Some details in the story are missing. First, it is unclear whether the stolen credentials were ever successfully used. That would give access to personal data, something that is not specified. That’s likely because the site was separately reported to be using multi-factor authentication (MFA), an additional barrier to attack that all public-facing government websites now use. Depending on how cunning the attackers were, a deep compromise could have left an intelligence trail somewhere in the log files.
The key question is who stole the information, and whether this was opportunistic or part of a larger campaign. The attack is believed to have been carried out by criminals linked to the Russian government, although evidence of these links remains sketchy.
However, if Russian intelligence did gain, it was incredibly sloppy to allow information to be posted on a dark web where they must have known the loss would eventually be discovered.
Source link