The Finnish Enterprise Agency for Helsinki on Friday revealed that its web-based service for creating and developing business plans, liiketoimintasuunnitelma.com, has been hacked, compromising the login credentials of roughly 130,000 users.
The data breach is therefore believed to be one of the largest to date in Finland.
“The service targeted in the hacking was intended for creating business plans, and the leaked information may also include details of the business plans,” reads a press release from the Enterprise Agency for Helsinki.
An investigation into the hacking has been opened at the Helsinki Police Department. Neither the enterprise agency nor the police department, however, is yet able to provide further information on the extent of the data breach.
The hacking was detected during a routine monitoring operation by the National Cyber Security Centre (NCSC-FI), a centre operating under the Finnish Communications Regulatory Authority (FICORA). FICORA points out in its press release that the leaked credentials can be exploited immediately because they were not encrypted.
“A good practice in the administration of services would be to store passwords as cryptographic digests – or hashes – to make it more difficult for the attacker to take advantage of them,” states FICORA.
Jarmo Hyökyvaara, the board chairman at the Enterprise Agency for Helsinki has voiced his regret about the data breach.
“We cannot unfortunately say yet exactly how many people and what kinds of data this affects. We have filed a criminal complaint, and our customers do not have to file a separate report with the police,” he tells.
“The maintenance and data security of our service was the responsibility of a subcontractor that has been a long-term partner for us. The data security of the service unfortunately was not good enough to prevent an attack such as this. This was partly our mistake, and as the purchaser and owner of the service we accept our share of the responsibility,” adds Hyökyvaara.
The Finnish Enterprise Agency for Helsinki is an independent organisation providing a variety of business counselling services for the City of Helsinki. The hacked online service is part of the service package provided to the city.
Aleksi Teivainen – HT
Photo: Heikki Saukkomaa – Lehtikuva
Source: Uusi Suomi