TALLINN - The incident response department (CERT) of the Estonian Information System Authority (RIA) notified about 200,000 Estonians through their employers about the leaking of their social media passwords, news portal of the public broadcaster ERR reports.
According to Klaid Magi, the head of CERT, it was previously known that the passwords leaked as hashes, or in an encrypted form, then on Wednesday RIA discovered that the passwords had also been cracked.
"We received information a year or a year and a half ago that the passwords had leaked, and at that time we notified all organizations that the hashes had been leaked and that we have to be ready for a bad person cracking the hashes and getting hold of the real passwords. We called on all people to change their passwords," Magi said.
He added that on Wednesday RIA discovered that someone had indeed cracked all the passwords.
According to Magi, CERT now notified again all the companies and organizations whose email address ends with .ee, which amounts to nearly 200,000 persons, and asked them to notify their employees.
But CERT's warning will not reach people whose username cannot be associated with Estonia, therefore the number of leaked passwords can even be greater than 200,000.
CERT advises all people who want to check whether their passwords have leaked to visit the website haveibeenpwned.com. CERT also continues to advise people to regularly change their account passwords, because when the password of one website leaks and a person uses the same password on other sites, criminals will get access to other accounts as well.