up to 200,000 people are at risk.
This story is likely to run and run, but what’s important is how internet users respond to the news now. If you’re a computer user – whether you’re Swedish or not – it’s time to learn to use different passwords for different websites.
If you think you won’t be able to remember different passwords, use secure password vaults such as KeePass or 1Password.
Re-using passwords is a security disaster waiting to happen – because if your password gets stolen in one place, your whole online identity may be at risk.Follow @gcluley