The National Cyber Security Center (NCSC) will collaborate with Australian cybersecurity specialist Troy Hunt. The advisory body on cybersecurity and information security will have access to the Have I Been Pwned database. In this way, the agency can check whether there are e-mail addresses of Dutch civil servants in the database.
For this reason, Troy Hunt came up with Have I Been Pwned
The Australian security researcher has been running an online database under the name ‘Have I Been Pwned’ for years. It contains the largest international data breaches that have taken place in the past. In it, he not only mentions the companies that have been attacked by hackers but also which data has been stolen. The database includes names, email addresses, phone numbers, passwords, geographic locations and social media accounts.
Due to the recent data breaches at Facebook and LinkedIn, these tech companies are listed in Have I Been Pwned. However, naming and shaming is not what Hunt had in mind when he set up the database. The bottom line is that he has devised an online tool that allows potential victims of data breaches to check whether their data has been stolen, and if so, which data. They can then take measures to prevent abuse, such as identity fraud, phishing, spamming, friend-in-emergency fraud and hijacking of their online accounts.
Hunt is happy that the Netherlands is using his service
Have I Been Pwned has had an Application Programming Interface or API for some time now that allows users to retrieve data from the database. The National Cyber Security Center (NCSC) is the 24th organization to gain access to the API. This costs the organization nothing: access is complete and free.
With the access, the NCSC can monitor whether e-mail addresses of civil servants or politicians exist in the database. In order to limit the consequences of this mention as much as possible, the agency warns the victims.
Troy Hunt is pleased that the NCSC is using his service. “Understanding the impact of data breaches helps defenders protect national security and I am delighted that the Netherlands is joining so many other countries in adopting this service,” he writes in a blog post.
Dutch companies are also featured in Have I Been Pwned
Have I Been Pwned contains more than 11.4 billion accounts whose data has ended up on the streets in the (recent) past. In addition to Facebook and LinkedIn, various Dutch companies and organizations are also included in the Troy Hunt database. One of them is the Royal Dutch Cycling Union (KNWU). Last November, hackers managed to steal the personal and contact details of 90,000 KNWU members. The cycling club said the hacking attack had no direct consequences for members but did advise that the password be changed as soon as possible.
Another prominent name mentioned in the Have I Been Pwned database is Ticketcounter. The company manages the reservation system for a large number of Dutch zoos and amusement parks. Because an employee accidentally placed the customer data of one and a half million Dutch people on an unsecured server, a hacker managed to steal this data in March. The attacker demanded 7 bitcoins, which were worth 285,000 euros at the time, not to make the data public. Sjoerd Bakker, director of Ticketcounter, refused to pay the ransom.
Hunt said he had added the data of 1.9 million Dutch people to his database. This involved names, residential addresses, IP addresses, gender, dates of birth, order histories and in some cases bank account numbers. About 60 per cent of the e-mail addresses were already mentioned in Have I Been Pwned. This means that these e-mail addresses were stolen during a previous data breach.
Catch up on more articles here
Follow us on Twitter here