Warsaw police detained a 27-year-old suspected of breaking into the Trusted Profile. As the spokesman of the capital city police informs, the man will answer that he entered the accounts of 239 people without authorization and shared the obtained login data with others. – Such a situation would not take place if the users of websites used different passwords for different accounts – the police points out.
Officers of the Cybercrime Department of the Warsaw Police Headquarters, together with CERT Polska, a team established to respond to incidents that violate security on the Internet, determined that the 27-year-old hacked into the Identity Provider System for the accounts of at least 27 Trusted Profile users.
– The man was detained in his home in Wola Krzywiecka in the Podkarpacie region. During the search, the police secured the laptop from which the hacking attack was carried out, hard drives, pendrive, modem, router and SIM card. During a thorough computer check, the officers revealed numerous databases of logins and passwords as well as software used as a so-called hacking tool – reports Sylwester Marczak, spokesman of the Warsaw Police Headquarters. And he adds that during the interrogation the 27-year-old admitted to attacking the Trusted Profile.
– The police found that the man was also responsible for a similar hacking attack on the accounts of 212 (other) Trusted Profile users, which took place from August 2 to 4. This information was confirmed by the Department of Supervision over Legalization Systems of the Chancellery of the Prime Minister, informs Marczak.
Charges and arrest
The 27-year-old has already heard the accusation. – It concerns the fact that without authorization, bypassing security, he hacked the account of a Trusted Profile 239 people without their knowledge and consent, and made available to other people illegally obtained data for logging in on the platform he created – says the KSP spokesman.
At the request of the District Prosecutor’s Office in Warsaw, the man was temporarily arrested for two months. He is facing a sentence of up to eight years in prison.
– Such a situation would not take place if the users of websites used different passwords for different accounts. In this case, all services used the same credentials. The security of accounts on websites can also be improved by using multi-factor verification, which additionally confirms the identity of the person logging in to the website – emphasizes the policeman.
Main photo source: KSP