Freelance security consultant Dan Egerstad posted online the usernames and passwords for more than 100 email accounts at embassies and governments worldwide, Computer Sweden reprorts. With the passwords, anyone can access the accounts.
Egerstad posted the names of the embassies and governments, addresses to e-mail servers, usernames and passwords, including the foreign ministry of Iran, the Kazakh and Indian embassies in the U.S. and the Russian embassy in Sweden.
"I did an experiment and came across the information by accident," Egerstad said.
Computer Sweden confirmed that the login details for at least one of the accounts is correct. Egerstad forwarded an e-mail sent on Aug. 20 by an employee at the Swedish royal court to the Russian embassy. The person who sent the e-mail, in which she declines an invitation to the Russian embassy, has confirmed that she sent the e-mail.
"Yes, that is right. We did decline the invitation. As far as I can remember I did send the e-mail," she said.
Ten of the compromised accounts belong to the Kazakh embassy in Russia. Around 40 belong to Uzbeki embassies and consulates around the world.
"I hope this makes them take action. Hopefully, faster than ever before, and I hope they become a bit more aware of security issues," Egerstad says.