SINGAPORE: The logins and passwords of about 50,000 Singapore government email accounts were found in “illegal data banks” in January but most were outdated or "bogus addresses", said authorities on Thursday (Mar 21).
“GovTech was alerted to the presence of email credentials in illegal data banks in Jan 2019. These credentials comprise email addresses and passwords provided by individuals,” said a spokesman from the Smart Nation and Digital Government Group.
READ: Singapore health system hit by ‘most serious breach of personal data’ in cyberattack; PM Lee's data targeted
About 50,000 of the compromised details were government email addresses, the spokesman added, but only 119 of the addresses were still being used. The rest were "either outdated or bogus addresses", he said.
According to Russian cybersecurity firm Group-IB, the compromised credentials involved accounts from the Ministry of Education (MOE), Ministry of Health (MOH), Singapore Police Force, as well as the National University of Singapore.
"As an immediate precautionary measure, all officers with affected credentials have changed their passwords," the spokesman for the Smart Nation and Digital Government Group said.
No other information was leaked except for the email address and password.
The spokesperson added that the credentials were not leaked from the government systems, but from the use of these addresses for the officers’ personal and non-official purposes.
READ: Commentary: Deterrence, retaliation and arms control - a guide to tackling information warfare
"Officers have been reminded not to use government email addresses for such purposes, as part of basic cyber hygiene," the spokesman said.
In response to Channel NewsAsia's queries, the Singapore Police Force said that based on a review of the compromised credentials, no user information and passwords which are used for accessing police systems were compromised.
"Only the user information and password of one employee from the POLWEL Co-operative Society Limited was affected, and his account has been disabled. POLWEL’s computers are not linked to police’s systems," the police added.
Group-IB also said in their press release that it detected 19,928 compromised payment cards related to Singapore banks on the dark web last year. This was a 56 per cent jump from the year before.
The firm added that underground market value of Singapore's bank cards last year was about S$640,000.
Singapore's health ministry has been hit with four IT-related incidents in the past nine months, including the SingHealth cyberattack last June which saw the health records of 1.5 million Singaporeans stolen.