The work related e-mail addresses of numerous senior Estonian state officials and their cloud service passwords have been leaked via Dropbox, it appears from the overview of cyber security incidents in September compiled by the cyber security service of the Estonian Information System Authority (RIA).
A database of user accounts stolen from the cloud service of Dropbox, containing data on 68 million users, has become available on the internet, RIA said.
An analysis of the data by the RIA cyber security service revealed that it contains info about the Dropbox accounts of a large number of Estonian officials and employees of vital institutions who had used their work e-mail addresses for entering the cloud service, in many cases using passwords with a low level of protection.
Hence the leaked data made it possible to attack the work related e-mail accounts of these individuals and the institutions connected with them. Since the data was stolen already some time ago, the passwords may have been be cracked by now and the accounts taken over. RIA continues the analysis and will inform the security managers of the institutions about its findings.