CERT Estonia, the organization responsible for the management of security incidents in .ee computer networks, informed nearly 200,000 Estonians via their employers that their social media passwords had been leaked. According to RIA, a database was created in Dark Web, containing 1.4 billion user information and a password in the open form. The database also contains email addresses with more than 190,000 ending in .ee.
For each institution, CERT sent a list of individual email addresses. “For example, if there were people from national broadcasting, let’s say firstname.lastname@example.org, then we sent information to the head of ERR’s information security that the passwords of these people have leaked.” explained Mägi.
The number of Estonians at risk is much bigger, since most of the personal e-mail accounts are not using .ee domain. Some Good Samaritan could instead send out direct warning e-mails to all of the addresses in the database.