This article is more than 1 year old
MoD-founded firm Niteworks loses login creds of UK defence folk
Company is sorry for the 'inconvenience'
Exclusive Terrible infosec practices at Niteworks, the MoD-established business networking organisation, have led to unknown attackers gaining email addresses and passwords of British defence community members.
An email seen by The Register, sent to Niteworks' network members, confessed that "the database holding the login information for the members' area in the niteworks.net website has been attacked, and several false accounts were set up."
The organisation's contract with the MoD was recently extended to 2018, which stated that the Nitteworks partnership comprises "more than 150 organisations including the MOD, Dstl, large defence primes, broader suppliers, research establishments and specialists."
People from these organisations are all now being asked to re-register with the site.
Niteworks' email also admitted it was "likely that the attacker's access to the database gave them visibility of the email address and password you set up when you created your account" suggesting that this information was stored in plain, unencrypted text – an inexcusable security failure, all the more shocking considering the sensitivity of the companies Niteworks is working with.
When the site is back up we will be asking you to recreate your account if you still wish to have access; in the meantime, however, if you have used the same combination of email address and password for any other purpose you are strongly advised to change that password as soon as possible.
You should also be alert to the increased possibility of phishing attacks aimed at the email address you used to register with niteworks.net.
Niteworks' email claimed: "While there is no classified or commercially sensitive information held in the members' area, the site has been taken offline while we investigate and rectify the breach."
An MoD spokesman told The Register: "We have been made aware of an issue with the Niteworks website, however no HMG sensitive information has been compromised."
The Register has contacted Niteworks will update this article if we receive a response from them. ®