Sweden's Digital ID System Hacked, Public's Data Sold on Dark Web
10 hours ago
- #cybersecurity
- #digital-identity
- #data-breach
- A hacker group named ByteToBreach leaked sensitive source code related to Sweden's national digital identity system, BankID.
- The leaked data includes source code, passwords, and encryption keys tied to systems supporting BankID logins for the Swedish Tax Agency.
- BankID is used by over 8.6 million Swedes for banking, taxes, government services, and digital signatures, making it a critical single point of failure.
- The data was initially posted on the dark web forum Breached before the site was taken offline in a cybersecurity operation.
- Reports suggest that databases containing personal data and electronic signatures of Swedish citizens are circulating among cybercriminals.
- CGI, the company involved, confirmed the breach but downplayed its impact, stating it only affected internal test servers with older source code.
- Cybersecurity experts warn that even test environment breaches can provide attackers with insights to exploit live systems.
- The incident raises concerns about the risks of centralized digital identity systems, especially after a previous DDoS attack on BankID.
- Critics argue that centralized systems like BankID create systemic vulnerabilities, impacting entire populations during outages or breaches.