Scammers ‘Telephoning MPs To Obtain Passwords’

Scammers have telephoned MPs in an effort to obtain their passwords to the parliamentary network, Parliament’s digital service has confirmed.

The scam calls follow a sustained attack two weeks ago that forced administrators to lock users out of their accounts on the network, which is used by all MPs, including the prime minister, to interact with constituents.

Scam calls

It has now emerged that in the week week following the network attack scammers telephoned MPs and tried to obtain their passwords.

In an alert sent to the network’s users last Thursday, Parliament’s digital service warned that the callers identified themselves as being official staff helping remediate the earlier attack, according to a report by The Telegraph.

“This afternoon we’ve heard reports of parliamentary users being telephoned and asked for their parliamentary username and password,” the alert reads. “The caller is informing users that they have been employed by the digital service to help with the cyber attack. These calls are not from the digital service. We will never ask you for your password.”

Parliament confirmed the incident in a separate statement.

“On Thursday afternoon a small number of parliamentary users were telephoned and asked for their parliamentary username and password by a caller claiming to be employed by ‘Windows’ on behalf of the Parliamentary Digital Service to help with the cyber attack,” Parliament stated. “No usernames or passwords were disclosed in these calls.”

Network attack

The network attack involved bombarding the network with login attempts in an effort to crack weak passwords. It was first detected on Friday, 23 June and continued over the weekend.

In response Parliament’s network administrators were forced to temporarily bar all remote access from outside the Palace of Westminster for the 9,000 accounts on the network.

An alert set to users by Parliament’s digital service described the incident as a “sustained and determined attack on all parliamentary user accounts in an attempt to identify weak passwords” and “gain access to our emails”.

On the following Monday Parliament issued a statement confirming that a number of accounts had been successfully compromised “as a result of the use of weak passwords”.

It specified that the something fewer than 90 accounts had been compromised, saying “fewer than 1 percent” of the 9,000 accounts were successfully cracked.

Parliament hasn’t yet disclosed whether any data was lost in the incident, saying its investigation is ongoing.


“As they are identified, the individuals whose accounts have been compromised have been contacted and investigations to determine whether any data has been lost are under way,” Parliament stated.

LinkedIn breach

Late last month it was reported that security credentials belonging to tens of thousands of government officials, including 1,000 MPs and parliamentary staff, 7,000 police employees and more than 1,000 Foreign Office staff were sold or swapped on Russian-language hacking sites following a large-scale data breach at professional social network LinkedIn in 2012.

The breach led to hacks on the accounts of a number of high-profile figures, including Facebook founder Mark Zuckerberg, who had used their LinkedIn passwords on other accounts.

A government spokesperson described the incident as “historic” and noted that LinkedIn had advised users to change their passwords in 2012 and again last year, when it emerged that the data was being sold by criminals.

Do you know all about security in 2017? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago