In Finland’s 3rd largest data breach it is estimated that around 130,000 Finnish users have their passwords compromised.
Finnish Communications Regulatory Authority (FICORA) has warned its users about the huge data hacking in a website which is maintained by the New Business Centre in Helsinki called Helsingin Uusyrityskeskus. It is a company that provides business advice to entrepreneurs and help them create right business plans.
The hackers took control of the website (http://liiketoimintasuunnitelma.com) and managed to steal the usernames and passwords of more than 130,000 user. These credentials were stored as plain text without encrypting on the site.
The breach was noticed on 3rd April and soon the company took down the affected website and a banner has been put on its homepage noticing that it is “Under Maintenance” and also a press release about the breach.
Jarmo Hyökyvaara, Chairman of the Board of the New Business Centre of Helsinki apologizes that they are sorry to the people who have been affected due to this data breach. He also mentions that they were not yet been able to know the exact number of people and what information has been affected. They have already filed an offense report and the people need not do so individually. The responsibility for the maintenance and security of the service was by the subcontractor but the security of the service has not been enough to prevent this kind of attack. The company takes responsibility for this mistake as a subscriber and owner of the service.
The company also ensures that all the detailed information of their customers is stored on a different system, and it is not affected by the data breach.
The Helsinki police is currently investigating on this case as a gross fraud. When the website is back, the users having account in the website are advised to change their passwords. It is also necessary that since the plain-text passwords have been know to the attackers it is always better to change their passwords for any other website if they are using the same passwords for other sites as well.