Members of the Brussels parliament were at each other’s e-mailboxes login because new passwords a easy-to-guess structure had; they consisted of the initials of the parlementari lwa r and a standaardwoord.
Who is the name of a Brussels-based fellow parliamentarian knew, could log into his or her e-mail account. Vice-president Robert Herzeele of the ict-centre of the Brussels-capital Region confirms. The problem occurred with the switch to Microsoft Exchange, according to Herzeele.
A member of the sp.a, Elke Roex, brought the vulnerability to the outside via Twitter. The password consisted of the first letter of the surname, the first letter of the first name and a common word, that every password is the same. Roex logged as evidence in the mailbox of a colleague of the same group.
“The password was not random enough,” acknowledges Herzeele. “But it was about a new e-mail boxes, which were empty.” When the problem was discovered, all the new e-mail accounts blocked and, the passwords were replaced. The members of parliament get a letter with a new password.
There could also be external be logged onto the mailboxes, acknowledge Herzeele; the parliamentarians can webmail use. Someone evil wanted to, had to, however, the structure of the password to know.
“It went to six hundred mailboxes, of which four hundred are used,” says Herzeele. A large part of it consisted of parliamentarians, but there were also mailboxes of the employees of the parliament. According to Herzeele is the first time that such an error is committed when an e-mail migration. “In the past few years we have been to 10,000 e-mail addresses migrated,” he says.
The Brussels parliament is one of the three regional parliaments. In addition to the Brussels-capital region, which consists of nineteen municipalities, Flanders and Wallonia separate regions.