Outdated Password Compromises Poland’s Military Secrets
A Leak of Three-Year-Old Password Exposes Highly Sensitive Military Information, Including Detailed Port Map and Warsaw Evacuation Plan, According to Local Media.
A recent cyber mishap in Poland serves as a reminder of the importance of regularly updating passwords, as advised by security experts. Polish media reports indicate that attackers have made public a three-year-old email conversation, which contained login and password details to a sensitive database.
In a concerning incident, an employee of ESRI Poland, a local branch of ArcGis, a US-based map-creating software developer, inadvertently shared access details to a crisis scenario presentation stored in the ArcGIS cloud database via email. The email contained plaintext credentials, posing a significant security risk. Adding to the gravity of the situation, journalists from OKO.press, a Polish investigative journalism outlet, discovered that the password enclosed in the email, originally sent in 2020, remained valid until as late as May 5th, 2023. This discovery suggests that the account owners were unaware of the breach for an extended period of at least three years. The incident underscores the importance of robust security practices, including regular password updates and vigilant monitoring of sensitive databases.
OKO.press reports that the leaked email contained a significant amount of highly sensitive data. This included ERSI’s client list, which encompassed notable entities such as the Polish border guards, police, special forces, and military intelligence service, among others. Additionally, the leaked password granted access to a detailed plan of the naval port of Gdynia, featuring distinctive markings of the facilities present at the location. In addition to the aforementioned sensitive data, the leaked email also contained military overlays, which are maps used by armed forces to coordinate plans, as well as detailed diagrams of the local power grid. Furthermore, it included an analysis of a potential crisis scenario, specifically a flood in Warsaw.
Remarkably, the leaked password remained functional for several hours after the confidential email was made public on a Telegram account called “Poufna Rozmowa” (Confidential Conversations). The account is reportedly associated with UNC1151 attackers, who are believed to have connections with the Belarusian government and are notably known for their involvement in the Ghostwriter campaign. UNC1151 is suspected of maintaining close cooperation with Russian special forces.
Since 2021, Poufna Rozmowa has been continuously leaking the personal correspondence of Michał Dworczyk, who served as the Chief of the Chancellery of the Prime Minister of Poland at the time. The recently leaked email, containing sensitive information, was part of the same collection of stolen correspondence that Poufna Rozmowa has been publishing.