Britain’s Parliament was investigating a “sustained and determined” cyberattack on its email user accounts Saturday.
Parliamentary officials said the attack seemed designed to identify weak email passwords.
As a precaution, remote email access for MPs was disabled, said a statement released by the House of Commons.
“Earlier this morning we discovered unusual activity and evidence of an attempted cyberattack on our computer network,” an email sent by parliamentary officials to those affected said. “Closer investigation by our team confirmed that hackers were carrying out a sustained and determined attack on all parliamentary user accounts in an attempt to identify weak passwords.”
It was not immediately clear how many people were affected or what the extent of the damage was. The National Cyber Security Center and the National Crime Agency were investigating.
Liam Fox, Britain’s international trade secretary, told ITV News the attack was “a warning to everyone. We need more security and better passwords. You wouldn’t leave your door open at night.”
Passwords for sale?
The incident followed reports in the past few days in British media that hackers were selling MPs’ passwords online.
“We’ve seen reports in the last few days of even Cabinet ministers’ passwords being for sale online,” Fox said. “We know that our public services are attacked, so it’s not at all surprising that there should be an attempt to hack into parliamentary emails.”
Just over a month ago, a massive global cyberattack disrupted Britain’s health care services and targeted vital computer systems in as many as 100 other countries.
It appeared to be the biggest cyberextortion attack in history and exploited a vulnerability in Microsoft Windows that was identified in leaked documents by the U.S. National Security Agency earlier this year.
The hackers attempted to trick victims into opening malicious attachments to spam emails by saying they contained invoices, job offers, security warnings and other seemingly legitimate files.
The extortionists then demanded payments of $300 to $600 to restore access once computers were crippled by the scam. Cybersecurity firms said criminal organizations were probably behind the attack.