The website liiketoimintasuunnitelma.com of the Finnish Enterprise Agency in Helsinki, Helsingin Uusyrityskeskus, has been a target for data break-in. In this data break-in around 130,000 users' usernames and passwords in clear text were revealed. It is possible that other confidential information has also been revealed. This data leak is the third largest in Finland in terms of the number of user accounts.
Revealed information
At least the following information has been stolen:
- The user’s username
- The user’s password in clear text
As the passwords are in clear text, the party being aware of the passwords can use them immediately. A good practice in the maintenance of services is to save the passwords as a cryptographic hash, in which case the attacker would have to put considerable extra effort to exploit them.
The hacked service is meant for making business plans, and the information leaked may also include details of the business plans.
There is currently no information indicating that the revealed information could be read by anyone on the internet. However, it is likely that the revealed information has spread among cyber criminals.
Helsingin Uusyrityskeskus website is currently closed.
Target group of the alert
Persons having used the service liiketoimintasuunnitelma.com.
Possible solutions and restrictive measures
Change your passwords immediately, if you currently have the same password for liiketoimintasuunnitelma.com as for another data system or online service.
For each data system or online service, use a password that you have not used before in other systems or services.
Use long passwords or passphares. The username should not be composed only of words that can be found in dictionaries.
Do not reveal your password to others. Make sure that your password is never accessible to others on a note or an IT device.
More Information
- Helsingin Uusyrityskeskuksen käyttäjätietoja vuotanut mittavan tietomurron yhteydessä (pdf)(External link)(Helsingin Uusyrityskeskuksen lehdistötiedote 6.4.2018) (in Finnish)
- Liiketoimintasuunnitelma.com-palvelu joutui tietomurron kohteeksi (External link) (Tietoturva nyt! 6.4.2018) (in Finnish
Update history
09.04.2018 time 10:44 Julkaistu