50,000 government-linked email credentials found in illegal data banks

Most are either outdated or bogus addresses, but 119 are still being used.

Around 50,000 of credentials linked to government email addresses were found in illegal data banks. Whilst most were outdated or bogus addressed, 119 are still being used, a Smart Nation and Digital Government Group spokesperson said in a statement.

This is in response to a report by Group-IB that in 2017-2018, users’ logins and passwords from the Government Technology Agency (GovTech), Ministry of Education, Ministry of Health, Singapore Police Force (SPF) website, National University of Singapore (NUS) learning management system and many other resources were stolen by cybercriminals. GovTech was notified of the incident in January 2019.

The credentials have been leaked, not from government systems, but from the use of these government email addresses for the officers’ personal and non-official purposes. “Officers have been reminded not to use government email addresses for such purposes, as part of basic cyber hygiene,” the spokesperson said.

“As an immediate precautionary measure, all officers with affected credentials have changed their passwords,” the spokesperson added.

Group-IB found that about 3,689 unique records comprised of emails and passwords related to Singaporean government websites accounts were involved in massive public data breaches in 2017-2018.

The report also revealed that 19,928 of Singaporean banks’ cards showed up for sale in the dark web in 2018 and found hundreds of compromised government portals’ credentials stolen by hackers throughout the past two years.

The number of leaked cards increased in 2018 by 56%. The total underground market value of Singaporean banks’ cards compromised in 2018 is estimated at nearly $640,000, Group-IB added.

Group-IB’s Threat Intelligence team noted that there were two abnormal spikes in Singaporean banks’ dumps, unauthorized digital copies of the information contained in the magnetic stripe of a payment card, offered for sale on the dark web in 2018.

The first one occurred on 20 July, when almost 500 dumps related to top Singaporean banks surfaced on one of the most popular underground hubs of stolen card data, Joker’s Stash. On average, the price per dump in this leak was “relatively high” and kept at $45. The high price is due to the fact that most of the cards were premiums, Group-IB added.

Another significant breach happened on 23 November when the details of 1,147 Singaporean banks dumps were set up for sale on cardshops. The seller wanted $50 per item as 50% of stolen cards in the batch were also marked as Premium.